This question already has answers here:
How can I with mysqli make a query with LIKE and get all results?
(2 answers)
Closed 5 years ago.
I created code for select query for MySQL in PHP.
The code:
$vericek4 = $baglanti2 -> prepare ("select no from urunlist where urunad like '%?%'");
$vericek4 -> bindParam(1, $aramayss);
$vericek4 -> execute();
$satirsay2 = $vericek4 -> rowCount();
I have data in $aramayss. But $satirsay2 is null.
It "works". It just doesn't do what you expect. The ? is in a string, so it is not substituted with the parameter value.
You can construct the like pattern using concat():
select no from urunlist where urunad like concat('%', ?, '%')
Alternatively, add the wildcards in PHP, and just use:
select no from urunlist where urunad like ?
Related
This question already has answers here:
How do I create a PDO parameterized query with a LIKE statement?
(9 answers)
Closed 1 year ago.
I have the following statement set up. I have replaces a long list of columns with * to make this more readable. FYI - I already know that there are questions similar to this. They use SINGLE select statements with a SINGLE parameter. Somehow this is different.
$sql = <<<EOM
SELECT *
FROM table1
WHERE StreetName like '%:StreetName_Coml%'
UNION
SELECT *
FROM table2
WHERE StreetName like '%:StreetName_Coms%'
UNION
SELECT *
FROM table3
WHERE StreetName like '%:StreetName_Farm%'
UNION
SELECT *
FROM table4
WHERE StreetName like '%:StreetName_Land%';
EOM;
$p = $db->prepare($sql);
$StreetName = 'tree'
$p->bindValue(':StreetName_Coml', $StreetName);
$p->bindValue(':StreetName_Coms', $StreetName);
$p->bindValue(':StreetName_Farm', $StreetName);
$p->bindValue(':StreetName_Land', $StreetName);
$p->execute();
$data = $p->fetchAll(PDO::FETCH_ASSOC);
The query runs, with no PHP errors. But I am getting no results back. I should be getting back 100's of rows. When I run the same query in my database browser I get 100's of rows. There is something in how the parameters are being bound that is not working.
I have tried the following:
bindParam instead of bindValue
moving the '%' from the SQL statement and into $StreetName. So instead of 'tree' it is '%tree%'
using a CONCAT statement like "WHERE StreetName like CONCAT('%',:StreetName_Land,'%')
and various mix and matching of the above.
What am I missing?
Put the percent signs in the bind, so your SQL is like this, unqouted:
WHERE StreetName like :StreetName
And then your binds are like this:
$p->bindValue(':StreetName', '%' . $StreetName . '%');
This question already has answers here:
pdo prepared statements with wildcards
(2 answers)
How to bind LIKE values using the PDO extension?
(7 answers)
How do I create a PDO parameterized query with a LIKE statement?
(9 answers)
PHP PDO & SQL Search wildcard bind parameters
(1 answer)
Using named parameters with PDO for LIKE
(1 answer)
Closed 4 years ago.
I've been trying to replace the value in '%:value%' when I use the LIKE operator in my query.
I have also tried using CONCAT() but that didnt work either.
$query = "SELECT *
FROM books
WHERE title LIKE '%:title%'";
...
...
statement->bindValue(':title', $title, PDO::PARAM_STR);
:title should be replaced with the variable $title but it doesnt. The query is working fine but the :title just doesnt get replaced.
You probably want :
$query = "SELECT *
FROM books
WHERE title LIKE CONCAT( '%', :title, '%')";
...
...
statement->bindValue(':title', $title, PDO::PARAM_STR);
The bind parameter should be used as a litteral string. CONCAT can be used to concatenate the parameter with percent signs on both ends.
Did you try using concat() like this?
SELECT *
FROM books
WHERE title LIKE CONCAT('%', :title, '%')
This question already has answers here:
Use an array in a mysqli prepared statement: `WHERE .. IN(..)` query [duplicate]
(8 answers)
How can I bind an array of strings with a mysqli prepared statement?
(7 answers)
Closed 11 months ago.
I have a select where I need to scan a table to get results:
where (p.user in (select f from fl where user =? and block=0))
This table is a big table with more than 1 million rows. And it is taking a while to read. I need to read it all the time, so I was thinking I could read it once and then just use:
where (p.user in ($variable_with_all_results))
I tried:
$stmt = $mysqli->prepare("select f from f1 where user = '1' and block = 0");
$stmt->execute();
$stmt->bind_result($variable_with_all_results);
But I cannot use this variable on the select, the mysql is not recognizing it. Any ideas?
You should be able to do what you want like this:
$stmt = $mysqli->prepare("select GROUP_CONCAT(f) from f1 where user = '1' and block = 0");
$stmt->execute();
$stmt->bind_result($variable_with_all_results);
$stmt->fetch();
Note you need to add a GROUP_CONCAT aggregation function around f in the query, this will give you a list like 1,5,6. Also you need to do a fetch on the statement to get the result into your variable.
Then you should be able to make a new query like this:
$sql = "SELECT ...
WHERE p.user in ($variable_with_all_results)";
bind_result wont work in that way, you should use bind_param().
But using IN (?) won`t do.
You will need to bind each id separately, some think like this:
$stmt->bind_param("select f from f1 where (p.user in (select f from fl where user = IN (?,?,?,?,?) and block=0))", $id1, $id2,$id3, $id4, $id5);
This answer https://stackoverflow.com/a/17228326/2271198 explain better who bind_param works
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Using LIKE in bindParam for a MySQL PDO Query [duplicate]
(2 answers)
Closed 7 years ago.
I'm trying to get PDO to return the results of a wildcard search. My code is:
$search = "%Notes%";
$result = $db->prepare("SELECT * FROM books WHERE 'name' LIKE :search");
$result->bindParam(':search', $search);
$result->execute();
while($arr = $result->fetch(PDO::FETCH_ASSOC)){
echo $arr['name'];
}
At the moment, I get a blank screen. If I run the sequel through PHPMyAdmin:
SELECT * FROM books WHERE name LIKE '%Notes%'
I get the appropriate result.
I assume it's something to do with the way I am formatting my PDO statement, I know you can't have a dynamic column name but I don't see what is going wrong?
in your query you have 'name' change that to just backticks instead of quotes
aka
$result = $db->prepare("SELECT * FROM `books` WHERE `name` LIKE :search");
you can also just remove the backticks
This question already has answers here:
How to bind LIKE values using the PDO extension?
(7 answers)
Closed 7 years ago.
I'm trying to get a PDO query running, so I'm doing:
$src = $this->conn->prepare("SELECT name, model, software FROM product WHERE
model LIKE '%:search_string%' OR
name LIKE '%:search_string%' OR
software LIKE '%:search_string%'");
$src->bindParam(':search_string', $search_string);
$src->execute();
return $src->fetchAll();
But when I var_dump this, I always get an empty array ( [] ). However, if I change it to just "SELECT name, model, software FROM product", I get all of the products, just as expected, so how am I using the LIKE clause wrong? Or am I doing this completely wrong?
Bound parameters cannot be used in this way. You have to input it as LIKE :search_string in the prepared query, then add the percent signs in the bound value (i.e. $src->bindParam(':search_string', '%' . $search_string . '%');).
See also this comment on PDOStatement::bindParam.