We Keep Coding

MySQL LIKE operator in PHP [duplicate]

This question already has an answer here:
Correct way to use LIKE '%{$var}%' with prepared statements?
(1 answer)
Closed 1 year ago.
I should execute this method,
but I don't know how pass %research value as LIKE parameter in bind:
public function researchElements($research) {
$stmt = $this->db->prepare("SELECT * FROM product WHERE product_name LIKE "'%?%'"");
$stmt->bind_param('s', $research);
$stmt->execute();
$result = $stmt->get_result();
$result = $result->fetch_all(MYSQLI_ASSOC);
return $result;
}

At least you can use in your query CONCAT function like next:
$stmt = $this->db->prepare("SELECT * FROM product WHERE product_name LIKE CONCAT('%',?,'%')");
Note: if $research variable gets value '', then query will return all rows from the table.

Call to a member function bind_param() on boolean, function prepare() returns false when using placeholders [duplicate]

This question already has answers here:
Can I parameterize the table name in a prepared statement? [duplicate]
(2 answers)
Closed 5 years ago.
I try to prepare statement to sql (mysqli) in php, but there is an error code as written above. This is the code I wrote:
if (!$this->isUserExist($username, $token)) {return false;}
$tables = array();
$tables[0] = "faculty";
$tables[1] = "department";
$tables[2] = "teacher";
$tables[3] = "announcement";
$ttable = $tables[$table];
var_dump($ttable); // faculty
var_dump($id); // 6
echo "DELETE FROM ".$ttable." WHERE ".$ttable.".id = ".$id.""; //returns DELETE FROM faculty WHERE faculty.id = 6
$stmt = $this->con->prepare("DELETE FROM ? WHERE ?.id = ?"); //Fatal error occurs here
$stmt->bind_param("sss",$ttable,$ttable,$id);
//$stmt->execute();
if ($stmt->num_rows> 0) {
return "true";
} else {
return "false";
}
However if i insert exact statement without any placeholders that is shown in echo my i get no errors, and MySQL database successfully deletes row.
$stmt = $this->con->prepare("DELETE FROM faculty WHERE faculty.id = 6"); //no errors occur, executing this statement does affect row in MySQL database

The system doesn't allow to 'prepare' table names, You should do it this way
$stmt = $this->con->prepare("DELETE FROM ".$ttable." WHERE ".$ttable.".id = ?"); //Fatal error occurs here
$stmt->bind_param("s",$id);

please read this http://us3.php.net/manual/en/book.pdo.php#69304
Table and Column names cannot be replaced by parameters in PDO.
Do something like this:
$query = "DELETE FROM ".$ttable." WHERE ".$ttable.".id = ?";
$stmt = $this->con->prepare($query);
$stmt->bind_param("s",$id);

mysqli bind_param don't work php [duplicate]

This question already has answers here:
Call to a member function bind_param() on a non-object [duplicate]
(6 answers)
Closed 6 years ago.
I'm learning mysqli_. If I run the query without the bind_param it works, but if I add the bind_param my query stops working.
This is my code:
// Make a connection to database.
$user = 'test';
$sql = "SELECT * FROM `user` WHERE `user` = ?";
$querySelect = $mysqli->prepare($sql);
$querySelect->bind_param('s', $user);
$querySelect->execute();
echo 'N: '.$querySelect->num_rows.'<br>'; // Got 0, but the correct result is 1.
ERROR:
Call to a member function bind_param() on a non-object

I guess this line returns false:
$querySelect = $mysqli->prepare($sql);
try to do:
var_dump($querySelect);
in order to be sure. If return false, that means something wrong with getting data user from database (wrong table, connection, table column, ...)
but this sql is also strange:
$sql = "SELECT * FROM `user` WHERE `user` = ?";
maybe you wanted to write:
$sql = "SELECT * FROM `user` WHERE `user_id` = ?";
so, user_id instead of user or maybe only id, depends on the name of you primary key

Using PDO to search database [duplicate]

This question already has answers here:
MySQL "LIKE" search doesn't work
(2 answers)
Closed 7 years ago.
I am attempting to create a search function for my website using PDO. At the moment I send the search query through the URL and then try to fetch the results however whenever I do a var dump it returns null. I tested the query on PHP my admin and it returns around 4 results.
I use a class I created to connect to the database, this works on all my other queries.
Here is my search function
function search($query) {
$sql = "SELECT * FROM `Sweets` WHERE `Description` LIKE :search";
$stmt = $this->connection->prepare($sql);
$stmt->bindParam(':search', $query);
$stmt->execute();
$done = $stmt->fetch();
var_dump($done[0]);
}
Below is the search php my form calls as an action
<?php
// Start our connecting to our database
require('class-database-functions.php');
$database = new Database_Functions();
// Get the search value passed through $_GET
$search_query = $_GET['query'];
$search = $database->search($search_query);
?>

Try this
$sql = "SELECT * FROM `Sweets` WHERE `Description` LIKE ?";
$stmt = $this->connection->prepare($sql);
$stmt->bindValue(1, "%$query%",PDO::PARAM_STR);

PHP prepared like-statement in function format? [duplicate]

This question already has answers here:
pdo prepared statements with wildcards
(2 answers)
Closed 7 years ago.
I am trying to use a like statement in the function format. I received a lot of results using mysql or pdo formats, but they didn't work for my format i have set up already. It's just not returning anything and I am not sure if this is the correct format. Here is what I have:
function search_users($namesearch){
global $db;
$query = "SELECT * FROM users
WHERE username LIKE '%:namesearch%'
ORDER BY username";
$statement = $db->prepare($query);
$statement->bindValue(":namesearch", $namesearch);
$statement->execute();
$usersearch= $statement->fetchAll();
$statement->closeCursor();
return $usersearch;
}

I'd do it like this.
function search_users($namesearch){
global $db;
$query = "SELECT * FROM users
WHERE username LIKE ?
ORDER BY username";
$statement = $db->prepare($query);
$statement->execute(array('%' . $namesearch . '%'));
$usersearch= $statement->fetchAll();
$statement->closeCursor();
return $usersearch;
}