This question already has answers here:
MySQL "LIKE" search doesn't work
(2 answers)
Closed 7 years ago.
I am attempting to create a search function for my website using PDO. At the moment I send the search query through the URL and then try to fetch the results however whenever I do a var dump it returns null. I tested the query on PHP my admin and it returns around 4 results.
I use a class I created to connect to the database, this works on all my other queries.
Here is my search function
function search($query) {
$sql = "SELECT * FROM `Sweets` WHERE `Description` LIKE :search";
$stmt = $this->connection->prepare($sql);
$stmt->bindParam(':search', $query);
$stmt->execute();
$done = $stmt->fetch();
var_dump($done[0]);
}
Below is the search php my form calls as an action
<?php
// Start our connecting to our database
require('class-database-functions.php');
$database = new Database_Functions();
// Get the search value passed through $_GET
$search_query = $_GET['query'];
$search = $database->search($search_query);
?>
Try this
$sql = "SELECT * FROM `Sweets` WHERE `Description` LIKE ?";
$stmt = $this->connection->prepare($sql);
$stmt->bindValue(1, "%$query%",PDO::PARAM_STR);
Related
This question already has answers here:
Single result from database using mysqli
(6 answers)
Closed 5 months ago.
I am trying to get a value from column "odznak" in "users" tab for user "user01" and store it in variable $odznak (for searching in another tab.
$stmt = $conn->prepare("SELECT odznak FROM users WHERE username = 'user01'");
$stmt->execute();
$result = $stmt;
$odznak;
You need to fetch the data (say into an associative array)
On the other hand, as a good practice, please use parameterized prepared statement in your select query
So, change to:
$stmt = $conn->prepare("SELECT odznak FROM users WHERE username = ?");
$stmt->bind_param("s", 'user01');
$stmt->execute();
$result = $stmt->get_result();
$row = $result->fetch_assoc();
$odznak=$row["odznak"];
Now, $odznak is the retrieved data
This question already has an answer here:
Correct way to use LIKE '%{$var}%' with prepared statements?
(1 answer)
Closed 1 year ago.
I should execute this method,
but I don't know how pass %research value as LIKE parameter in bind:
public function researchElements($research) {
$stmt = $this->db->prepare("SELECT * FROM product WHERE product_name LIKE "'%?%'"");
$stmt->bind_param('s', $research);
$stmt->execute();
$result = $stmt->get_result();
$result = $result->fetch_all(MYSQLI_ASSOC);
return $result;
}
At least you can use in your query CONCAT function like next:
$stmt = $this->db->prepare("SELECT * FROM product WHERE product_name LIKE CONCAT('%',?,'%')");
Note: if $research variable gets value '', then query will return all rows from the table.
This question already has an answer here:
PDO fetch returns only first row
(1 answer)
Closed 2 years ago.
A table called "checks" has fields ID;email;pass;entered;firstname;lastname;trading.
The only code in this test is the DB connection and the new PDO connection made prior to these snippets. The following snippet reports correctly that there are 5 users in the table "checks".
$sql = "SELECT COUNT(*) AS num FROM checks";
$stmt = $conn->prepare($sql);
$stmt->execute();
$row = $stmt->fetch(PDO::FETCH_ASSOC);
echo '<br>' . $row['num'] . ' users exist.';
This snippet which follows immediately after the above doesn't show the expected result.
$sql = "SELECT * FROM checks";
$stmt = $conn->prepare($sql);
$stmt->execute($id);
$users = $stmt->fetch(PDO::FETCH_ASSOC);
print_r($users);
The print_r statement results in the first array being printed correctly with all fields/contents correctly displayed.
On the next line it prints only the email field contents from each row as a single string!
I'm probably missing something obvious but I just can't spot it. Help please?
PDO::fetch() returns a single row from the result set. You need PDO::fetchAll() instead.
$sql = "SELECT * FROM checks";
$stmt = $conn->prepare($sql);
$stmt->execute();
$users = $stmt->fetchAll(PDO::FETCH_ASSOC); // <--- here
This question already has answers here:
How do I create a PDO parameterized query with a LIKE statement?
(9 answers)
PDO Parameterized Query - Reuse named placeholders?
(5 answers)
Closed 4 years ago.
Following prepared statement returns no result if I try like search('samsung').
public function search($searchFor) {
try{
//connect to db
$pdo = $this->_db->connect();
//set up SQL and bind parameters
$sql = "select * from item where itemName like '%:searchfor%' or description like '%:searchfor%'";
$stmt = $pdo->prepare($sql);
$stmt->bindParam(':searchfor', $searchFor, PDO::PARAM_STR);
//execute SQL
$rows = $this->_db->executeSQL($stmt);
return $rows;
}
catch (PDOException $e)
{
throw $e;
}
}
$rows return an empty array. But if I try
select * from item where itemName like '%samsung%' or description like '%samsung%;
it returns a matched item and works as expected.
I found
$sql = "select * from item where itemName like :searchfor or description like :searchfor";
$stmt = $pdo->prepare($sql);
$stmt->bindValue(":searchfor", "%$searchFor%");
works. I had to use bindValue instead. This was a totally different issue in that the SQL was correct but I used bindParam instead of bindValue (which is the correct method), hence this is not a duplicate.
did you try to use a placeholder for the whole part of the statement?
$sql = "select * from item where itemName like :searchfor or description like :searchfor";
$stmt = $pdo->prepare($sql);
$search_string = "'%" . $searchFor . "'%";
$stmt->bindParam(':searchfor', $search_string, PDO::PARAM_STR);
Altenatively without named params:
$sql = "select * from item where itemName like ? or description like ?";
$stmt = $pdo->prepare($sql);
$search_string = "'%" . $searchFor . "'%";
$stmt->bindParam('ss', $search_string, $search_string);
As far as I remember the manual, like need to thave the whole string in the variable, not only the content to look after.
Aug
The prepared statement's placeholder tells php to treat the specific value that is passed into the placeholder, as a string. Instead of this:
$sql = "select * from item where itemName like '%:searchfor%' or
description like '%:searchfor%'";
Do this:
$sql = "select * from item where itemName like :searchfor or
description like :searchfor";
Then bind whole values into the placeholders:
$stmt->bindParam(':searchfor', '%yourkeyword%', PDO::PARAM_STR);
This question already has answers here:
Call to a member function bind_param() on a non-object [duplicate]
(6 answers)
Closed 6 years ago.
I'm learning mysqli_. If I run the query without the bind_param it works, but if I add the bind_param my query stops working.
This is my code:
// Make a connection to database.
$user = 'test';
$sql = "SELECT * FROM `user` WHERE `user` = ?";
$querySelect = $mysqli->prepare($sql);
$querySelect->bind_param('s', $user);
$querySelect->execute();
echo 'N: '.$querySelect->num_rows.'<br>'; // Got 0, but the correct result is 1.
ERROR:
Call to a member function bind_param() on a non-object
I guess this line returns false:
$querySelect = $mysqli->prepare($sql);
try to do:
var_dump($querySelect);
in order to be sure. If return false, that means something wrong with getting data user from database (wrong table, connection, table column, ...)
but this sql is also strange:
$sql = "SELECT * FROM `user` WHERE `user` = ?";
maybe you wanted to write:
$sql = "SELECT * FROM `user` WHERE `user_id` = ?";
so, user_id instead of user or maybe only id, depends on the name of you primary key