Using LIKE in bindParam for a MySQL PDO Query

Question

I've read multiple examples on how these queries should be written but I'm struggling to get this specific like to run when using bindParam

Would this be the correct way to match usernames that begin with a?

$term = "a";
$term = "'$term%'";

$sql = "SELECT username 
        FROM `user` 
        WHERE username LIKE :term 
        LIMIT 10";      

$core = Connect::getInstance();

$stmt = $core->dbh->prepare($sql);
$stmt->bindParam(':term', $term, PDO::PARAM_STR);
$stmt->execute();
$data = $stmt->fetchAll();

Harald Brinkhof · Accepted Answer · 2012-06-17T01:41:22.913

33

No, you don't need the inner single quotes so just $term = "$term%";

The statement you're running now would try to match 'a%' instead of a%

bindParam will make sure that all string data is automatically properly quoted when given to the SQL statement.

edited Jun 17 '12 at 01:41

answered Jun 17 '12 at 01:35

Harald Brinkhof

4,375
1
22
32

2

Here is a sample code: https://gist.github.com/arsho/a203e7bc156ea566587361a76038f020 – arshovon May 20 '17 at 05:04

score 5 · Answer 2 · answered Apr 15 '19 at 01:24

You can use bindValue , suppose you are having a $query = "search string"

$stmt->bindValue(':term', $query.'%'); // this will do like search for "search term XXXXX"

similarly

$stmt->bindValue(':term', '%'.$query.'%');

or

$stmt->bindValue(':term', '%'.$query);

Using LIKE in bindParam for a MySQL PDO Query

2 Answers2

Linked

Related