PHP mysql REGEXP Prepared Statement

Question

I am very new to MYSQL and Prepared Statements. I have a few queries that I need to change to prepared statements. The problem is with this REGEXP query:

$objects = mysql_query("SELECT * FROM $table WHERE parent REGEXP ',". 
    $item .",|^". $item .",|,". $item ."\$|^". 
    $item ."\$'") or die(mysql_error());

How do you go about converting that to a prepared statement with place holders?

You can do a prepared statement from that query w/o changing it. Try something like this: `$sql = "SELECT * FROM ? WHERE parent REGEXP ',?,|^?,|,?\$|^?\$'"` and then use it like this: `$db->prepare($sql, array($table,$item,item,item,item));` If you will choose to prepare querise using [PDO](php.net/manual/en/book.pdo.php), it will have no problems with repasing `?` with your values. Another good choice is [AdoDB](http://adodb.sourceforge.net/). — tijs, Aug 07 '12 at 16:31
Not that it will help answering your question, but it should be noted that you should stop using `mysql_*` functions. They're being deprecated. Instead use [PDO](http://php.net/manual/en/book.pdo.php) (supported as of PHP 5.1) or [mysqli](http://php.net/manual/en/book.mysqli.php) (supported as of PHP 4.1). If you're not sure which one to use, [read this SO article](http://stackoverflow.com/questions/13569/mysqli-or-pdo-what-are-the-pros-and-cons). — Matt, Aug 07 '12 at 16:32

score 1 · Answer 1 · answered Sep 13 '12 at 21:21

1

You should make use of the CONCAT function inside the prepared statement query instead of using the classic . concatenation sign for regular queries. This should do the trick :)

answered Sep 13 '12 at 21:21

Ion Vlad-Doru

311
1
4

PHP mysql REGEXP Prepared Statement

1 Answers1

Linked