Using wildcards in prepared statement

Question

I'm trying to run the following query, and I'm having trouble with the wildcard.

function getStudents() {
    global $db;
    $users = array();
    $query = $db->prepare("SELECT id, adminRights FROM users WHERE classes LIKE ? && adminRights='student'");
    $query->bind_param('s', '%' . $this->className . '%');
    $query->execute();
    $query->bind_result($uid, $adminRights);
    while ($query->fetch()) {
        if (isset($adminRights[$this->className]) && $adminRights[$this->className] == 'student')
            $users[] = $uid;
    }
    $query->close();
    return $users;
}

I'm getting an error that states:

Cannot pass parameter 2 by reference.

The reason I need to use the wildcard is because the column's data contains serialized arrays. I guess, if there's an easier way to handle this, what could I do?

Answer 1

You have to pass parameters to bind_param() by reference, which means you have to pass a single variable (not a concatenated string). There's no reason you can't construct such a variable specifically to pass in, though:

$className = '%' . $this->className . '%';
$query->bind_param('s', $className);

Answer 2

Another way to do this is:

SELECT id, adminRights FROM users 
  WHERE classes LIKE CONCAT("%", ?, "%") && adminRights='student'

This is handy in case you have a dynamic result bind and only want to change the SQL query...

Answer 3

Parameter #2 must be a reference, not a value. Try

$param = '%' . $this->className . '%';
$query->bind_param('s', $param);

Answer 4

It is the same reason that happens in C++. When you pass a value to a function which expects the argument to be a reference, you need a variable ( not temporary ). So first create a variable and then pass it.