PHP Binding a Wildcard

Question

Hope Somebody will help me about how I bind a parameter in mysqli when a multiple character wildcard needs to be next to the variable value. I found that it worked for me when creating a SQL statement, like this:

$sql = "SELECT item_title FROM item WHERE item_title LIKE '%$title%'";

However, I tried to bind the variable following the same pattern, and found that it failed. They used this code:

$sql = "SELECT item_title FROM item WHERE item_title LIKE '%?%'";

It raised this error:

Warning: mysqli_stmt_bind_param() [function.mysqli-stmt-bind-param]: Number of variables doesn't match number of parameters in prepared statement in program_name on line......

Can anybody tell me how fix this problem? Thank you.

Answer 1

You can bind only data literals not arbitrary query parts.
So, prepare your literal first

$var = "%$var%";
$sql = "SELECT item_title FROM item WHERE item_title LIKE ?";

Answer 2

You can do like this way:

$sql = "SELECT item_title FROM item WHERE item_title LIKE ? ";

and then

$title_new =  '%'.$title.'%';
mysqli_stmt_bind_param($stmt, 's', $title_new);    

Updated based on user's comment

To implement below SQL

 s2.subject_name LIKE '%$keyword%' OR c.city_name LIKE '%$keyword%' 

Use below MySqli statement s2.subject_name LIKE ? OR c.city_name LIKE ?

 $keyword = '%'.$keyword.'%';
 mysqli_stmt_bind_param($stmt, 'ss', $keyword, $keyword);

Answer 3

   $sql="SELECT item_title FROM item WHERE item_title LIKE concat ('%',?,'%') ";

Answer 4

have one question mark per bind variable. For example prepare(SELECT item_title FROM item WHERE item_title LIKE ? and name2 like ? and ...) The nice thing about prepared statements is that you don't need to worry about quoting the variables.

Then bind all parameters like bind_param("ss...", $param1, $param2, ....);