2
$percent = ‘%’;
$st=$db->prepare(“SELECT * FROM x WHERE y LIKE ?”);
$st=$st->execute(array(‘%’.$percent.’%’)); /*I want to get all records with the string % included like 5% etc.*/

The above example will not match correctly, instead matching all records in table x. In order for this to work correctly, I apparently need to set $percent='\%'.

This is where I am left confused about the concept behind prepared statements. I thought the whole point of prepared statements was that the value itself( $percent) would simply be interpreted as a string instead of a special wildcard character. I would appreciate any feedback.

Thanks in advance

Aldwoni
  • 1,168
  • 10
  • 24
user2530844
  • 39
  • 6
  • possible duplicate of [How to escape literal percent sign when NO\_BACKSLASH\_ESCAPES option is enabled?](http://stackoverflow.com/questions/5020130/how-to-escape-literal-percent-sign-when-no-backslash-escapes-option-is-enabled) – kero Feb 26 '14 at 02:45
  • I love stackoverflow. Local ochlocracy is strong with deleting answers... but too weak with providing them :) – Your Common Sense Mar 01 '14 at 08:55
  • please don't use microsoft word style quotes in code – 111 Jan 28 '21 at 05:33

1 Answers1

-1

In the PDO tag (info) you will find the correct procedure for using wildcards in parameters. PDO Tag

Then you can escape % in the parameter. 

$percent = '%\%%';//Escape % within % wildcards
.......
$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
.........
$st=$db->prepare("SELECT * FROM x WHERE y LIKE ?");
$st=$st->execute(array($percent’));
david strachan
  • 7,174
  • 2
  • 23
  • 33
  • More information on `ATTR_EMULATE_PREPARES` provided in this question: http://stackoverflow.com/questions/10113562/pdo-mysql-use-pdoattr-emulate-prepares-or-not – Daniel W. Feb 28 '14 at 12:35
  • @DanFromGermany how this linked question is related to this one? – Your Common Sense Feb 28 '14 at 12:39
  • @YourCommonSense When you read it, you'll understand. I'm carefully with setting those options and the other question explains more on what it is and when to turn it off. – Daniel W. Feb 28 '14 at 13:02
  • @DanFromGermany nowhere in the linked question LIKE statement even mentioned. Where I am supposed to read on it? – Your Common Sense Feb 28 '14 at 13:05
  • @YourCommonSense The other question, as I said, is related to `ATTR_EMULATE_PREPARES`. Because it is used in this answer but not explained enough, I provided additional information. – Daniel W. Feb 28 '14 at 13:07
  • ATTR_EMULATE_PREPARES has nothing to do with this question. You'd better finally understand thet – Your Common Sense Feb 28 '14 at 13:09
  • @YourCommonSense As you say ATTR_EMULATE_PREPARES has nothing to do with LIMIT. I had it set false on my test.Have edited answer probably end up deleting it when I find appropriate Duplicate – david strachan Feb 28 '14 at 13:49
  • 2
    Wayt. I got it. You just confused LIKE with LIMIT. It happens to me too, and it explains the confusion. emulation affects *LIMIT* - yes. But it is LIKE in question :) – Your Common Sense Feb 28 '14 at 13:58