PHP / PDO : SQl to find row which contains a string value

Question

I try to make a request to find rows which contains a specific String value.

Here is an extract of my code :

// Getting motscles value
        $motscles = $_POST['motscles'];

        // Prepare a second SQL request to get all annonces posted by the user
        $result2=$connexion->prepare("select * from annonces where titre LIKE = '%".$motscles."%' ");

I have no result, and i think my request is bad ..

Remove the equals sign after the LIKE keyword; that's invalid syntax. — spencer7593, Jun 13 '14 at 13:50
Oh, and you're currently open to [SQL Injection](http://security.stackexchange.com/a/25710/3396). You appear to be something capable of using [prepared statements](http://stackoverflow.com/a/60496/812837), so **do so**, or suffer the consequences. — Clockwork-Muse, Jun 14 '14 at 01:05

score 6 · Answer 1 · answered Jun 13 '14 at 13:54

6

In addition @abhik's answer If you prepare do it properly

$stmt=$connexion->prepare('select * from annonces where titre LIKE ?');
$result2=$stmt->execute(array('%'.$motscles.'%'));

answered Jun 13 '14 at 13:54

meda

45,103
14
92
122

score 3 · Accepted Answer · answered Jun 13 '14 at 13:48

3

LIKE =

Thats not correct, it should be -

LIKE  '%".$motscles."%'

Check here the like wild-card usage

http://dev.mysql.com/doc/refman/5.0/en/string-comparison-functions.html#operator_like

answered Jun 13 '14 at 13:48

Abhik Chakraborty

44,654
6
52
63

PHP / PDO : SQl to find row which contains a string value

2 Answers2

Linked