How to escape 'LIKE' statement in custom PDO query

Question

I have a custom OOP query object with prepared statements that I use for MySQL queries. The problem is that I have a LIKE statement that will not allow me to insert data using a prepared statement.

How can I escape the data in this scenario? Here's my code:

$search_q = !empty($search) ? "AND `title` LIKE '%?%'" : "";
$items = DB::fetch("SELECT `title` FROM `products` WHERE `active` = 1 $search_q;", array($start));

score 4 · Accepted Answer · answered Apr 28 '15 at 06:31

You need to put the wildcard match characters in the placeholder, not in the query, so instead of doing:

$search = 'find this string';
$db::query("SELECT ... FROM table WHERE col LIKE '%?%' ");

You do:

$search = '%find this string%';
$db::query("SELECT ... FROM table WHERE col LIKE ? ");

score 0 · Answer 2 · edited May 23 '17 at 10:24

0

First result in Google serp

$query = $database->prepare('SELECT * FROM table WHERE column LIKE ?');
$query->execute(array('value%'));
while ($results = $query->fetch())
{
    echo $results['column'];
}

edited May 23 '17 at 10:24

Community

1
1

answered Apr 28 '15 at 06:37

Chris

1,140
15
30

Yes, however as shown above my DB object isn't structured like that. – mightyspaj3 Apr 28 '15 at 06:40

How to escape 'LIKE' statement in custom PDO query

2 Answers2