PHP SQL with autocomplete string searching for first name LIKE input value OR last name LIKE input value AND another query?

Question

I'm basically trying to accomplish this query with autocomplete (each keystroke triggers a query)(it's working, except last name isn't querying correctly):

$query="SELECT * FROM names WHERE (first like '" . $_POST["keyword"] . "%') OR (last like '%" . $_POST["keyword"] . "') AND year>$curr_year";

Any help is appreciated!

Answer 1

$query="SELECT * FROM names WHERE ((first like :first) OR (last like :last)) AND gradyear > :year";
$pdo = new PDO($dsn, $username, $password, $options);
$con = $pdo->prepare($query);
$con->execute([
 ':last'=> "%$_POST[keyword]",
 ':first'=> "$_POST[keyword]%",
 ':year'=>$curr_year
]);
$results = $con->fetchAll(PDO::FETCH_ASSOC);

That is how you do a prepared statement. The reason why you would want to use it is to prevent a SQL injection. You can use PDO for prepared statements.