LIKE with PHP variables

Question

So, I'd like to use the LIKE operator in a SQL query with a php variable. Basically I need to check if 'serie_nb' begins with the number contained by the variable $bloc.

Here is my code:

public function getSeriesCount($bloc){
    $like = (String)$bloc . '_';
    $query = 'SELECT COUNT(*) AS countSeries FROM projet_web.series WHERE serie_nb LIKE ' . $like;
    $result = $this->_db->query($query);
    $countSeries = 0;
    if ($result->rowcount() != 0){
        $countSeries = $result->fetch();
    }
    return $countSeries;

}

And here is the error I get (which is caught when the query is executed):

Uncaught PDOException: SQLSTATE[42S22]: Column not found: 1054 Unknown column '2_' in 'where clause'

I don't really see why I get that error...

Thanks for the help !

Answer 1

The issue with your statement is the use of quotes, you need to view this so question on how to use the quotes : When to use single quotes, double quotes, and backticks in MySQL

the value in the $like within the where clause is read as a colomn name because you did not wrap your $link string in quotes.

The best and simple straight forward solution is to use prepared statements,

public function getSeriesCount($bloc)
{
    $like = (String)$bloc . '_';
    $query = 'SELECT COUNT(*) AS countSeries FROM projet_web.series WHERE serie_nb LIKE  ? ';
    $stmt  = $this->_db->prepare($query);
    $stmt->execute([$like]);

    $countSeries = $stmt->fetchall();

    if (count($countSeries) > 0) {

        return $countSeries;
    }


}
?>