8
$query = $connect->prepare("SELECT users.firstname, users.lastname, users.id 
FROM users INNER JOIN users_friends ON users.id=users_friends.uID
WHERE bID=:USER AND type =:type AND accepted = '1' AND (users.firstname LIKE '%:queryString%' OR users.lastname LIKE '%:queryString%') 
LIMIT 10");
$query->bindValue(":queryString", $queryString);
$query->bindValue(":type", $type);
$query->bindValue(":USER", $USER);
$query->execute();

This is what I have.

Im having error when I try to bindValue and then use it in the prepared statement ( %:queryString% )

Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens'

How can i solve this?

Adrian Cid Almaguer
  • 7,815
  • 13
  • 41
  • 63
Karem
  • 17,615
  • 72
  • 178
  • 278

2 Answers2

13

You should do 

"... LIKE :query ..."

and then 

$query->bindValue(":query", $queryString); //where $queryString is '%someQuery%'
Mironor
  • 1,157
  • 10
  • 25
0
public function admin_search($conn,$search_key){

$stmt = $conn->prepare("
SELECT name,criteria,description,pic from brd_det WHERE name LIKE(:n1)
                         UNION

SELECT name,criteria,description,pic from cus_det WHERE name LIKE (:n2)
                             UNION

SELECT name,criteria,description,pic from doc_det WHERE name LIKE (:n3)
                             UNION

SELECT name,criteria,description,pic from par_det WHERE name LIKE (:n4)
                             UNION 

SELECT name,criteria,description,pic from pro_det WHERE name LIKE(:n5)
                             UNION 

SELECT name,criteria,description,pic from ser_det WHERE name LIKE (:n6)
                             "); 

     for ($i=1; $i < 7 ; $i++) { 

        $stmt->bindvalue('n'.$i,'%'.$search_key.'%'); 

     }
     //
    $result=$stmt->execute();
Himal Raj Gentil
  • 1
  • 1
    Please add an explanation to your answer in order to improve it and make it easier for future readers to understand. –  Jun 01 '18 at 10:06