PHP PDO query not executing

Asked Sep 15 '17 at 12:25

Active Sep 15 '17 at 12:31

Viewed 34 times

I'm trying to build a search function for my database but it's not returning any results. This is what I got:

$searchQuery = $_GET[q];
$search = $conn->prepare('SELECT * FROM articles WHERE title LIKE \'%:query%\' OR content LIKE \'%:query%\'');
$search->bindParam(':query', $searchQuery, PDO::PARAM_STR);

$search->execute();
$searchResult = $search->fetchAll();

foreach($searchResult as $row) {
    print "<h2><a href=\"view.php?a=" . $row[id] . "\">" . $row[title] . "</a></h2>";
}

When I execute the SQL statement directly with $conn->query('SELECT...') it works perfectly, but not with the prepared statement. I don't get an error, it just doesn't load any results. What am I missing?

Edit: moved the wildcards from the prepared statements to the bind variable like this:

$searchQuery = '%' . $_GET[q] . '%';
$search = $conn->prepare('SELECT * FROM articles WHERE title LIKE :query OR content LIKE :query');

Works perfectly now. Thank you!

edited Sep 15 '17 at 12:31

asked Sep 15 '17 at 12:25

Besasam

In short: do not quote your parameters. Pass the wildcards in with your bindParam, not in the query itself. – aynber Sep 15 '17 at 12:27
@Fred-ii- I think you meant [Using bind parameters with LIKE](https://stackoverflow.com/questions/2722136/mysql-pdo-how-to-bind-like) – GolezTrol Sep 15 '17 at 12:27
You also need unique placeholders. Also, might want to look at full text indexing. – chris85 Sep 15 '17 at 12:29
Works perfectly. Thank you! – Besasam Sep 15 '17 at 12:30
@GolezTrol I added that one (dupe) now, thanks. This on top of the quotes in `\'%:query%\'`. – Funk Forty Niner Sep 15 '17 at 12:30
You actually need the quotes for the `%` (or add them in the bind parameter, I guess?). The misconception is that you can use parameters inside a SQL string – GolezTrol Sep 15 '17 at 12:31

PHP PDO query not executing

0 Answers0