i just want a direct answer and explanation why my prior query works but the latter does not..
here is the query that works just fine:
$sql = "SELECT * FROM productslist WHERE brand LIKE ?";
and this doesn't work at all and just returns an error:
$sql = 'SELECT * FROM productslist WHERE brand LIKE "%'.$search_string.'%"';
can someone please explain me why the latter query doesn;t work at all?
thanks in advance..
I tested the query with a table on my own DB. worked fine... I used a constant
Try mysqli_real_escape_string:
$search_string = mysqli_real_escape_string($conn, $search_string);
$sql = 'SELECT * FROM productslist WHERE brand LIKE "%'. $search_string .'%"';
Try this with PDO (Edit: Including PDO connection string since he didn't specify if he was using PDO) -
$dbh = new PDO("mysql:hostname=$your_server;dbname=$database_name, $username, $password);
$sql = "SELECT * FROM productslist WHERE brand LIKE :search";
$query = $dbh->prepare($sql);
$query->bindValue(":search", "%$search_string%");
$query->execute();
$result = $query->fetchAll(PDO::FETCH_ASSOC);
