Hi there, I've been trying to rewrite my search engine using PDO.
So my old code looks like this:
PHP Code:

$input 
$_POST['input'];
$categories $_POST['category'];
$state $_POST['state'];
$zipcode $_POST['zipcode'];

 
$qq " SELECT * FROM classified  ";     
 
$result mysql_query($qq);
  
$rows mysql_num_rows($result);


if (
$rows>0){
$q " SELECT * FROM classified where confirm='1' ";      

if(( 
$_POST['input']!='Search')) {

    
$q .= "AND title LIKE '%".$input."%' ";
}
    
    
    if (!empty(
$_POST['search_category']) )
{
   
$q .= "AND id_cat = '" $categories"' ";

}

if (!empty(
$_POST['state']) )
{
   
$q .= "AND id_state = '" .$state"' ";

}


if((
$_POST['zipcode']!='Code postale')) {

    
$q .= "AND zipcode = '".$zip_Code."' ";
}


$q .= "ORDER BY date ";

// 
}
    
$r mysql_query($q);
    
$ro mysql_num_rows($r);

if (
$ro 0) {
  while(
$row mysql_fetch_array($r)) {
 
            echo  
$row['title'];
           echo  
$row['categories'];
           echo  
$row['state'];
           echo  
$row['zipcode'];

}
 }else{

echo 
"No data available ";   

This code is not safe the way it is (posting purposes only)

I gave it a try, but couldn't get results: Also I'm having hard time with this:
PHP Code:
if (!empty($input)) {
    
$cond[] = "title = ?";
    
$params[] = $input;

since it's not a named placeholder I couldn't figure it out:

I can't just do $input = "%$input%";

PHP Code:
$qq $db->prepare(" SELECT * FROM classified  ")or die(print_r($qq->errorInfo(), true));
    
/*** execute the prepared statement ***/
    
$qq->execute();

    
/*** echo number of columns ***/
    
$rows $qq->fetch(PDO::FETCH_NUM); 
if (
$rows>0){

$query = (" SELECT * FROM classified WHERE  confirm = '0' ");
$cond = array();
$params = array();


if (!empty(
$input)) {
    
$cond[] = "title = ?";
    
$params[] = $input;
}

if (!empty(
$categories)) {
    
$cond[] = "id_cat = ?";
    
$params[] = $categories;
}

if (!empty(
$state)) {
    
$cond[] = "id_state = ?";
    
$params[] = $state;
}    


if (!empty(
$zipcode)) {
    
$cond[] = "zipcode = ?";
    
$params[] = $zipcode;
}



if (
count($cond)) {
    
$query .= ' WHERE  ' implode(' AND '$cond)or die(print_r($query->errorInfo(), true));
}


$stmt $db->prepare($query);

$stmt->execute($params);

$ro $stmt->fetch(PDO::FETCH_NUM);
}

    if (
$ro 0) {
foreach (
$stmt->fetchAll(PDO::FETCH_ASSOC) as $row
   {

             echo  
$row['title'];
           echo  
$row['categories'];
           echo  
$row['state'];
           echo  
$row['zipcode'];
}

Thanks in advance