PDB select with LIKE

joon1 · April 24, 2021, 12:50am

<?php

declare(strict_types=1);
error_reporting(-1);
ini_set('display_errors', '1'); 

$dbName='myDB'; 
$options = [
    PDO:: ATTR_ERRMODE                                        => PDO:: ERRMODE_EXCEPTION,
    PDO:: ATTR_DEFAULT_FETCH_MODE          => PDO:: FETCH_ASSOC,
    PDO:: ATTR_EMULATE_PREPARES                 => false,
]; 
try {  
$dbc = new PDO("mysql:host=localhost;dbname=$dbName;charset=utf8", "******", "********", $options); 
} catch(PDOException $e) {
throw new PDOException($e->getMessage(), (int)$e->getcode()); 
} 

$key='a'; 

$sql="SELECT title FROM myTable 
WHERE title like '%$key%' ORDER BY editDate DESC LIMIT 10";
$searchQ=$dbc-> prepare ($sql); 
while ($searchL=$searchQ->fetch()) {
echo $searchL['title'] .'<br>';
}

My page has the code above.
I expect the page produce the following.

Hwever, the page produce nothing.
I think my code above is NOT the PDO way with “LIKE”.

How can I produce my target result?

SamA74 · April 24, 2021, 8:36am

You prepare the statement, but you never execute it.
I don’t know where $key is coming from, but the method you use will not prevent injection, with the variable directly in the query.
Here is an example of how to use a prepared statement with a variable LIKE clause.

joon1 · April 24, 2021, 9:29am

It’s coming from $_GET[‘key’].

The code below also produces nothing but blank.

$key=$_GET['key']; 
$like='%$key%';

$sql="SELECT title FROM myTable 
WHERE title like ? ORDER BY editDate DESC LIMIT 10";
$searchQ=$dbc-> prepare ($sql);
$searchQ->execute([$like]); 
while ($searchL=$searchQ->fetch()) {
echo $searchL['title'] .'<br>';
}

Do you see what’s wrong in the code above?

Pepster64 · April 24, 2021, 12:11pm

$sql = 'SELECT title FROM myTable WHERE title LIKE :key DESC LIMIT 10'; // Set the Search Query:

$stmt = $dbc->prepare($sql); // Prepare the query:

$stmt->execute(['key' => "%" . $key]); // Execute the query with the supplied user's parameter(s):

$records = $stmt->fetchAll();

foreach ($records as $record) {
    echo "Title: " . $record['title'] . "<br>";
}

There might be some rewriting of the code as I just converted from an old php sandbox script that I did.

rpkamp · April 24, 2021, 12:20pm

Yes, this:

See https://kodlogs.com/blog/2482/difference-between-single-quotes-and-double-quotes-in-php

system · July 24, 2021, 7:21pm

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Prepared select statement PHP	2	813	June 16, 2018
PDO binding MYSQL LIKE PHP	6	1682	January 6, 2019
Please help for my search PHP	6	667	October 8, 2014
PDO and LIKE PHP	2	288	March 9, 2010
LIKE queries using Prepare and Execute PHP	15	638	November 8, 2010

PDB select with LIKE

Related topics