Binding parameters to mysql query

Question

I want to get a result from a mysql database with PHP.

I am using a query like this one:

SELECT *
FROM images
WHERE  images.name LIKE ?  OR  images.title LIKE ? 

And this is how I bind the parameters to the query:

$f_for = "%". $filter_for ."%";
$stmt->bind_param('ss', $f_for, $f_for);

---

If I replace the questionmarks ? with a made up search string, so the query looks like this:

SELECT *
FROM images
WHERE  images.name LIKE '%searchForThis%'  OR  images.title LIKE '%searchForThis%' 

and execute it directly (not PHP, but phpMyAdmin or directly via terminal), I get a correct/positive result (ie I am getting rows back, where the search string matches a value in one of the two columns).

---

Using the parameterized query I do not get any errors, but just an empty result (ie zero rows). I tried different string formats, but it seems like none of these work either.

$f_for = "'%". $filter_for ."%'";
$f_for = "%{$filter_for}%";

How do I correctly bind the parameters? Am I doing it completely wrong or could it be another problem?

Answer 1

This is one way you can do it, and it involves a lot less fiddling about with $filter_for

$sql = "SELECT *
        FROM images
        WHERE  images.name LIKE ? OR  images.title LIKE ?"

$stmt = $conn->prepare($sql);

$param = "%$filter_for%";

$stmt->bind_param('ss', $param, $param);

Answer 2

I am about to hit my head against a wall and I am truly sorry everyone...

Looking at the general logs, as suggested by aynber I found LIMIT 0, 0 at the end of my query, so it would always return zero rows.

I am ashamed that I asked this question.

Answer 3

请像这样使用串联

$f_for = "'%".$filter_for."%'";