Use PDO parameterized queries to create methods with LIKE statements

Question

This is the code I tried: $query=$database-&gt;prepare('SELECT*FROMtableWHEREcolumnLIKE"?%"');$query-&gt;execute(array('value'));while($results=$query -&gt;fetch()){echo$results['column'];}

P粉722521204 · Answer

For those using named parameters, here's how to do a % partial match using LIKE in a MySQL database:

WHERE column_name LIKE CONCAT('%', :dangerousstring, '%')

The named parameter is :dangerousstring.

In other words, you use explicit unescaped % symbols in your queries, which are separate from user input.

EDIT: For Oracle Database, the join syntax uses the join operator: ||, so it will simplify to:

WHERE column_name LIKE '%' || :dangerousstring || '%'

However, as @bobince mentioned here, there are some caveats:

Therefore, there are other things to pay attention to when combining like and parameterization.

P粉731861241 · Answer

I found the answer after posting:

$query = $database->prepare('SELECT * FROM table WHERE column LIKE ?');
$query->execute(array('value%'));

while ($results = $query->fetch())
{
    echo $results['column'];
}