The correct way to use LIKE '% {$ var}%' with prepared statements? [MySQLi]

Question

The correct way to use LIKE '% {$ var}%' with prepared statements? [MySQLi]

This does not work

$sql = 'SELECT * FROM `users` WHERE username LIKE \'%{?}%\' ';

Warning: mysqli_stmt :: bind_param (): The number of variables does not match the number of parameters in the prepared statement in / home / rgero / public _html / php / searchadmins.php on line 1

This file does not work.

$sql = 'SELECT * FROM `users` WHERE username LIKE %{?}% ';

Fatal error: Incorrect SQL: SELECT * FROM usersWHERE username LIKE% {?}% Error: 0 in / home / rgero / public _html / php / searchadmins.php on line 1

How can i do this? I am trying to search for a player function that updates the results when I enter the form, something like Google already shows the answers during the input. I need the admin username if you type dm to show it among other usernames containing "dm" already. It must also be case insensitive.

+4

sql php mysql mysqli

aron9forever Feb 07 '15 at 17:27

source share

1 answer

user2683146 · Accepted Answer · 2015-02-07T17:32:15+0000

try it

$likeVar = "%" . $yourParam . "%";
$stmt = $mysqli->prepare("SELECT * FROM REGISTRY where name LIKE ?");
$stmt->bind_param("s", $likeVar);
$stmt->execute();

you need to prepare the request using simple ?, after which you bind the parameter with bind_param.

The correct way to use LIKE '% {$ var}%' with prepared statements? [MySQLi]

More articles: