Home >Backend Development >PHP Tutorial >How to Correctly Use Parameterized Queries with LIKE Statements in PDO?
Utilizing Parameterized Queries with LIKE Statements Using PDO
When working with parameterized queries that incorporate LIKE statements, the correct approach is to employ placeholder characters within the query itself. This ensures that the input value is properly treated as a parameter rather than part of the literal string.
In the initial attempt, using '?%' as the placeholder character was incorrect. Instead, a placeholder character like '?' should be used, and the actual input value should be appended with the wildcard character when executing the query.
The revised code below demonstrates the correct usage:
$query = $database->prepare('SELECT * FROM table WHERE column LIKE ?'); $query->execute(array('value%')); while ($results = $query->fetch()) { echo $results['column']; }
By employing a placeholder character and appending the wildcard character to the input value during execution, the LIKE statement functions as intended, and the query retrieves the desired records.
The above is the detailed content of How to Correctly Use Parameterized Queries with LIKE Statements in PDO?. For more information, please follow other related articles on the PHP Chinese website!