0

How do I combine a LIKE query with bind_param,? I tried: 

%?%

But I'm doing it wrong and I can't find any reference.

Improve this question

1 Answer 1

Reset to default
4 
select * from your_table where your_column like concat('%', ?, '%');

and bind the ? to your input value

The naive approach:

select * from your_table where your_column like ?;
$your_input='%'.$your_input.'%';

is vulnerable to SQL Injection and should not be used.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

You could also put the % around the value that you're binding.
Beware SQL Injection with the second one. If $your_input contains 'x%' OR 1 = 1 --', the query does not perform as you expect.
lucky me its not via input it's a category view and its all preseted

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.