How to Use Wildcards with Prepared Statements in MySQL?

Executing MySQL Queries with Prepared Statements and Wildcards

When executing SQL queries using prepared statements, it's essential to utilize wildcards effectively to enhance the flexibility and efficiency of your queries. While prepared statements offer security benefits by preventing SQL injection, they may require certain adjustments when incorporating wildcards.

In your specific scenario, executing the query:

SELECT * FROM `gc_users` WHERE `name` LIKE '%anyname%'

with prepared statements initially failed, as the code attempted to bind a parameter directly to a wildcard. However, by using bindValue instead of bindParam, you successfully achieved the desired functionality, binding the wildcard-enclosed $name variable:

$stmt = $dbh->prepare("SELECT * FROM `gc_users` WHERE `name` LIKE :name");
$stmt->bindValue(':name', '%' . $name . '%');
$stmt->execute();

Alternatively, you can also leverage bindParam in conjunction with prepending and appending wildcards to the $name variable, as seen below:

$name = "%$name%";
$query = $dbh->prepare("SELECT * FROM `gc_users` WHERE `name` like :name");
$query->bindParam(':name', $name);
$query->execute();

The above is the detailed content of How to Use Wildcards with Prepared Statements in MySQL?. For more information, please follow other related articles on the PHP Chinese website!