Using mysqli prepared statements with LIKE operator in SQL
Before running any query with mysqli, make sure you've got a properly configured mysqli connection variable that is required in order to run SQL queries and to inform you of the possible errors.
SELECT query with LIKE operator
In general, SELECT with LIKE is no different from any other SELECT query with prepared statements. However, there are two certain gotchas that one should keep in mind:
- A placeholder cannot represent an arbitrary part of a query but only a whole data literal (or, to put it simpler, a string or a number). Hence, an SQL like this
field LIKE '%?%'won't work. Hence, the percent marks should be added to the source variable instead. Then ,a variabe that would contain something like'%search string%'can be bound to a placeholder the regular way. bind_param()function accepts only variables, and strings are not allowed. Hence, a code like this$stmt->bind_param("s", "%$var%");won't work, causing "Only variables can be passed by reference" error. So we must prepare our variable before binding it.
Knowing that now we can create a prepared statement with LIKE:
$name = "%$name%"; // prepare the $name variable
$sql = "SELECT * FROM users WHERE name LIKE ?"; // SQL with parameters
$stmt = $conn->prepare($sql);
$stmt->bind_param("s", $name); // here we can use only a variable
$stmt->execute();
$result = $stmt->get_result(); // get the mysqli result
$rows = $result->fetch_all(MYSQLI_ASSOC); // all rows matchedUsing a helper function
As you may noted, the code for a prepared statement is quite verbose. If you like to build a code like a Lego figure, with shining ranks of operators, you may keep it as is. If you, like me, hate useless repetitions and like to write concise and meaningful code, then there is a simple helper function. With it, the code will become two times shorter:
$sql = "SELECT * FROM users WHERE name LIKE ?"; // SQL with parameters
$stmt = prepared_query($conn, $sql, ['%$name%']);
$rows = $stmt->get_result()->fetch_all(MYSQLI_ASSOC); // fetch an array of rowsUnlike bind_param(), our helper function accepts strings as parameters, hence you can add percent marks right at the call time.
Related articles:
- Mysqli SELECT query with prepared statements
- How to run a SELECT query using Mysqli
- How to run an INSERT query using Mysqli
- How to run an UPDATE query using Mysqli
- Mysqli prepared statement with multiple values for IN clause
- Mysqli examples
- How to call stored procedures with mysqli
- How to create a search filter for mysqli
- How to run 1000s insert queries with mysqli?
Got a question?
I am the only person to hold a gold badge in
,
and
on Stack Overflow and I am eager to show the right way for PHP developers.
Besides, your questions let me make my articles even better, so you are more than welcome to ask any question you have.
Add a comment
Please refrain from sending spam or advertising of any sort.
Messages with hyperlinks will be pending for moderator's review.
Markdown is now supported:
>before and an empty line after for a quote