Jump to content

How do I bind param in this query?


Go to solution Solved by mac_gyver,

Recommended Posts

Hi,

New to PDO, stucked on binding params in the dynamic query. 

		$searchTerms = explode(' ', $search_string);

	
		foreach ($searchTerms as $searchTerm){
			$condition .= "ci.item_name LIKE ':searchTerm' OR ";
		}
		$condition = substr($condition, 0, -4);
	
		$searchQuery = "(SELECT ci.id, ci.item_name, ci.item_description FROM core_item ci WHERE " . $condition . ")";




		if($searchStmt = $this->pdo->prepare($searchQuery))
			{
				foreach ($searchTerms as $key => $value){
					$seachTerms->bindParam($key, '%' . $value . '%');
				}

				$searchStmt->execute();
				return $searchStmt->fetchAll();
			}
			
		}
	
Link to comment
https://forums.phpfreaks.com/topic/303547-how-do-i-bind-param-in-this-query/
Share on other sites

  • Solution

in most cases, you don't need to explicitly bind parameters or values, just supply an array to the execute() method call.

 

here are some points for your current code -

 

1) the place-holder names must be unique. when you are dynamically building a prepared query statement, you should use ? place-holders.

 

2) the place-holders do not get single-quotes around them in the sql query statement.

 

3) when building similar terms, it is cleaner to build them in an array, then implode() the array with the separator keyword between the elements. this will work correct even if there is a single element.

 

4) the sql query statement doesn't need ( ) around it and having them just clutters up the code.

 

5) you should be using exceptions to handle statement errors. this will mean that your main code only has to deal with error free execution and you don't need to have conditional logic for each statement that can fail.

 

6) if you use php's array functions, it will eliminate the need to explicitly loop in the code. see the following example - 

$searchTerms = explode(' ', $search_string);
// note: you should filter empty values out of the $searchTerms array and only execute the remainder of the code if there are any remaining values in $searchTerms

// build the dynamic part of the sql query statement
$terms = implode(' OR ', array_fill(0, count($searchTerms), "ci.item_name LIKE ?"));

// produce the complete sql query statement
$searchQuery = "SELECT ci.id, ci.item_name, ci.item_description FROM core_item ci WHERE $terms";

// prepare the query
$searchStmt = $this->pdo->prepare($searchQuery);

// function to add % wildcard characters to the value
function _wildcard($val)
{
    return "%$val%";
}

// add the wildcard characters to the values
$searchTerms = array_map('_wildcard',$searchTerms);

// execute the query
$searchStmt->execute($searchTerms);

// fetch and return the result - this will be an empty array if the query didn't match any row(s)
return $searchStmt->fetchAll();
Edited by mac_gyver
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.