PHP PDO prepared statement -- MySQL LIKE query

mysql php pdo

I am trying to do a search through php's PDO class (mysql driver). I have the following query working with the MySQL client (table names changed to protect the innocent):

SELECT    hs.hs_pk, 
          hs.hs_text, 
          hs.hs_did, 
          hd.hd_did, 
          hd.hd_text, 
          hv.hv_text, 
          hc.hc_text 
FROM      hs 
LEFT JOIN hd 
 ON       hs.hs_did = hd.hd_did 
LEFT JOIN hd 
 ON       hd.hd_vid = hv.hv_id 
LEFT JOIN hc 
 ON       hd.hd_pclass = hc.hc_id
WHERE     hs.hs_text LIKE "%searchTerm%"
LIMIT 25;

This works like a charm regardless of the search term that I use. However, when I move to php, I can't get it to return anything. I have tried several different syntaxes that seem logical to work, but nothing I have tried works. here's my existing code:

$handle = fopen('/foo/bar/test.log', 'w+');
fwrite($handle, "doSearch, with search term: $searchTerm\n");
$sql = 
'SELECT   hs.hs_pk, 
          hs.hs_text, 
          hs.hs_did, 
          hd.hd_did, 
          hd.hd_text, 
          hv.hv_text, 
          hc.hc_text 
FROM      hs 
LEFT JOIN hd 
 ON       hs.hs_did = hd.hd_did 
LEFT JOIN hd 
 ON       hd.hd_vid = hv.hv_id 
LEFT JOIN hc 
 ON       hd.hd_pclass = hc.hc_id
WHERE     hs.hs_text LIKE :searchTerm
LIMIT 25';

try {
 $dbh = new PDO('mysql:host=localhost;dbname=awdb', "user", "password");
 fwrite($handle, "connected to DB\n");
 $prep = $dbh->prepare($sql);
 $ret = $prep->execute(array(':searchTerm' => '"%'.$searchTerm.'%"'));

 while ($row = $prep->fetch(PDO::FETCH_ASSOC)) {
  $i++;
  $result[$i]['subText'] = $row['hs_pk'];
  $result[$i]['subText'] = $row['hs_text'];
  $result[$i]['subDid'] = $row['hs_did'];
  $result[$i]['devDid'] = $row['hd_did'];
  $result[$i]['devText'] = $row['hd_text'];
  $result[$i]['vendorText'] = $row['hv_text'];
  $result[$i]['classText'] = $row['hc_text'];
 }
    $dbh = null;
}   
catch (PDOException $e) {
  print "Error!: " . $e->getMessage() . "<br/>";
  die();
}

I've tried the following as well (SQL WHERE clause & prep->execute lines are all that change):

WHERE hs.hs_text LIKE CONCAT(\'%\', ?, \'%\') 
$ret = $prep->execute(array($searchTerm));

WHERE hs.hs_text LIKE "%:searchTerm%" 
$ret = $prep->execute(array(':searchTerm' => $searchTerm));

WHERE hs.hs_text LIKE ":searchTerm" 
$ret = $prep->execute(array(':searchTerm' => '%'.$searchTerm.'%'));

etc...


$ret = $prep->execute(array(':searchTerm' => '"%'.$searchTerm.'%"'));

This is wrong. You don't need the double quotes.

WHERE hs.hs_text LIKE ":searchTerm" 
$ret = $prep->execute(array(':searchTerm' => '%'.$searchTerm.'%'));

This is also wrong. Try with:

$prep = $dbh->prepare($sql);
$ret = $prep->execute(array(':searchTerm' => '%'.$searchTerm.'%'));

Explanation: Prepared statements don't simply do a string-replace. They transport the data completely separate from the query. Quotes are only needed when embedding values into a query.

Related

Python scope: "UnboundLocalError: local variable 'c' referenced before assignment" [duplicate]
How to sort a list with two keys but one in reverse order?
How to make a surface with a transparent background in pygame
For $a>0$, what is $\int_1^\infty dy \, \exp(-ay) (y^2-1)^{-1/2}y^{-2}$?
Question about the limit $\lim\limits_{+\infty} \tfrac{x^4}{1+x^4(\cos(x))^2}$ and result given by walpha
Why do the solutions to the derivatives of polynomials have the same x value as their peaks and valleys? [closed]
Explain why the following statement is true if and only if at most one value in the statement is true?
How to calculate the jump of $e^{{\rm i}N_ty-\operatorname E[N_t](e^{{\rm i}y}-1)}$ for a Poisson process $N$?
Let $p_n\ $ be the $n-$th prime. Is there a decreasing positive real sequence $(a_n)$ such that $\sum a_n$ diverges, but $\sum a_{p_n}$ converges?
How $X^T(I_n-n^{-1}J_n)X=\sum_{i=1}^{n}(X_i-\bar X)^2$?
Solve the equation $x^4-8x^3+23x^2-30x+15=0$
Prove that $\sin nx\le n\sin x$, by Induction