php - MySql LIKE query in a form

Question

So, I have this query:

FROM test.cliente, test.contratto
WHERE test.contratto.Codice_Cliente = test.cliente.Codice_Cliente
AND test.cliente.Denominazione = :name;

But I'm trying to work with something like this:

FROM test.cliente, test.contratto
WHERE test.contratto.Codice_Cliente = test.cliente.Codice_Cliente<
AND test.cliente.Denominazione LIKE "%:name%";

The reason I want to use this query is because the user puts a name into the html form, but I don't want him to type the same piece of data that I have on the database, because there's no way that what he'll type will be the same piece of data as it's written in the database.


The code goes on like this:

$name = $_POST['Denominazione'];
            $statement = $connection->prepare($sql);
            $statement->bindParam(':name', $name, PDO::PARAM_STR);
            $statement->execute();
        $result = $statement->fetchAll();

I also tried to type

$name = '%'.$_POST['Codice_Cliente'].'%';

but it didn't find me anything.

question from:https://stackoverflow.com/questions/66049401/mysql-like-query-in-a-form

Answer 1

PDO prepared statements DO NOT allow % in SQL statements.

You have to use "FROM test.cliente, test.contratto
WHERE test.contratto.Codice_Cliente = test.cliente.Codice_Cliente
AND test.cliente.Denominazione LIKE :name";

And put the "%name%" inside the execute.

Please also see:

How do I create a PDO parameterized query with a LIKE statement?

PHP - Using PDO with IN clause array