Using Prepared Placeholders with Wildcards in PDO

When using SQL wildcards with PDO placeholders, include the wildcard in the variable and not the query. Use this: $search = ‘%’ . $search_term . ‘%’; $sql = “SELECT * FROM posts WHERE content LIKE :search”; $stmt = $pdo->prepare($sql); $stmt->bindParam(‘:search’, $search, PDO::PARAM_STR); $stmt->execute();