Using Prepared Placeholders with Wildcards in PDO

When using SQL wildcards with PDO placeholders, include the wildcard in the variable and not the query.

Use this:

	
	$search = '%' . $search_term . '%';
	$sql = "SELECT * FROM posts WHERE content LIKE :search";
	$stmt = $pdo->prepare($sql);
	$stmt->bindParam(':search', $search, PDO::PARAM_STR);
	$stmt->execute();

Leave a Comment