PDO Prepared Statements with Wildcards

Q: Can wildcards be used with PDO prepared statements?

A: Yes, wildcards can be used in PDO prepared statements, allowing for powerful database queries with dynamic values. However, the method of usage differs slightly from standard SQL queries.

How to Use Wildcards in Prepared Statements:

Option 1: bindValue()

• Use the bindValue() method to assign the wildcard-containing value.

  // Set the name with wildcards
  $name = "%anyname%";
  // Prepare the statement
  $stmt = $dbh->prepare("SELECT * FROM `gc_users` WHERE `name` LIKE :name");
  // Bind the name with wildcards using bindValue()
  $stmt->bindValue(':name', $name);
  // Execute the statement
  $stmt->execute();

Option 2: bindParam()

• Use the bindParam() method to assign the wildcard-containing value, but modify the value prior to binding.

  // Set the name with wildcards
  $name = "%anyname%";
  // Prepare the statement
  $query = $dbh->prepare("SELECT * FROM `gc_users` WHERE `name` like :name");
  // Bind the name with wildcards using bindParam()
  $query->bindParam(':name', $name);
  // Execute the statement
  $query->execute();

  Additional Note:

• When using bindParam() with wildcards, it's essential to modify the value before binding, replacing the wildcard placeholder (%) with the actual wildcard character.