Forum Moderators: coopster
<?php
if(isset($_REQUEST['word'])) {
$word = stripslashes($_REQUEST['word']);
// Prepared Statement
$db = new mysqli('#*$!', '#*$!', '#*$!', '#*$!');
$db -> query("SET NAMES 'latin2'");
$stmt = $db->stmt_init();
if($stmt->prepare("SELECT `user_id`, `model`, `vendor`, `registration_date` FROM `my_database` WHERE `model` = ? OR `vendor` = ? ORDER BY registration_date DESC")) {
$stmt->bind_param('ss', $word,$word);
$stmt->execute();
$stmt->bind_result($id_var, $model_var, $vendor_var, $reg_var);
while($stmt->fetch()) {
echo '<table>';
echo '<td><b>ID:</b> '.$id_var.'</td><tr />';
echo '<td><b>Model:</b> '.$model_var.'</td><tr />';
echo '<td><b>Wprowadzono:</b> '.$reg_var.'</td><tr />';
echo '<td><b>Odnośnik:</b> <a href="http://www.mypage.com/catalog/detail.php?id='.$id_var.'">Go there</a></td><br />';
echo '</table>';
}}
else {
echo 'There is no word in database<br />';
echo $word;
}
}
?>
$query = 'SELECT user_id, model, vendor FROM my_database WHERE model LIKE '%' . $word . '%' OR vendor LIKE '%' . $word . '%' ORDER BY registration_date DESC';
if($stmt->prepare("SELECT `user_id`, `model`, `vendor`, `registration_date` FROM `my_database` WHERE `model` LIKE CONCAT('%',?,'%') OR `vendor` LIKE CONCAT('%',?,'%') ORDER BY registration_date DESC")) {
concat('%',?,'%')where upper(model) like ?
where model like ?
$contains = '%'.$term.'%';
$startsWith = $term.'%';
....
you have separated the query value into two different locations
if($stmt->prepare("SELECT `user_id`, `model`, `registration_date` FROM `my_database` WHERE `model` = ? OR `vendor` = ? ORDER BY registration_date DESC"))
if($stmt->prepare("SELECT `user_id`, `vendor`, `registration_date` FROM `my_database` WHERE `model` = ? OR `vendor` = ? ORDER BY registration_date DESC"))
