This question already has an answer here:
I'm trying to get a PDO query running, so I'm doing:
$src = $this->conn->prepare("SELECT name, model, software FROM product WHERE
model LIKE '%:search_string%' OR
name LIKE '%:search_string%' OR
software LIKE '%:search_string%'");
$src->bindParam(':search_string', $search_string);
$src->execute();
return $src->fetchAll();
But when I var_dump this, I always get an empty array ( [] ). However, if I change it to just "SELECT name, model, software FROM product", I get all of the products, just as expected, so how am I using the LIKE clause wrong? Or am I doing this completely wrong?
</div>
Bound parameters cannot be used in this way. You have to input it as LIKE :search_string in the prepared query, then add the percent signs in the bound value (i.e. $src->bindParam(':search_string', '%' . $search_string . '%');).
See also this comment on PDOStatement::bindParam.