I am getting values from multiple form fields and using a prepared statement to query the database. While the code below works for criteria entered in a single field, it doesn't return any values if I enter in more than one field. It seems the reason is that page is only processing the last field entered. when I echo the value in $params before $results->execute(array($params)); I only get one value...
Here's what I have:
<?php
$dbhost = "ip_address";
$dbname = "db_name";
$dbuser = "db_login";
$dbpass = "db_pass";
$conn = new PDO("mysql:host=$dbhost;dbname=$dbname",$dbuser,$dbpass);
$query = "SELECT * FROM tbl_name WHERE 1=1";
foreach ($_POST as $k => $v)
{
if(!empty($v)) {
$query .= " AND $k LIKE ?";
$params[] = '%'.$v;
}
}
$results = $conn->prepare($query);
$results->execute($params);
$results->bindColumn(1, $no);
$results->bindColumn(2, $date);
$results->bindColumn(3, $name);
$results->bindColumn(4, $id);
$results->bindColumn(5, $path);
?>
I changed the code above to the working script
You should first define $params as an array and then do it like @mkjasinski said. Also the prepare is done before the complete query build, thus the query that is sent to the Database is:
SELECT * FROM tbl_name WHERE 1=1
I believe that doing those two right will get you what you want.