I am fetching results from database using PDO with url query string
url: index.php?bType=doctor&loc=asia|india
CODE:
$bind = array();
$str=explode('|',$_GET[loc]);
foreach ($str as $loc)
{
$bloc[] = $loc;
} $loca = implode("','", $bloc);
$btype=$_GET['bType'];
$sqlsb = "SELECT * FROM t_business WHERE 1=1";
if(isset($_GET['bType'])){ $sqlsb .=" AND type like :btype"; $bind['btype']='%'. $btype .'%';}
if(isset($_GET['loc'])){ $sqlsb .=" AND location IN (:loca)"; $bind['loca']="'$loca'";}
$qsb = $db->prepare($sqlsb);
$qsb->execute($bind);
above code fetches nothing..
print_r($bind) shows Array ( [btype] => doctor [loca] => asia','india )
If i do it without using prepared it works.
I am writing this code for refine search filters.
Thanks
UPDATE
AS CoursesWeb anwserd i did changes
if(isset($_GET['bType'])){ $sqlsb .=" AND type like :btype"; $bind['btype']='%'. $btype .'%';}
if(isset($_GET['loc'])){ $sqlsb .=" AND location IN (:loca)"; $bind['loca']="'$loca'";}
it works for :btype but not with :loca
print_r($bind) shows array ( [btype] => %doctor% [loca] => 'asia','india' )
Need to do something better with loc than using implode..think so
for prepared values used in LIKE statement, the "?" or "%" characters must be added together with the value, not in sql statement.
$btype = '%'. $btype .'%';
$sqlsb = "SELECT * FROM t_business WHERE type LIKE :btype";