Simply, I'd like to search table in database with multiple criteria. As you can see, I try to make it with OR and LIKE statements in MySQL query.
For example: there's a record with imie column, filled with Alexis value. When $_POST['imie'] goes through the code with Alexis value, the results are OK, I get wanted record, but I'd like to get it even if $_POST['imie'] doesn't contain whole string (e.g. Alex), so I tried to add % in MySQL query. Unfortunately, it doesn't give me any results (it seems to me that MySQLi's bind_param deletes those chars, in order to prevent SQL Injection, am I right?).
How to put $_POST['imie'] values within % symbols that I can get proper LIKE clause results? And is there any more tidy and sufficient way to search for records only by given values?
foreach ($_POST as $key => $value) {
if(isset($value)) {
$value = "%".$value."%"; // I also tried "'%".$value."%'"
}
}
$search = $db->prepare("SELECT * FROM klienci WHERE
PESEL LIKE ? AND
imie LIKE ? AND
nazwisko LIKE ? AND
numer_domu LIKE ? AND
ulica LIKE ? AND
miasto LIKE ? AND
kod_pocztowy LIKE ?");
$search -> bindParam('sssssss', $_POST['PESEL'], $_POST['imie'], $_POST['nazwisko'], $_POST['numer_domu'], $_POST['ulica'], $_POST['miasto'], $_POST['kod_pocztowy']);
$search->execute();
$result = $search->get_result();
while ($row = $result->fetch_array())
{
foreach ($row as $r)
{
print "$r ";
}
print "\n";
}
Thank you for your response in advance
