I have tried many approaches to parametrizing my SQL Select query, but none of them have worked so far. I suspect this is because my query includes wildcards.
Here is one approach that I have tried so far:
//Database Connection
$conn = mysqli_connect($servername,$username,$password,$databasename);
//Parametrization
//This line includes the wildcards - at the beginning and end, eg: '%test%'
$stmt = $conn->prepare("SELECT * FROM Awards WHERE Company LIKE '%?%'");
$stmt->bind_param("s", $_GET["company"]);
$stmt->execute();
$result = $stmt->get_result();
//Close stmt
$stmt->close();
//Close connection
$conn->close();
I have executed the query in my code successfully without the parametrization, and I am unsure where the issue may be.
