0

I am trying to send an sql query with php. I use bindValue to replace :data1 ,2 and 3 with values from an array. However var_dump($sth) returns the query without any modification. Also the $data array does contain strings as intended.

<?php
$val=0;
$json = file_get_contents('php://input');
$data = json_decode($json);

$user = '...';
$passwd = '...';
$dsn = "pgsql:host=localhost;port=5432;dbname=acudb;";
 
$dbh = new PDO($dsn,$user, $passwd);

//query

$sql = "SELECT * FROM patho WHERE mer LIKE %:data1% AND [type] LIKE %:data2% AND [type] LIKE %:data3%";

$sth = $dbh->prepare($sql);
var_dump($data);

$sth->bindValue(':data1', $data[1], PDO::PARAM_STR);
$sth->bindValue(':data2', $data[2], PDO::PARAM_STR);
$sth->bindValue(':data3', $data[3], PDO::PARAM_STR);

var_dump($sth);

$sth->execute();
$val = $sth->fetchAll();

echo(json_encode($val));

Edit: here's the error code

Array
(
    [0] => 42601
    [1] => 7
    [2] => ERROR:  syntax error at or near "%"
LINE 1: SELECT * FROM patho WHERE mer LIKE %$1% AND [type] LIKE %$2%...
                                           ^
)
tim_76
  • 64
  • 5
  • I believe the wildcards need to be passed as part of the value of the placeholder, not in the query itself. – aynber Mar 17 '22 at 18:24

0 Answers0