Zend Framework, Mysqli, prepared statements... [SOLVED]

Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.

Moderator: General Moderators

Post Reply
User avatar
ReverendDexter
Forum Contributor
Posts: 193
Joined: Tue May 29, 2007 1:26 pm
Location: Chico, CA

Zend Framework, Mysqli, prepared statements... [SOLVED]

Post by ReverendDexter »

Okay, this is from one of my models in a Zend Framework MVC setup. What I'm trying to do is have a prepared statement that will take the user input, and return the appropriate matches (i.e. name like '%big%' should return "Big 5").

However, I'm not sure what's getting sent to my prepared statement in the ?s, or how to display it in one of my views with the appropriate values in it (to make sure it's not doing something lame like "WHERE name like '%'big'%').

Any help would be appreciated.

Code: Select all

protected function getBy($type, $val)
	{
		//check/clean/scrub $type and $val first
		$params = array($type, strtolower($val));

		$sql = "SELECT name, address, city, state, zip_code, phone, fax " .
			"FROM dealers " . 
			"WHERE ? like '%?%'";

		$stmt = $db->query($sql, $params);
		$dealers = $stmt->fetchAll();
			
		return $dealers;
	}
Last edited by ReverendDexter on Thu Oct 11, 2007 6:19 pm, edited 1 time in total.
User avatar
ReverendDexter
Forum Contributor
Posts: 193
Joined: Tue May 29, 2007 1:26 pm
Location: Chico, CA

Post by ReverendDexter »

Ok, I figured this out...

In the prepared statment, it was never understanding the first ? as a column name, but instead as a literal. So when the $type was 'name', it was comparing the search string to be like the literal 'name', not like the column `name`.

I hope that I can save someone else the time that just cost me...
Post Reply