Page 1 of 1

Zend Framework, Mysqli, prepared statements... [SOLVED]

Posted: Thu Oct 11, 2007 5:22 pm
by ReverendDexter
Okay, this is from one of my models in a Zend Framework MVC setup. What I'm trying to do is have a prepared statement that will take the user input, and return the appropriate matches (i.e. name like '%big%' should return "Big 5").

However, I'm not sure what's getting sent to my prepared statement in the ?s, or how to display it in one of my views with the appropriate values in it (to make sure it's not doing something lame like "WHERE name like '%'big'%').

Any help would be appreciated.

Code: Select all

protected function getBy($type, $val)
	{
		//check/clean/scrub $type and $val first
		$params = array($type, strtolower($val));

		$sql = "SELECT name, address, city, state, zip_code, phone, fax " .
			"FROM dealers " . 
			"WHERE ? like '%?%'";

		$stmt = $db->query($sql, $params);
		$dealers = $stmt->fetchAll();
			
		return $dealers;
	}

Posted: Thu Oct 11, 2007 6:18 pm
by ReverendDexter
Ok, I figured this out...

In the prepared statment, it was never understanding the first ? as a column name, but instead as a literal. So when the $type was 'name', it was comparing the search string to be like the literal 'name', not like the column `name`.

I hope that I can save someone else the time that just cost me...