Using REGEXP inside prepared mysqli statement in PHP

Question

Using REGEXP inside prepared mysqli statement in PHP

I am trying to make a simple search process with codes (noob) as follows:

$prep->prepare("SELECT * FROM details WHERE id REGEXP '?'");
$prep->bind_param("s", $search_query);

He gives me this warning:

Warning: mysqli_stmt::bind_param(): Number of variables doesn't match number of parameters in prepared statement

I guess this could be because the question mark is also used for RegExp (optional previous character).

Any idea on how to use REGEXP inside prepared statements (without conflicting question marks)?

Thank.

+3

php regex mysql mysqli prepared-statement

Clueless noob Feb 19 '14 at 19:32

source share

2 answers

.

, , CONCAT .

// Target SQL
//    SELECT * FROM `table` WHERE `field` REGEXP "value1|value2|value3";
// Target Prepared Statement SQL
//    SELECT * FROM `table` WHERE `field` REGEXP ?|?|?;
$sql = 'SELECT * FROM `table` '
     . 'WHERE `field` REGEXP CONCAT(?, "|", ?, "|", ?)';
$bindings = [$value1, $value2, $value3];

$prepStmt = $db->prepare($sql);
$prepStmt->execute($bindings);

+1

AlphaZygma 22 . '16 21:59

Ed cottrell · Accepted Answer · 2014-02-19T20:11:58+0000

Print single quotes around ?. Your code should read:

$prep->prepare("SELECT * FROM details WHERE id REGEXP ?");
$prep->bind_param("s", $search_query);

As of now, you are passing a single parameter, but ?in single quotes it is treated as a string, not a parameter marker.

Using REGEXP inside prepared mysqli statement in PHP

More articles: