SQL LIKE query failing - fatal error in prepared statement

Question

I have the following code:

$countQuery = \"SELECT ARTICLE_NO FROM ? WHERE upper(ARTICLE_NAME) LIKE \'% ? %\'\";
if ($numRecords = $con->prepare($countQuer         


        

Answer 1

For LIKE clause, use this:

SELECT ARTICLE_NO FROM AUCTIONS1 WHERE upper(ARTICLE_NAME) LIKE CONCAT('%', ?, '%')

As for the table name, it's an extremely bad practice to have table names as parameters.

If for some reason you still need to do it, you'll need to embed it into the query text before preparing the query:

$countQuery = "SELECT ARTICLE_NO FROM $table_name WHERE upper(ARTICLE_NAME) LIKE CONCAT('%', ? ,'%')";
if ($numRecords = $con->prepare($countQuery)) {
    $numRecords->bind_param("s", $brand);
    $numRecords->execute();
    $data = $con->query($countQuery) or die(print_r($con->error));
    $rowcount = mysql_num_rows($data);
    $rows = getRowsByArticleSearch($query, $table, $max);
    $last = ceil($rowcount/$page_rows);
}