How do I create a PDO parameterized query with a LIKE statement?

Question

Here\'s my attempt at it:

$query = $database->prepare(\'SELECT * FROM table WHERE column LIKE \"?%\"\');

$query->execute(array(\'value\'));

while ($r         


        

Answer 1

PDO escapes "%" (May lead to sql injection): The use of the previous code will give the desire results when looking to match partial strings BUT if a visitor types the character "%" you will still get results even if you don't have anything stored in the data base (it may lead sql injections)

I've tried a lot of variation all with the same result PDO is escaping "%" leading unwanted/unexcited search results.

I though it was worth sharing if anyone has found a word around it please share it