$nome = 'nome';
$stmt = $db->prepare("SELECT `nome`, `mov`, `gen` FROM table WHERE gen LIKE :gen AND nome = :nome");
$stmt->bindValue(':gen', '%'.$gen.'%', PDO::PARAM_STR);
$stmt->bindParam(':nome', $nome, PDO::PARAM_STR);
$stmt->execute();
As you can see, i'm using bindValue
to bind the value on the operator LIKE
, because bindParam
don't allow the use of strings.
I tested here, and i saw none errors, and i also don't found anything on google about using both bindValue
and bindParam
on a single prepared statement.
For the SQL statement there is no difference between
bindValue()
andbindParam()
. The only difference is how--or rather, when--PHP reads the input variables. So you can use both together, although that may cause hard-to-find issues (regarding the result of the SQL operation) later.So it's best to avoid confusion and stick to
bindValue()
unless you need the special behaviour ofbindParam()
.