I’m trying to convert a working mysql statement to a prepared statement. This is my first one and I am confused.
Regular:
<?php
$db = new mysqli("localhost","xxx","xxx","xxx");
if ($db->connect_error) {
die("Connection failed: " . $db->connect_error);
}
$searchTerm = $_GET['term'];
$query = $db->query("SELECT service_address FROM addresses WHERE service_address LIKE '%".$searchTerm."%'");
$serviceAddress = array();
if($query->num_rows > 0){
while($row = $query->fetch_assoc()){
$data['id'] = $row['id'];
$data['value'] = $row['service_address'];
array_push($serviceAddress, $data);
}
}
echo json_encode($serviceAddress);
?>
Prepared:
<?php
$mysqli = new mysqli("localhost","xxx","xxx","xxx");
if($mysqli->connect_error) {
exit('Error connecting to database');
}
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
$mysqli->set_charset("utf8mb4");
$arr = [];
$stmt = $mysqli->prepare("SELECT service_address FROM addresses WHERE service_address LIKE ?");
$stmt->bind_param("s", $_GET['term']);
$stmt->execute();
$result = $stmt->get_result();
$serviceAddress = array();
while($row = $result->fetch_assoc()) {
$data['id'] = $row['id'];
$data['value'] = $row['service_address'];
array_push($serviceAddress, $data);
}
echo json_encode($serviceAddress);
$stmt->close();
?>