"sgr" <st***@madmaggies.com> wrote in message
news:11**********************@f14g2000cwb.googlegr oups.com...
$sth = $dbh->prepare('SELECT * FROM Entries WHERE name like '?%'");
$sth->execute($name_from_browser);
Try this:
$sth = $dbh->prepare('SELECT * FROM Entries WHERE name LIKE CONCAT(?,
'%')");
By the way, it's not precisely true that the ? is replaced by the string
'Fred'. When you prepare a SQL statement that contains parameters, the SQL
is parsed, optimized, and prepared by the RDBMS, and then it is in an
internal form that is not human-readable. Then, when you provide a value
via the execute() function, the RBDMS doesn't need to put quotes around the
value or re-parse the SQL; it puts the value directly into that internal
data structure that represents the prepared query, and executes the query.
Regards,
Bill K.