pass variable into where mysql

Question

Cannot get the query to run, throwing error on the @searchin variable. Probably very simple but cannot see it.

set @search = "chip";
set @searchin = "CompanyName";

select * from con_search where @searchin like concat ('%',@search,'%')

Is `@Searchin` supposed to be a column name? This needs to be dynamic sql, if so. — SS_DBA, Dec 19 '17 at 16:20

score 0 · Accepted Answer · answered Dec 20 '17 at 10:08

This will work, however you should sanatize the data going into it

set @search = 'chip';
set @searchin = 'CompanyName';
set @SQL = CONCAT("SELECT * FROM con_search WHERE `", @searchin, "` LIKE CONCAT('%'", @search, "'%');";
PREPARE stmt1 FROM @SQL;
EXECUTE stmt1;

pass variable into where mysql

1 Answers1