set_charset("utf8"); // set character set to UTF-8 to due e.g. German special characters $sInput = $_GET['term']; // input term $sCallback = $_GET['callback']; // jsonp callback parameter // each input value separated by blank will be used as a separate search phrase $aInput = explode(' ', $sInput); $n = count($aInput); $sBindType = ''; // assemble the sql statement with parameters (faster and more secure as a simple concatinated statemant) for($i = 0; $i < $n; $i++) { $sBindType .= 's'; } $aBindPara = array(); $aBindPara[] = & $sBindType; for($i = 0; $i < $n; $i++) { $aInput[$i] = '%'.$aInput[$i].'%'; $aBindPara[] = & $aInput[$i]; } $sql = 'SELECT company, surname, givenname, street, country, zipcode, location FROM address WHERE'; for($i = 0; $i < $n; $i++) { if ($i > 0 ) $sql .= ' and '; $sql .= ' adrindex like ?'; } $stmt = $db->prepare($sql); // prepare statement call_user_func_array(array($stmt, 'bind_param'), $aBindPara); $stmt->execute(); // execute the statement $aResult = array(); if (method_exists($stmt,'get_result')) { // get_result exists, if you use the native driver $result = $stmt->get_result(); while($row=mysqli_fetch_assoc($result)){ // fetch the results $aResult[]=$row; } } else { // fallback, if the native driver doesn't exists $stmt->store_result(); for ( $i = 0; $i < $stmt->num_rows; $i++ ) { $meta = $stmt->result_metadata(); $aParams = array(); while ( $field = $meta->fetch_field() ) { $aParams[] = &$aResult[$i][$field->name]; } call_user_func_array( array( $stmt, 'bind_result' ), $aParams ); $stmt->fetch(); } } if (sizeof($aResult)) { // convert result to json and get back as jsonp-callback echo $sCallback.'('.json_encode($aResult).')'; } else { echo $sCallback.'([])'; } mysqli_stmt_close($stmt); // close the resources mysqli_close($db); ?>