Below is an example for prepares statement with like MySql clause.
<?php $mysqli = new mysqli('localhost', 'user name', 'password','database'); /* check connection */ if (mysqli_connect_errno()) { printf("Connect failed: %s\n", mysqli_connect_error()); exit(); } // Our Query, I used LIMIT 10, you can delete LIMIT easily $query = "SELECT `Column1`, `Column2` FROM `tableName` WHERE `Col1` LIKE CONCAT('%', ?, '%') LIMIT 10"; // prepare statment $stmt = $mysqli->prepare($query); //getting parameter from get $q = $_GET["q"]; //binding parameter from query to any variable $stmt->bind_param('s', $q); // executing prepared statement $stmt->execute(); // binding results from the query to our custom defined variable // that are used to derive values from fetched data $stmt->bind_result($postUid,$postTitle); echo "<ul>"; // printing values while($stmt->fetch()) {?> <li> <a href="<?php echo $postUid?>"> <span><?php echo $postTitle?></span> </a> </li> <?php } /* close statement */ $stmt->close(); ?>