I have a search query that uses a URL param.
I would like to insert this param into the query via place holder as this would be far more secure.
The way I am trying to do it is via the following:
$query->condition('a.dbl_title', '%' . ":search_term" . '%', 'LIKE', [':search_term' => $search_term]);
But this is not working and it looks like ‘:search_term’ is just blank.
How would I go about correctly assigning ‘:search_term’ to my variable $search_term??
Also, are there any other precautions I need to take with regards to sanatizing $search_term?