php - Prepared Statements - Yes I know it's a really discussed topic -

i know discussed thread, i've asked 1 question not long ago , it's topic discussed countless times.

but, i'm still trying secure web app using prepared statements.

truth is, never got work answers given, looking @ duplicate question, looking @ other questions , doing research.

it can't complex...

so, have lcl_events.php file, starts with:

<?php include 'config/config.php'; ?>  <?php include'libraries/database.php'; ?> 

the database.php file, looks this:

<?php  // create connection $mysqli= new mysqli($servername, $username, $password, $dbname); // check connection if ($mysqli->connect_errno) {     die("connection failed: " . mysqli_connect_error()); }  ?> 

the page loads fine, far (no problems here).

then, file has also:

<?php  $sql = "select *  companies company_name (?) or company_subcategory (?) or keywords (?) or description (?) , company_category = (?) , featured = `y` order date_created desc";  /* prepared statement, stage 1: prepare */ $stmt = $mysqli->prepare($sql); if(!$stmt) {     die("prepare failed: (" . $mysqli->errno . ") " . $mysqli->error); }  /* prepared statement, stage 2: bind , execute */ $target = $_get['target']; $company = $_get['company']; $category = $_get['category']; $target = '%'.$target.'%'; //this means data coming method can have words before and/or after  $bind_result = $stmt->bind_param("sssss", $target, $target, $target, $target, $category);  $execute_result = $stmt->execute(); if(!$execute_result) {     echo "execute failed: (" . $stmt->errno . ") " . $stmt->error; }  $result = $stmt->get_result(); while ($row = $result->fetch_assoc()) {}  /* explicit close recommended */ $stmt->close(); $mysqli->close(); 

the same process repeated 6 times throughout page.

(tried write query without round brackets around question mark.

the result following:

no errors appear in logs or using:

error_reporting(e_all);

ini_set('display_errors', '1');

note: i'm using phpstorm , no errors showing there.

tired of problem, it's taking quite long time is... appreciate help, want work.

posting comments community wiki answer, since solved in comments.

by qirel:

the first thing strikes me query failed, because

featured = `y`  

is in backticks. y column? if it's string, need use singlequotes '. also, worth seeing $stmt->error spits @ you. sidenote: (?) exact same ?, don't need parenthesis.

by myself:

btw, why brackets (?) these? you're treating direct function when it's core mysql method. brackets used subqueries. --- var_dump() query , you'll see what's happening (or not). make sure of operators meet query requirement. if 1 fails, whole lot will.

it's failing silently since ticks valid in query such, given "if" y column , trying match equaling featured column, being valid query, not case though.