我正在尝试将类似的子句与PHP和MySQL一起使用参数化查询。每当我尝试时,我会遇到不同的错误。
我尝试从这里,这里和这里实现解决方案。这些中的每一个都在扔不同的错误,所以我恐怕问题是我缺少的东西。如果我在执行函数中尝试使用数组,则会从同步错误中获得命令。当我尝试绑定值或参数时,我会得到无法在字符串错误上绑定的。
我缺少我所缺少的东西。
感谢您的帮助!
<?
$access = 3;
$dbConnect = true;
require "../scripts/php/scriptSecurity.php";
// Partial name given by user.
$namePart = $_GET["namePart"];
// Deal with name parts. last, first middle or first middle last, or first last
if (strpos($namePart, ',') !== false){
$arr_name = explode(",", $namePart);
$lName = $arr_name[0];
if (strpos($arr_name[1], " ") !== false){
$firstName = substr($arr_name[1], 0, strpos($arr_name[1], " ", 1));
$middleName = substr($arr_name[1], strpos($arr_name[1], " ", 1));
}
}
elseif (strpos($namePart, " ") !== false){
$arr_name = explode(" ", $namePart);
if (sizeOf($arr_name) == 3) {
$fName = $arr_name[0];
$lName = $arr_name[3];
$mName = $arr_name[2];
}
elseif (sizeOf(arr_name) == 2) {
$fName = $arr_name[0];
$lName = $arr_name[1];
$mName = $arr_name[1];
}
else {
$fName = $namePart;
$mName = $namePart;
$lName = $namePart;
}
}
else {
$fName = $namePart;
$lName = $namePart;
$mName = $namePart;
}
// Get rid of extra spaces.
$fName = str_replace(" ", "", $fName);
$lName = str_replace(" ", "", $lName);
$mName = str_replace(" ", "", $mName);
// build query
$query = "SELECT LastName, FirstName, MiddleName, StudentId, Gender, Grade, GradYear FROM students WHERE LastName LIKE ? OR FirstName LIKE ? OR MiddleName LIKE ? ORDER BY LastName, FirstName LIMIT 20";
$stmt = $connect->prepare($query);
// execute
$stmt->execute(array('%'.$lName.'%', '%'.$fName.'%', '%'.$mName.'%'));
$result = $stmt->get_result();
// post results
if (!$result) {
echo $connect->error;
echo "No Results";
}
else {
echo "Results";
while ($row = $result->fetch_assoc()){
?>
<div><? echo $row["LastName"] . ", " . $row["FirstName"] . "(" . $row["StudentId"] . ")"?> </div>
<?php
}
}
?>
您以错误的方式通过param中的字符串传递,您可以使用最简单的方式使用Concat管理Wildchar并将纯Var分配为param
$query = "SELECT LastName, FirstName, MiddleName, StudentId, Gender, Grade, GradYear
FROM students
WHERE LastName LIKE concat('%',?, '%')
OR FirstName LIKE concat('%',?, '%')
OR MiddleName LIKE concat('%',?, '%')
ORDER BY LastName, FirstName
LIMIT 20";
$stmt = $connect->prepare($query);
// execute
$stmt->execute(array($lName, $fName, $mName));