如何将mysqli_fetch_array与准备好的语句一起使用 - how to use mysqli_fetch_array with prepared statements

how to use mysqli_fetch_array with prepared statements

所以每个人都告诉我要使用准备好的语句，但我现在不知道该怎么办。

 $stmt = mysqli_prepare($con, "SELECT * FROM search WHERE `name2` LIKE '?' AND `approved`='approved'");
mysqli_stmt_bind_param($stmt, 's', $name);
/* execute prepared statement */
mysqli_stmt_execute($stmt);

这是我的代码，我如何像一样从中生成数组

while ($row=mysqli_fetch_array($result))

来自未准备好的

很高兴看到您决定使用PDO！

//using MySQL
//refer here for reference http://www.php.net/manual/en/ref.pdo-mysql.php
$pdo = new PDO('mysql:host=xxx;port=xxx;dbname=xxx', $username, $password)
//write query
$sql = "SELECT * FROM search WHERE `name2` LIKE '?' AND `approved`='approved'";
//tell query what to replace ? marks with
$fill_array = array($name); // one item in array for the one ? in $sql above
//send query to DB for preparation
$prepare = $pdo->prepare($sql);
//send variables to DB, DB will bind them to the proper place and execute query
$prepare->execute($fill_array);
//get your array. I personally recommend PDO::FETCH_ASSOC but you are using ARRAY
$result = $prepare->fetchAll(PDO::FETCH_ARRAY);
echo '<pre>'.print_r($result, true).'</pre>';

哇！

请注意，您将不得不编写代码来转义$name并检查诸如%符号和下划线之类的内容，因为如果有人真的键入%，那么like语句将返回approved="approved"的所有记录