我刚开始学习phpMyAdmin和mysql。 这里有一个问题:我想在我的"学生"表中选择一些东西,它回显结果。 但是当我检查时,它返回 0 行用于搜索。 但我的数据库中有它。这是我的代码:
$conn = new mysqli($servername, $username, $password, $dbname);
$params="@name varchar(30)";
$paramslist="@name='$name%";
$sql = "SELECT name,address,city,birthday FROM student WHERE NAME=@NAME";
$dbsql = "EXEC sp_executesql
N'$sql',
N'$params',
$paramslist";
$result = $conn->query($sql);
ECHO $result->num_rows;
我不知道问题出在哪里。谢谢你的帮助。
$sql = "SELECT name,address,city,birthday FROM student WHERE name=".$name;
$result = $conn->query($sql);
echo $result->num_rows();
这是对
我有用的预准备语句
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$name='Veshraj Joshi';
$stmt = $conn->prepare("SELECT name,address,city,birthday FROM student WHERE NAME=?");
/* bind parameters for markers */
$stmt->bind_param("s", $name);
/* execute query */
$stmt->execute();
$result = $stmt->get_result();
/* now you can fetch the results into an array */
while ($student = $result->fetch_assoc()) {
// use your $student array as you would with any other fetch
echo $student['address'].'<br>';
}
下面使用预准备语句。在包含用户输入时,应始终使用预准备语句,以防止 SQL 注入攻击。
每次执行fetch()
时,结果都绑定到bind_result()
指定的变量
$conn = new mysqli($servername, $username, $password, $dbname);
$query = "SELECT name,address,city,birthday FROM student WHERE name=?";
$stmt = $conn->prepare($query);
$searchTerm = "%$name%";
$stmt->bind_param('s', $searchTerm);
$stmt->execute();
$stmt->bind_result($resultName, $resultAddress, $resultCity, $resultBirthday);
while($stmt->fetch())
{
echo $resultName . " " . $resultAddress . " " . $resultCity . "<br/>";
}