最受欢迎

php中sql预处理语句出错

Error in sql prepared statement in php

本文关键字:语句 出错 预处理 sql php | 更新日期: 2023-09-27

我有以下代码,其中我在php中执行select查询,但我不知道准备好的语句,请纠正错误,

<?php
$link = mysqli_connect("localhost", "root", "", "world");
/* check connection */
if (mysqli_connect_errno()) {
    printf("Connect failed: %s'n", mysqli_connect_error());
    exit();
}
$lcSearcharr="Baby-Car-Seat";
foreach( $lcSearcharr as $lcSearchWord ){
$lcSearchWord = mysqli_real_escape_string($mysqli, $lcSearchWord);
$lcSearchWord = preg_replace('/%/', ''%', $lcSearchWord);
    $parts[] = '`Description` LIKE "%'.$lcSearchWord.'%"';
}

/* create a prepared statement */
if ($stmt = mysqli_prepare($link, 'SELECT * FROM xml WHERE  ('.implode ('AND',?).')')) {
    /* bind parameters for markers */
    /* Assumes userid is integer and category is string */
    mysqli_stmt_bind_param($stmt, "s", $parts);  
    /* execute query */
    mysqli_stmt_execute($stmt);
    /* bind result variables */
    mysqli_stmt_bind_result($stmt);
    /* fetch value */
    mysqli_stmt_fetch($stmt);
    /* Alternative, use a while:
    while (mysqli_stmt_fetch($stmt)) {
    }
    mysqli_stmt_close($stmt);
}
/* close connection */
mysqli_close($link);
?>

我有一个变量在开始时具有婴儿汽车座椅的价值。然后我把它们放在一个数组中,然后我用内爆函数执行select查询。该查询在没有预处理语句的情况下可以正常工作,但在使用预处理语句时不能正常工作。

尝试如下:

$lcSearcharr="Baby-Car-Seat";
foreach( $lcSearcharr as $lcSearchWord ){
$lcSearchWord = mysqli_real_escape_string($mysqli, $lcSearchWord);
$lcSearchWord = preg_replace('/%/', ''%', $lcSearchWord);
    $parts[] = $lcSearchWord;
}
$search = implode('|',$parts);
if ($stmt = mysqli_prepare($link, 'SELECT * FROM xml WHERE Description REGEXP ?'))
{
    mysqli_stmt_bind_param($stmt, "s", $search);  
    mysqli_stmt_execute($stmt);
    mysqli_stmt_bind_result($stmt);
    mysqli_stmt_fetch($stmt);
}
mysqli_close($link);

使用REGEX检查Description列。

$lcSearcharr="Baby-Car-Seat";
foreach( $lcSearcharr as $lcSearchWord ){
$lcSearchWord = mysqli_real_escape_string($mysqli, $lcSearchWord);
$lcSearchWord = preg_replace('/%/', ''%', $lcSearchWord);
    $parts[] = "%$lcSearchWord%";
}
$countSearchWords = count($parts);
$str = str_repeat('s', $countSearchWords); 
$q = array_fill(0,$countSearchWords,'Description LIKE ?');
$params = implode(' AND ',$q);
if ($stmt = mysqli_prepare($link, 'SELECT * FROM xml WHERE '.$params))
{
    mysqli_stmt_bind_param($stmt, $str, $parts);  
    mysqli_stmt_execute($stmt);
    mysqli_stmt_bind_result($stmt);
    mysqli_stmt_fetch($stmt);
}
mysqli_close($link);

这将做你想做的。分别加入$parts$params

('.implode ('AND',?).')语法无效。你不能那样使用?

相关文章:
最新更新
www.56WenDa.com 2012-2023 | php问答网 | php学习