PdoStatement->bindParam() 上的字符串编码问题？

发布于 2024-08-20 16:06:34 字数 841 浏览 9 评论 0原文

我正在尝试从 $_REQUEST var 中获取的字符串执行简单的 SELECT 语句，但我的 PDO 语句似乎不喜欢该字符串格式，为什么？

我的 $_REQUEST var 包含像 Hello+World 这样的字符串，因此我需要用空格替换 + 来执行我的 SELECT 语句正确。

// the data returned is Hello+World
$phrase = str_replace ("+", " ", $_REQUEST["my_data"]);

$phrase_select = $connection->prepare ("SELECT data_field FROM my_table WHERE phrase = ':phrase'");
$phrase_select->bindParam (":phrase", $phrase, PDO::PARAM_STR);
$phrase_select->execute ();
$data_field = $phrase_select->fetchColumn (); // return nothing

如果我使用字符串“Hello+World”手动创建SELECT，它可以正常工作，但如果我使用$_REQUEST[“my_data”]执行此操作 它不起作用，我错在哪里？
如果我打印 $_REQUEST["my_data"] 它会准确返回 Hello+World

原文

I'm trying to perform a simple SELECT statement from a string taken from a $_REQUEST var but it seem my PDO statement doesn't like the string format, why?

My $_REQUEST var contains a string like Hello+World, so I need to replace + with whitespaces to do my SELECT statement correctly.

// the data returned is Hello+World
$phrase = str_replace ("+", " ", $_REQUEST["my_data"]);

$phrase_select = $connection->prepare ("SELECT data_field FROM my_table WHERE phrase = ':phrase'");
$phrase_select->bindParam (":phrase", $phrase, PDO::PARAM_STR);
$phrase_select->execute ();
$data_field = $phrase_select->fetchColumn (); // return nothing

If I make a SELECT manually with a string "Hello+World", it works without problems, but if I do it with $_REQUEST["my_data"] it won't work, where I'm wrong?
If I print $_REQUEST["my_data"] it return exactly Hello+World

分享到QQ

分享到微博