MySQL 查询字符串包含

发布于 2024-08-28 12:37:44 字数 328 浏览 4 评论 0原文

我一直在试图弄清楚如何使用 MySQL 进行查询，检查某个列中的值（字符串 $haystack ）是否包含某些数据（字符串 $needle >)，像这样：

SELECT *
FROM `table`
WHERE `column`.contains('{$needle}')

在 PHP 中，该函数被称为 substr($haystack, $needle)，所以也许：

WHERE substr(`column`, '{$needle}')=1

原文

I've been trying to figure out how I can make a query with MySQL that checks if the value (string $haystack ) in a certain column contains certain data (string $needle), like this:

SELECT *
FROM `table`
WHERE `column`.contains('{$needle}')

In PHP, the function is called substr($haystack, $needle), so maybe:

WHERE substr(`column`, '{$needle}')=1

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

画骨成沙 2024-09-04 12:37:45

实际上非常简单：

SELECT *
FROM `table`
WHERE `column` LIKE '%{$needle}%'

% 是任何字符集（无、一个或多个）的通配符。请注意，这在非常大的数据集上可能会变慢，因此如果您的数据库增长，您将需要使用全文索引。

Quite simple actually:

SELECT *
FROM `table`
WHERE `column` LIKE '%{$needle}%'

The % is a wildcard for any characters set (none, one or many). Do note that this can get slow on very large datasets so if your database grows you'll need to use fulltext indices.

回复收藏 0 原文

離殇 2024-09-04 12:37:45

使用：

SELECT *
  FROM `table`
 WHERE INSTR(`column`, '{$needle}') > 0

参考：

INSTR

Use:

SELECT *
  FROM `table`
 WHERE INSTR(`column`, '{$needle}') > 0

Reference:

INSTR

回复收藏 0 原文

⒈起吃苦の倖褔 2024-09-04 12:37:45

WHERE `column` LIKE '%$needle%'

WHERE `column` LIKE '%$needle%'

回复收藏 0 原文

贪恋 2024-09-04 12:37:45

我的是使用 LOCATE：

查找（子字符串，字符串），查找（子字符串，字符串，位置）

此函数是多字节安全的，并且仅当至少一个参数是二进制字符串时才区分大小写。

在你的情况下：

SELECT * FROM `table`
WHERE LOCATE('{$needle}', `column`) > 0

Mine is using LOCATE in mysql:

LOCATE(substr,str), LOCATE(substr,str,pos)

This function is multi-byte safe, and is case-sensitive only if at least one argument is a binary string.

In your case:

SELECT * FROM `table`
WHERE LOCATE('{$needle}', `column`) > 0

回复收藏 0 原文

姐不稀罕 2024-09-04 12:37:45

除了@WoLpH 的回答。

使用 LIKE 关键字时，您还可以限制字符串匹配的方向。例如：

如果您正在查找以 $needle 开头的字符串：

... WHERE column LIKE '{$needle}%'

如果您正在查找以 $needle 结尾的字符串：

... WHERE column LIKE '%{$needle}'

In addition to the answer from @WoLpH.

When using the LIKE keyword you also have the ability to limit which direction the string matches. For example:

If you were looking for a string that starts with your $needle:

... WHERE column LIKE '{$needle}%'

If you were looking for a string that ends with the $needle:

... WHERE column LIKE '%{$needle}'

回复收藏 0 原文

北笙凉宸 2024-09-04 12:37:45

您可能正在寻找 find_in_set 函数：

Where find_in_set($needle,'column') > 0

此函数的作用类似于 in_array< PHP 中的 /code>函数

You probably are looking for find_in_set function:

Where find_in_set($needle,'column') > 0

This function acts like in_array function in PHP

回复收藏 0 原文

心作怪 2024-09-04 12:37:45

请注意，这很危险：

WHERE `column` LIKE '%{$needle}%'

首先执行：

$needle = mysql_real_escape_string($needle);

这样可以防止可能的攻击。

be aware that this is dangerous:

WHERE `column` LIKE '%{$needle}%'

do first:

$needle = mysql_real_escape_string($needle);

so it will prevent possible attacks.

回复收藏 0 原文

此生挚爱伱 2024-09-04 12:37:45

接受的答案对于 MySQL 来说是正确的，但由于问题是使用：

变量，
似乎使用 {$needle} 作为替换标签，并且
它提到了 PHP

，看来作者想使用 PHP 构建 MySQL 查询。

由于这个问题是 12 年前提出的，当前的做法是使用预先准备好的语句来防止SQL注入。

以下是 PHP 的示例：

function check_connection ($user, $pass, $db = 'test', $host = '127.0.0.1', $charset = 'utf8mb4') {
     if (isset($GLOBALS['conn']) && is_object($GLOBALS['conn']) && ($GLOBALS['conn'] instanceof PDO)) {
          if (same_database($db) === true) {
               $connection = &$GLOBALS['conn']; 
          }
          else {
               $GLOBALS['conn'] = pdo_connect($user, $pass, $db, $host, $charset);
               $connection = &$GLOBALS['conn'];       
          }
     }
     else {
          $GLOBALS['conn'] = pdo_connect($user, $pass, $db, $host, $charset);
          $connection = &$GLOBALS['conn'];
     }

     return $connection;
}

function pdo_connect ($user, $pass, $db, $host, $charset){    
     $dsn = "mysql:host=$host;dbname=$db;charset=$charset";
     $options = [
       PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
       PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC
     ];
     try {
       return new PDO($dsn, $user, $pass, $options);
     } 
     catch (\PDOException $e) {
       throw new \PDOException($e->getMessage(), (int)$e->getCode());
     }
}

function same_database($db) {
    if (isset($GLOBALS['conn']) && is_object($GLOBALS['conn']) && ($GLOBALS['conn'] instanceof PDO)) {
        $sql = "SELECT DATABASE() AS 'database'";
        $sth = $GLOBALS['conn']->prepare($sql);
        $sth->execute();
        if (strcasecmp(trim($sth->fetchAll(PDO::FETCH_ASSOC)['0']['database']), trim($db)) === 0) { 
            return true;
        }
    }

    return false;
}
    
$conn = check_connection($user, $pass, $db, $host, $charset);

$sql = "
     SELECT *
     FROM `table`
     WHERE `column` like :needle
";

// Concatenating the % wildcard before and after our search variable
$bind = array(
     ':needle' => '%'.$needle.'%'
);

$sth = $conn->prepare($sql);
$sth->execute($bind);

// Being redundant about fetch_assoc incase it was not set in pdo() options
$result = $sth->fetchAll(PDO::FETCH_ASSOC);

// You would use rowCount(), instead of fetchAll(), if it is NOT a SELECT statement
// $sth->rowCount();

print_r($result);

以下是用于构建 PHP PDO 语句的两个资源：

The accepted answer would be correct for MySQL alone, but since the question is using:

a variable,
appears to be using {$needle} as a replacement tag, and
it mentions PHP

it appears the author wanted to construct the MySQL query using PHP.

Since the question was asked 12 years ago, current practice would be to use preprepared statements to prevent SQL injection.

Here is an example with PHP:

function check_connection ($user, $pass, $db = 'test', $host = '127.0.0.1', $charset = 'utf8mb4') {
     if (isset($GLOBALS['conn']) && is_object($GLOBALS['conn']) && ($GLOBALS['conn'] instanceof PDO)) {
          if (same_database($db) === true) {
               $connection = &$GLOBALS['conn']; 
          }
          else {
               $GLOBALS['conn'] = pdo_connect($user, $pass, $db, $host, $charset);
               $connection = &$GLOBALS['conn'];       
          }
     }
     else {
          $GLOBALS['conn'] = pdo_connect($user, $pass, $db, $host, $charset);
          $connection = &$GLOBALS['conn'];
     }

     return $connection;
}

function pdo_connect ($user, $pass, $db, $host, $charset){    
     $dsn = "mysql:host=$host;dbname=$db;charset=$charset";
     $options = [
       PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
       PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC
     ];
     try {
       return new PDO($dsn, $user, $pass, $options);
     } 
     catch (\PDOException $e) {
       throw new \PDOException($e->getMessage(), (int)$e->getCode());
     }
}

function same_database($db) {
    if (isset($GLOBALS['conn']) && is_object($GLOBALS['conn']) && ($GLOBALS['conn'] instanceof PDO)) {
        $sql = "SELECT DATABASE() AS 'database'";
        $sth = $GLOBALS['conn']->prepare($sql);
        $sth->execute();
        if (strcasecmp(trim($sth->fetchAll(PDO::FETCH_ASSOC)['0']['database']), trim($db)) === 0) { 
            return true;
        }
    }

    return false;
}
    
$conn = check_connection($user, $pass, $db, $host, $charset);

$sql = "
     SELECT *
     FROM `table`
     WHERE `column` like :needle
";

// Concatenating the % wildcard before and after our search variable
$bind = array(
     ':needle' => '%'.$needle.'%'
);

$sth = $conn->prepare($sql);
$sth->execute($bind);

// Being redundant about fetch_assoc incase it was not set in pdo() options
$result = $sth->fetchAll(PDO::FETCH_ASSOC);

// You would use rowCount(), instead of fetchAll(), if it is NOT a SELECT statement
// $sth->rowCount();

print_r($result);

Here are two resources for building PHP PDO statements:

回复收藏 0 原文

~没有更多了~