如何使用 PDO 扩展绑定 LIKE 值？

发布于 2024-08-30 02:59:53 字数 506 浏览 4 评论 0原文

在此查询中，

select wrd from tablename WHERE wrd LIKE '$partial%'

我尝试将变量 '$partial%' 与 PDO 绑定。不确定最后的 % 是如何工作的。

是

select wrd from tablename WHERE wrd LIKE ':partial%'

:partial 绑定到 $partial="somet" 的地方

，还是

select wrd from tablename WHERE wrd LIKE ':partial'

:partial 绑定到 $ 的地方partial="somet%"

还是完全不同的东西？

原文

In this query

select wrd from tablename WHERE wrd LIKE '$partial%'

I'm trying to bind the variable '$partial%' with PDO. Not sure how this works with the % at the end.

Would it be

select wrd from tablename WHERE wrd LIKE ':partial%'

where :partial is bound to $partial="somet"

or would it be

select wrd from tablename WHERE wrd LIKE ':partial'

where :partial is bound to $partial="somet%"

or would it be something entirely different?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

摘星┃星的人 2024-09-06 02:59:54

您也可以说：

SELECT wrd FROM tablename WHERE wrd LIKE CONCAT(:partial, '%')

在 MySQL 端进行字符串连接，而不是在这种情况下有任何特殊原因。

如果您要查找的部分 wrd 本身可以包含百分号或下划线字符（因为这些字符对于 LIKE 运算符具有特殊含义）或反斜杠（MySQL 将其用作另一层），那么事情会变得有点棘手LIKE 运算符中的转义 — 根据 ANSI SQL 标准，这是错误的）。

希望这不会影响你，但如果你确实需要正确处理这种情况，这里有一个混乱的解决方案：

$stmt= $db->prepare("SELECT wrd FROM tablename WHERE wrd LIKE :term ESCAPE '+'");
$escaped= str_replace(array('+', '%', '_'), array('++', '+%', '+_'), $var);
$stmt->bindParam(':term', $escaped);

You could also say:

SELECT wrd FROM tablename WHERE wrd LIKE CONCAT(:partial, '%')

to do the string joining at the MySQL end, not that there's any particular reason to in this case.

Things get a bit more tricky if the partial wrd you are looking for can itself contain a percent or underscore character (since those have special meaning for the LIKE operator) or a backslash (which MySQL uses as another layer of escaping in the LIKE operator — incorrectly, according to the ANSI SQL standard).

Hopefully that doesn't affect you, but if you do need to get that case right, here's the messy solution:

$stmt= $db->prepare("SELECT wrd FROM tablename WHERE wrd LIKE :term ESCAPE '+'");
$escaped= str_replace(array('+', '%', '_'), array('++', '+%', '+_'), $var);
$stmt->bindParam(':term', $escaped);

回复收藏 0 原文

独孤求败 2024-09-06 02:59:54

$var = "partial%";
$stmt = $dbh->prepare("select wrd from tablename WHERE wrd LIKE :partial");
$stmt->bindParam(":partial", $var);
$stmt->execute(); // or $stmt->execute(array(':partial' => $var)); without 
                  // first calling bindParam()
$rs = $stmt->fetchAll();

使用问号参数：

$stmt = $dbh->prepare('select wrd from tablename WHERE wrd LIKE ?');
$stmt->execute(array('partial%'));
$rs = $stmt->fetchAll();

http://www.php.net/manual/en/ pdo.prepare.php

$var = "partial%";
$stmt = $dbh->prepare("select wrd from tablename WHERE wrd LIKE :partial");
$stmt->bindParam(":partial", $var);
$stmt->execute(); // or $stmt->execute(array(':partial' => $var)); without 
                  // first calling bindParam()
$rs = $stmt->fetchAll();

Using question mark parameters:

$stmt = $dbh->prepare('select wrd from tablename WHERE wrd LIKE ?');
$stmt->execute(array('partial%'));
$rs = $stmt->fetchAll();

http://www.php.net/manual/en/pdo.prepare.php

回复收藏 0 原文

最笨的告白 2024-09-06 02:59:54

您可以在准备好的语句之前使用 addcslashes 。我在mysql上测试过。

$value = addcslashes($value, '%');
$stmt = $db->prepare('select * from products where description like ?');
$stmt->execute(["$value%"]);

You can use addcslashes before prepared statement. I tested on mysql.

$value = addcslashes($value, '%');
$stmt = $db->prepare('select * from products where description like ?');
$stmt->execute(["$value%"]);

回复收藏 0 原文

-柠檬树下少年和吉他 2024-09-06 02:59:54

我认为接受的答案（@bobince）可以稍微简化一下。

您可以将其简化为类似这样的内容来处理参数中的下划线、百分比等，但仍然与部分% 的 LIKE 查询匹配：

$stmt = $dbh->prepare("select wrd from tablename WHERE wrd LIKE :partial");
$stmt->execute([":partial" => addcslashes($value, '_%') . "%"]);
$rows = $stmt->fetchAll();

I think the accepted answer (by @bobince) can be simplified a bit.

You can reduce it to something like this to handle underscore, percentage, etc in the param but still match the LIKE query with partial%:

$stmt = $dbh->prepare("select wrd from tablename WHERE wrd LIKE :partial");
$stmt->execute([":partial" => addcslashes($value, '_%') . "%"]);
$rows = $stmt->fetchAll();

回复收藏 0 原文

旧人九事 2024-09-06 02:59:54

这就是你应该做的，

bindValue(':partial', '%' . $_GET['partial'] . '%');

谢谢，

Qwerty

This is how you should do it

bindValue(':partial', '%' . $_GET['partial'] . '%');

Thanks,

Qwerty

回复收藏 0 原文

写下不归期 2024-09-06 02:59:54

下面的代码仅显示数据库中的第一个关键字！

"SELECT wrd FROM tablename WHERE wrd LIKE CONCAT(:partial, '%')"

如果您想从数据库中搜索所有关键字，请尝试此操作

"SELECT wrd FROM tablename WHERE wrd LIKE :partial";
$stmt->execute(array(':partial'=>'%'.$YourVarHere.'%'));

The below code it shows only the first keywords in the database!

"SELECT wrd FROM tablename WHERE wrd LIKE CONCAT(:partial, '%')"

Try this one if you want to search all the keywords from the database

"SELECT wrd FROM tablename WHERE wrd LIKE :partial";
$stmt->execute(array(':partial'=>'%'.$YourVarHere.'%'));

回复收藏 0 原文

蓝颜夕 2024-09-06 02:59:54

谁编写了答案（可能是 karim79）：

$var="部分%"
$stmt =$dbh->prepare("从表名中选择wrd WHERE wrd LIKE :partial")
$stmt->bindParam(":partial",$var)
$stmt->execute(); //或者$stmt->execute(array(':partial'=>$var));没有 
                  // 首先调用bindParam()
$rs =$stmt->fetchAll();

使用问号参数：

$stmt =$dbh->prepare('从表名中选择 wrd WHERE wrd LIKE ?');
$stmt->execute(array('partial%'));
$rs =$stmt->fetchAll();

非常感谢他。我正在寻找代码&看到了很多例子，但我无法解决我的问题。这次我成功做到了。我使用了代码的“使用问号参数：”部分。

对于其他人的帮助，如果您想从变量中检索值，您可以将代码更改为

$stmt->execute(array($variable.'%'));

而不是

$stmt->execute(array('partial%'));

因为单词“部分”在答案中指定并且无法更改。多谢。

Who has written the answare (may be karim79):

$var ="partial%"
$stmt =$dbh->prepare("select wrd from tablename WHERE wrd LIKE :partial")
$stmt->bindParam(":partial",$var)
$stmt->execute(); //or$stmt->execute(array(':partial'=>$var)); without 
                  // first calling bindParam()
$rs =$stmt->fetchAll();

Using question mark parameters:

$stmt =$dbh->prepare('select wrd from tablename WHERE wrd LIKE ?');
$stmt->execute(array('partial%'));
$rs =$stmt->fetchAll();

Many thanks to him. I was searching for the code & saw many examples, but i couldn't resolve my issue. This time I have succeed to do it. I used the 'Using question mark parameters:' section of the code.

For others help, if you want to retrieve the value from a variable you may change the code to