使用 pdo、mysql 和 php 进行搜索
我正在尝试使用 PDO,想知道以下是否是搜索关键字的正确代码,因为它给了我一个错误: mysql_real_escape_string(): [2002] 连接尝试失败,因为连接的主机未能
php class:
public function searchQuotes()
{
$search = mysql_real_escape_string($_POST['search']);
$sql = "SELECT cQuotes, vAuthor, cArabic, vReference FROM thquotes WHERE cQuotes LIKE '% :search %' ORDER BY idQuotes DESC";
try {
$query = $this->_db->prepare($sql);
$query->bindParam(':search', $search, PDO::PARAM_STR);
$query->execute();
if(!$query->rowCount()==0)
{
while($row = $query->fetch())
{
echo $this->formatSearch($row);
}
}
else
{
echo "No results found!";
}
$query->closeCursor();
}
catch (Exception $ex){
echo "Something went wrong " . $ex;
}
}
public function formatSearch($row)
{
$cQuote = highlightWords(htmlspecialchars($row['cQuotes']), $search);
return "<p id=\"s_arabic\">" . $this->h($row['cArabic']) . "</p><br />"
. "<p id=\"s_quotes\"><q> " . $cQuote . " </q></p><br />"
. "<p id=\"s_author\"><b>-</b> " . $this->h($row['vAuthor']) . "</p><br />"
. "<p id=\"s_reference\"><span class=\"source\">Source:</span> " . $this->h($row['vReference']) . "</p>";
}
php page:
if (isset($_POST['search']))
$quotes->searchQuotes();
else
$quotes->displayQuotes();
displayQuotes() 显示引号很好,所以我假设连接本身没有问题。
i'm trying my hand with PDO and would like to know if the following is the correct code to search keywords since it's giving me an error: mysql_real_escape_string(): [2002] A connection attempt failed because connected host has failed to respond.
php class:
public function searchQuotes()
{
$search = mysql_real_escape_string($_POST['search']);
$sql = "SELECT cQuotes, vAuthor, cArabic, vReference FROM thquotes WHERE cQuotes LIKE '% :search %' ORDER BY idQuotes DESC";
try {
$query = $this->_db->prepare($sql);
$query->bindParam(':search', $search, PDO::PARAM_STR);
$query->execute();
if(!$query->rowCount()==0)
{
while($row = $query->fetch())
{
echo $this->formatSearch($row);
}
}
else
{
echo "No results found!";
}
$query->closeCursor();
}
catch (Exception $ex){
echo "Something went wrong " . $ex;
}
}
public function formatSearch($row)
{
$cQuote = highlightWords(htmlspecialchars($row['cQuotes']), $search);
return "<p id=\"s_arabic\">" . $this->h($row['cArabic']) . "</p><br />"
. "<p id=\"s_quotes\"><q> " . $cQuote . " </q></p><br />"
. "<p id=\"s_author\"><b>-</b> " . $this->h($row['vAuthor']) . "</p><br />"
. "<p id=\"s_reference\"><span class=\"source\">Source:</span> " . $this->h($row['vReference']) . "</p>";
}
php page:
if (isset($_POST['search']))
$quotes->searchQuotes();
else
$quotes->displayQuotes();
displayQuotes() displays the quotes fine, so I'm assuming nothing is wrong with the connection in itself.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
使用 PDO 和绑定参数/准备好的语句,您不需要转义字符串。无论您如何设置,PDO 都会自动为您转义。
由于您使用的是 PDO,因此您没有使用 mysql_connect 驱动程序,因此您无法使用 real_escape_string 函数,因为它需要使用 mysql_connect 与 mysql 服务器建立有效连接。
编辑:
不确定这个 if 语句,但它可能有问题:
最好使用 imo.这可能是也可能不是问题。另一个问题是您应该检查错误信息并提醒自己如果在某些方面出现错误。
With PDO and binding params / prepared statements you do not need to escape strings. How you have it setup, PDO should automatically escape it for you.
Since you are using PDO, you are not using the mysql_connect driver and thus you cannot use the real_escape_string function as it requires a valid connection to the mysql server, using the mysql_connect.
EDIT:
Not sure about this if statement, but it could be problematic:
Would be better to use imo. It may or may not be the problem. The other issue is you should be checking the error information and alert yourself if there is an error in some way.
如果您使用 PDO 准备语句,则不必使用 mysql_real_escape_string()
You don't have to use mysql_real_escape_string() in case you're using PDO prepared statements