如何使用LIKE子句询问准备查询 [英] How to use prepare for query having LIKE clause ask
问题描述
请看下面的代码这与mysqli方法工作正常,但很容易sql注入所以我想使用准备但是喜欢我不能使用它
$ t = strtolower($ _ POST ['e']);
$ search_exploded = explode(,$ t);
$ construct ='';
foreach($ search_exploded as $ search_each){
$ construct。=AND title LIKE?;
}
$ query = $ conn-> prepare(SELECT * FROM vdo WHERE 1 $ construct);
$ query-> execute([%$ search_each%]);
$ found = $ query-> rowCount();
if($ found == 0){
echoNO Result Found;
}其他{
while($ row_id1 = $ query-> fetch(PDO :: FETCH_ASSOC)){
echo $ title = $ row_id1 ['title'];
}
我尝试了什么:
请看下面的代码这与mysqli方法工作正常但很容易sql注入所以我想使用准备但是为了LIKE我不能使用它
t = strtolower(
_POST ['e']);
search_exploded = explode(,
please see the below code this works fine with mysqli method but prone to sql injection so i want to use prepare but for LIKE i cant use it
$t=strtolower($_POST['e']);
$search_exploded = explode ( " ", $t );
$construct = '';
foreach( $search_exploded as $search_each ) {
$construct .="AND title LIKE ? ";
}
$query=$conn->prepare( "SELECT * FROM vdo WHERE 1 $construct ");
$query->execute(["%$search_each%"]);
$found=$query->rowCount();
if($found == 0){
echo "NO Result Found";
}else{
while($row_id1=$query->fetch(PDO::FETCH_ASSOC)){
echo $title=$row_id1['title'];
}
What I have tried:
please see the below code this works fine with mysqli method but prone to sql injection so i want to use prepare but for LIKE i cant use it
t=strtolower(
_POST['e']);
search_exploded = explode ( " ",
这篇关于如何使用LIKE子句询问准备查询的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
