在准备好的语句中使用LIKE'％{$ var}％'的正确方法? [mysqli] [英] Correct way to use LIKE '%{$var}%' with prepared statements? [mysqli]

问题描述

这不起作用

$sql = 'SELECT * FROM `users` WHERE username LIKE \'%{?}%\' ';

警告:mysqli_stmt :: bind_param():变量数量与第1行/home/rgero/public_html/php/searchadmins.php中已准备好的语句中的参数数量不符

Warning: mysqli_stmt::bind_param(): Number of variables doesn't match number of parameters in prepared statement in /home/rgero/public_html/php/searchadmins.php on line 1

这也不起作用

$sql = 'SELECT * FROM `users` WHERE username LIKE %{?}% ';

严重错误:错误的SQL:SELECT * FROM users WHERE username LIKE％{?}％Error:0在第1行的/home/rgero/public_html/php/searchadmins.php中

Fatal error: Wrong SQL: SELECT * FROM users WHERE username LIKE %{?}% Error: 0 in /home/rgero/public_html/php/searchadmins.php on line 1

我将如何处理?我正在尝试搜索播放器功能，以在您在表单中输入内容时更新结果，例如google在输入时已经显示了答案.如果您输入dm，我需要用户名Admin，以使其已经在包含"dm"的其他用户名中显示出来.还应该不区分大小写

How would I go about this? I'm trying to make a search for players function that updates the results as you're typing in the form, something like how google already shows answers while you're typing. I need for the username Admin , if you type dm, to show it already among other usernames that contain "dm". It should also be case insensitive

推荐答案

尝试一下

$likeVar = "%" . $yourParam . "%";
$stmt = $mysqli->prepare("SELECT * FROM REGISTRY where name LIKE ?");
$stmt->bind_param("s", $likeVar);
$stmt->execute();

您只需要使用?准备查询，然后使用bind_param绑定参数.

you need to prepare the query using simply ? then you bind the param using bind_param.

这篇关于在准备好的语句中使用LIKE'％{$ var}％'的正确方法? [mysqli]的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！