Anyone know how to combine PHP prepared statements with LIKE? i.e.
"SELECT * FROM table WHERE name LIKE %?%";
可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试):
问题:
回答1:
The % signs need to go in the variable that you assign to the parameter, instead of in the query.
I don't know if you're using mysqli or PDO, but with PDO it would be something like:
$st = $db->prepare("SELECT * FROM table WHERE name LIKE ?");
$st->execute(array('%'.$test_string.'%'));
EDIT :: For mysqli user the following.
$test_string = '%' . $test_string . '%';
$st->bind_param('s', $test_string);
$st->execute();
回答2:
You can use the concatenation operator of your respective sql database:
# oracle
SELECT * FROM table WHERE name LIKE '%' || :param || '%'
# mysql
SELECT * from table WHERE name LIKE CONCAT('%', :param, '%')
I'm not familar with other databases, but they probably have an equivalent function/operator.
回答3:
You could try something like this:
"SELECT * FROM table WHERE name LIKE CONCAT(CONCAT('%',?),'%')"
回答4:
in PHP using MYSQLI you need to define a new parameter which will be declared as:
$stmt = mysqli_prepare($con,"SELECT * FROM table WHERE name LIKE ?");
$newParameter='%'.$query.'%';
mysqli_stmt_bind_param($stmt, "s", $newParameter);
mysqli_stmt_execute($stmt);
this works for me..
回答5:
For me working great, I've looked for answer hours, thx.
$dbPassword = "pass";
$dbUserName = "dbusr";
$dbServer = "localhost";
$dbName = "mydb";
$connection = new mysqli($dbServer, $dbUserName, $dbPassword, $dbName);
if($connection->connect_errno)
{
exit("Database Connection Failed. Reason: ".$connection->connect_error);
}
$tempFirstName = "reuel";
$sql = "SELECT first_name, last_name, pen_name FROM authors WHERE first_name LIKE CONCAT(CONCAT('%',?),'%')";
//echo $sql;
$stateObj = $connection->prepare($sql);
$stateObj->bind_param("s",$tempFirstName);
$stateObj->execute();
$stateObj->bind_result($first,$last,$pen);
$stateObj->store_result();
if($stateObj->num_rows > 0) {
while($stateObj->fetch()){
echo "$first, $last \"$pen\"";
echo '<br>';
}
}
$stateObj->close();
$connection->close();
回答6:
I will just adapt Chad Birch's answer for people like me who are used to utilize bindValue(...) for PDO:
$st = $db->prepare("SELECT * FROM table WHERE name LIKE :name");
$st->bindValue(':name','%'.$name.'%',PDO::PARAM_STR);
$st->execute();
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 女痞 的文章《Combine PHP prepared statments with LIKE》','https://www.manongdao.com/article-102896.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}