可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效，请关闭广告屏蔽插件后再试):

问题:

I'm trying to make a prepared statement for a LIKE query using php's mysqli extension. But no matter what I try, I always get this error:

Fatal error: Problem preparing query (SELECT f.*,r.slug FROM `foods` AS f INNER JOIN `resturants` AS r ON f.`rest_id` = r.`rest_id` WHERE f.`name` LIKE CONCAT('%',"f", '%')) You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''%',"f", '%')' at line 4 in /path/to/class.mysqli.php on line 462

I have tried the following queries to no avail:
(The $s would be my string to search against.)

SELECT f.*,r.slug FROM `foods` AS f
INNER JOIN `resturants` AS r
ON f.`rest_id` = r.`rest_id`
WHERE f.`name` LIKE '%?%'

SELECT f.*,r.slug FROM `foods` AS f
INNER JOIN `resturants` AS r
ON f.`rest_id` = r.`rest_id`
WHERE f.`name` LIKE CONCAT('%', ?, '%')


SELECT f.*,r.slug FROM `foods` AS f
INNER JOIN `resturants` AS r
ON f.`rest_id` = r.`rest_id`
WHERE f.`name` LIKE CONCAT('%', {$s}, '%')


SELECT f.*,r.slug FROM `foods` AS f
INNER JOIN `resturants` AS r
ON f.`rest_id` = r.`rest_id`
WHERE f.`name` LIKE '%{$s}%'

Even:

sprintf("SELECT f.*,r.slug FROM `foods` AS f
INNER JOIN `resturants` AS r
ON f.`rest_id` = r.`rest_id`
WHERE f.`name` LIKE '%%%s%%'", $s)

Help me please, I'm getting frustrated.

回答1:

I would move expression after LIKE to variable:

$param = '%somestring%';

$sql = "SELECT f.*,r.slug FROM `foods` AS f
INNER JOIN `resturants` AS r
ON f.`rest_id` = r.`rest_id`
WHERE f.`name` LIKE ?"

UPDATE:

Maybe this will help

-- test.sql
CREATE TABLE supportContacts (
     id int auto_increment primary key, 
     type varchar(20), 
     details varchar(30)
);

INSERT INTO supportContacts
(type, details)
VALUES
('Email', 'admin@sqlfiddle.com'),
('Twitter', '@sqlfiddle');

<?php
// test.php
$mysqli = new mysqli("localhost", "root", "root", "test");
$sql = 'SELECT type FROM supportContacts WHERE type LIKE ?'; // here is only ?, no %

$stmt = $mysqli->prepare($sql);
$type = 'E%'; // and here you can put % sign
$stmt->bind_param('s', $type);
$stmt->execute();
$stmt->bind_result($result);
$stmt->fetch();
var_dump($result);