MySQL之类的查询无法正常工作？

Question

I have a successful connection made in PDO to my MySQL database and I am currently trying to get it to query the database for itmes LIKE the search query.

<?php
include ('connection.php');

function doSearch() {
    $output = '';
    if(isset($_POST['search'])) {
        $searchq = $_POST['search'];
        $searchq = preg_replace ("#[^0-9a-z]#i","",$searchq);
    $sql = "SELECT * FROM entries WHERE name LIKE :searchq or description LIKE :searchq or content LIKE :searchq";

    global $conn;
    $stmt = $conn->prepare($sql);
    $stmt->bindParam(":searchq",$searchq,PDO::PARAM_STR);
    $stmt->execute();
    $count = $stmt->rowCount();
 if($count == 0) {
            $output = 'No results found, buddy.';
        } else {
            while($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
                $eName = $row['name'];
                $eDesc = $row['description'];
                $eCont = $row['content'];
                $id = $row['id'];
                $elvl = $row['level'];
                $ehp = $row['hp'];

                $output .= '<tr><td><a href="http://ccc.aaaa.whatever/' .$eName. '" onclick="document.linkform.submit();">'.$eName.'</a></td><td>'.$eDesc.'</td><td>'.$elvl.'</td><td>'.$ehp.'</td></tr>';
            }
        }            

    return $output;
    }
 }
?>

I am struggling to get it to search. Unless the query exactly matches only the name, it doesn't show any results.

Answer 1

The LIKE operator does not do partial matches unless specifically instructed to. Perhaps you meant to prepend/append a % wildcard symbol to the search string:

$searchq = '%' . $searchq . '%';

Answer 2

I don't see anything wrong in the SQL text of the query.

The simplest explanation is that the SQL you are expecting to be sent to the database isn't what is being sent.

I suggest you give this a try:

use unique bind variable names in the statement, use each bind variable only once.

There used to be a bug in PDO with named bind variables (not sure if that's fixed of not. Under the covers, the named bind parameters were getting converted to positional notation, and when the same bind variable two or more times, the query being sent to MySQL wasn't what we expected.

For example:

 $sql = "SELECT e.* 
           FROM entries e
          WHERE e.name        LIKE :searchq1
             OR e.description LIKE :searchq2
             OR e.content     LIKE :searchq3";

$stmt = $conn->prepare($sql);
$stmt->bindParam(":searchq1",$searchq,PDO::PARAM_STR);
$stmt->bindParam(":searchq2",$searchq,PDO::PARAM_STR);
$stmt->bindParam(":searchq3",$searchq,PDO::PARAM_STR);

When we encountered the problem, we weren't using server side prepared statements, just regular client side prepares; the SQL sent to the server included literals, not placeholders. Turning on the general_log in MySQL allowed us to see the actual SQL statements that were being sent to the database.

You might be encountering the same problem. But I'd recommend this as a step in debugging the problem, at least to verify it isn't the problem.