[英]how to use placeholders in mysql queries from php
I am trying to make a prepared query like this one: 我正在尝试进行这样的准备查询:
$stmt=$mysqli->prepare("SELECT zonasrepartoid, calle, municipio, codigopostal FROM zonasreparto WHERE municipio like concat('%',:m,'%')")
$stmt->bind_param(':m',$incity);
$stmt->execute();
I have tried to use the % many times in different ways, but i have no more ideas of how to use it, just to make it work. 我试图以不同的方式多次使用%,但是我没有更多关于如何使用它的想法,只是使它起作用。 If any one could tell me what is wrong i would appreciate that.
如果有人能告诉我出什么问题了,我将不胜感激。
Thank you in advance! 先感谢您!
Surround your input by %
instead of putting it into the query: 用
%
括住您的输入,而不是将其放入查询中:
... WHERE municipio like ?")
$stmt->bind_param('s', '%' . $incity . '%');
The syntax of putting in named placeholders is supported by the PDO library, not MySQLi. PDO库(而不是MySQLi)支持放置命名占位符的语法。 With MySQLi, the first param indicates the type of variable (eg
i
= integer, s
= string, etc). 对于MySQLi,第一个参数指示变量的类型(例如,
i
=整数, s
=字符串等)。
It makes me wonder where did you get that idea of using ":letter" placeholders with raw mysqli. 这让我想知道您从何而来的将“:letter”占位符与原始mysqli一起使用的想法。
Nowhere in the manual can be seen such a syntax. 在手册的任何地方都找不到这样的语法。 The rest of your approach is okay.
其余方法都可以。
$sql = "SELECT zonasrepartoid, calle, municipio, codigopostal FROM zonasreparto
WHERE municipio like concat('%',?,'%')"
$stmt=$mysqli->prepare($sql);
$stmt->bind_param('s', $incity);
$stmt->execute();
You really, really, really need to exercise with manual examples instead of blindly shooting with random syntax. 您确实真的需要练习示例,而不是盲目地使用随机语法进行射击。 That's your main and the only problem.
那是您的主要也是唯一的问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.