[英]PHP string variable in MySQL Like query
so I'm attempting to take in a PHP variable and do insert it into a simple sql query, but it's not working and I can't seem to figure out the issue. 因此,我尝试使用一个PHP变量并将其插入到简单的sql查询中,但是它无法正常工作,而且我似乎无法弄清问题所在。
NOTE: I know this code has security issues 注意:我知道此代码存在安全问题
staff_model.php file: staff_model.php文件:
function getSearches($searchterm) {
$sql = "SELECT *
FROM people
WHERE name
LIKE '%{$searchterm}%'";
$query = $this->db->query($sql);
return $query;
}
My table has several columns but it has columns like id, name, subject, type. 我的表有几列,但有ID,名称,主题,类型等列。 The way I get $searchterm is something like
我获得$ searchterm的方式类似于
var searchText = document.getElementById('custom-search-text').value;
in my javascript file and I'll pass it to users.php through 在我的javascript文件中,我将其通过传递给users.php
$.get(url+"/api/users/staff", {id: id, name: name, type: type, subject: subject, search: searchText})
Just to make sure everything else was working correctly, I hardcoded something for searchTerm (so something like $sql = "SELECT * FROM people WHERE name LIKE 'Matt'"
) and I did get the correct results. 为了确保其他所有功能均正常工作,我为searchTerm进行了硬编码(例如,
$sql = "SELECT * FROM people WHERE name LIKE 'Matt'"
),并且确实得到了正确的结果。
Something else I tried was $sql = "SELECT * FROM people WHERE name LIKE $searchTerm"
and this didn't work. 我尝试过的其他事情是
$sql = "SELECT * FROM people WHERE name LIKE $searchTerm"
,这不起作用。
Any ideas on how I can get it to work with wildcards? 关于如何使它与通配符一起使用的任何想法?
怎么样“ SELECT * FROM像“%”这样的人。$ searchterm。“%'”;
Try this $sql = "SELECT * FROM people WHERE name LIKE '%".$searchterm."%'"; 试试这个$ sql =“ SELECT * FROM名称类似”%“的人。$ searchterm。”%'“;
using . 使用。 as concatenating operator
作为连接运算符
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.