stackoom
  简体   繁体   中英

How can I with mysqli make a query with LIKE and get all results?

 原文  2013-08-30 07:49:06       php/ sql/ mysqli/ sql-like

Question

This is my code but it dosn't work:

$param = "%{$_POST['user']}%";
$stmt = $db->prepare("SELECT id,Username FROM users WHERE Username LIKE ?");
$stmt->bind_param("s", $param);
$stmt->execute();
$stmt->bind_result($id,$username);
$stmt->fetch();

This code it doesn't seem to work. I have searched it a lot. Also it may return more than 1 row. So how can I get all the results even if it returns more than 1 row?

2 answers

solution1
 82 ACCPTED  2013-08-30 08:00:01

Here's how you properly fetch the result

$param = "%{$_POST['user']}%";
$stmt = $db->prepare("SELECT id,username FROM users WHERE username LIKE ?");
$stmt->bind_param("s", $param);
$stmt->execute();
$stmt->bind_result($id,$username);

while ($stmt->fetch()) {
  echo "Id: {$id}, Username: {$username}";
}

or you can also do:

$param = "%{$_POST['user']}%";
$stmt = $db->prepare("SELECT id, username FROM users WHERE username LIKE ?");
$stmt->bind_param("s", $param);
$stmt->execute();

$result = $stmt->get_result();
while ($row = $result->fetch_assoc()) {
    echo "Id: {$row['id']}, Username: {$row['username']}";
}

I hope you realise I got the answer directly from the manual here and here , which is where you should've gone first.

solution2
 42  2016-04-13 08:42:45

Updated

From comments it is found that LIKE wildcard characters ( _ and % ) are not escaped by default on Paramaterised queries and so can cause unexpected results.

Therefore when using "LIKE" statements, use this 'negative lookahead' Regex to ensure these characters are escaped :

$param = preg_replace('/(?<!\\\)([%_])/', '\\\$1',$param);

As an alternative to the given answer above you can also use the MySQL CONCAT function thus:

$stmt = $db->prepare("SELECT id,Username FROM users WHERE Username LIKE CONCAT('%',?,'%') ");
$stmt->bind_param("s", $param);
$stmt->execute();

Which means you do not need to edit your $param value but does make for slightly longer queries.

solution3
 0  2021-03-16 03:24:55

The answer is obviously outdated, you don't even need to use bind_param.

$querySql    = "SELECT * FROM table WHERE columnName LIKE :likeKeyWord";
$likeKeyWord = "%". $keyWord ."%";
$pdoStm      = $this -> db -> prepare($querySql);
$pdoStm -> execute([':likeKeyWord' => $likeKeyWord]);
return $pdoStm -> fetchAll();

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How Can I Get Query Results for a Date Range with a MySQLi prepared statement How to get number of results from a mysqli query? How can i make this mysqli query run faster in PHP? How To Run Mysqli query and get results from table where table Like % How can i do that mysqli query with PDO? How can I bind an argument to mysqli query? mysqli query results to show all rows How can I use mysqli / php to update all records after a query has already been executed? How can i get all the values in the query? get results of query using prepared statements mysqli
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM