stackoom
  简体   繁体   中英

Using wildcards in prepared statement

 原文  2009-08-29 18:03:04       php/ mysqli/ prepared-statement/ wildcard

Question

I'm trying to run the following query, and I'm having trouble with the wildcard.

function getStudents() {
    global $db;
    $users = array();
    $query = $db->prepare("SELECT id, adminRights FROM users WHERE classes LIKE ? && adminRights='student'");
    $query->bind_param('s', '%' . $this->className . '%');
    $query->execute();
    $query->bind_result($uid, $adminRights);
    while ($query->fetch()) {
        if (isset($adminRights[$this->className]) && $adminRights[$this->className] == 'student')
            $users[] = $uid;
    }
    $query->close();
    return $users;
}

I'm getting an error that states:

Cannot pass parameter 2 by reference.

The reason I need to use the wildcard is because the column's data contains serialized arrays. I guess, if there's an easier way to handle this, what could I do?

4 answers

solution1
 18 ACCPTED  2009-08-29 18:08:06

You have to pass parameters to bind_param() by reference, which means you have to pass a single variable (not a concatenated string). There's no reason you can't construct such a variable specifically to pass in, though: 

$className = '%' . $this->className . '%';
$query->bind_param('s', $className);

solution2
 11  2013-02-13 21:53:00

Another way to do this is: 

SELECT id, adminRights FROM users 
  WHERE classes LIKE CONCAT("%", ?, "%") && adminRights='student'

This is handy in case you have a dynamic result bind and only want to change the SQL query...

solution3
 5  2009-08-29 18:07:24

Parameter #2 must be a reference, not a value. Try 

$param = '%' . $this->className . '%';
$query->bind_param('s', $param);

solution4
 0  2010-06-06 16:58:22

It is the same reason that happens in C++. When you pass a value to a function which expects the argument to be a reference, you need a variable ( not temporary ). So first create a variable and then pass it.

solution5
 -5  2011-11-02 20:00:40

The existing answers didn't work for me so this is what I used instead: 

 $sql = mysql_query("SELECT * FROM `products` WHERE `product_title` LIKE '$userInput%'") or die(mysq_error());

And it work all the time.

and just to top it all I just tried the simplest form and it worked 

$sql = "SELECT * FROM `products` WHERE `product_title` LIKE '%".$userInput."%'";

I hope this helps

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question php mysqli prepared statement using wildcards Why Mysqli prepared statement does'nt escape wildcards (% and _) and Backslash ( \ )? Using a prepared statement in php & mysqli using nulls in a mysqli prepared statement PHP & MySQLi using prepared statement Using REGEXP inside mysqli prepared statement in PHP mysqli using select * with a prepared statement and query PHP Mysqli extension: Using IN keyword in a prepared statement Select distinct using mysqli prepared statement? update records in mysqli using prepared statement
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM