如何在自定义 PDO 查询中转义 'LIKE' 语句
How to escape 'LIKE' statement in custom PDO query
我有一个自定义 OOP 查询对象,其中包含用于 MySQL 查询的准备好的语句。问题是我有一个 LIKE 语句不允许我使用准备好的语句插入数据。
这种情况下如何转义数据?这是我的代码:
$search_q = !empty($search) ? "AND `title` LIKE '%?%'" : "";
$items = DB::fetch("SELECT `title` FROM `products` WHERE `active` = 1 $search_q;", array($start));
您需要将通配符匹配字符放在占位符中,而不是在查询中,所以不要这样做:
$search = 'find this string';
$db::query("SELECT ... FROM table WHERE col LIKE '%?%' ");
你做到了:
$search = '%find this string%';
$db::query("SELECT ... FROM table WHERE col LIKE ? ");
First result in Google serp
$query = $database->prepare('SELECT * FROM table WHERE column LIKE ?');
$query->execute(array('value%'));
while ($results = $query->fetch())
{
echo $results['column'];
}
我有一个自定义 OOP 查询对象,其中包含用于 MySQL 查询的准备好的语句。问题是我有一个 LIKE 语句不允许我使用准备好的语句插入数据。
这种情况下如何转义数据?这是我的代码:
$search_q = !empty($search) ? "AND `title` LIKE '%?%'" : "";
$items = DB::fetch("SELECT `title` FROM `products` WHERE `active` = 1 $search_q;", array($start));
您需要将通配符匹配字符放在占位符中,而不是在查询中,所以不要这样做:
$search = 'find this string';
$db::query("SELECT ... FROM table WHERE col LIKE '%?%' ");
你做到了:
$search = '%find this string%';
$db::query("SELECT ... FROM table WHERE col LIKE ? ");
First result in Google serp
$query = $database->prepare('SELECT * FROM table WHERE column LIKE ?');
$query->execute(array('value%'));
while ($results = $query->fetch())
{
echo $results['column'];
}