Question

所以每个人都告诉我使用准备好的陈述，但我现在不知道该怎么做。

 $stmt = mysqli_prepare($con, "SELECT * FROM search WHERE `name2` LIKE '?' AND `approved`='approved'");
mysqli_stmt_bind_param($stmt, 's', $name);

/* execute prepared statement */
mysqli_stmt_execute($stmt);

这是我的代码，如何从中创建数组

while ($row=mysqli_fetch_array($result))

来自未准备好的

Answer 1

很高兴看到你决定使用PDO！

//using MySQL
//refer here for reference http://www.php.net/manual/en/ref.pdo-mysql.php
$pdo = new PDO('mysql:host=xxx;port=xxx;dbname=xxx', $username, $password)

//write query
$sql = "SELECT * FROM search WHERE `name2` LIKE '?' AND `approved`='approved'";

//tell query what to replace ? marks with
$fill_array = array($name); // one item in array for the one ? in $sql above

//send query to DB for preparation
$prepare = $pdo->prepare($sql);

//send variables to DB, DB will bind them to the proper place and execute query
$prepare->execute($fill_array);

//get your array. I personally recommend PDO::FETCH_ASSOC but you are using ARRAY
$result = $prepare->fetchAll(PDO::FETCH_ARRAY);

echo '<pre>'.print_r($result, true).'</pre>';

瞧！

请注意，您不得不编写代码来转义$ name并检查％sign和underscores之类的内容，因为如果有人输入％，那么LIKE语句将返回所有已批准的记录='approved'

如何在预准备语句中使用mysqli_fetch_array

1 个答案: