为什么在使用直接值时会起作用?
$stmt = $db->prepare('SELECT tablename FROM database WHERE item = :item');
$stmt->execute(array('item ' => "somevalue" ));
$result = $stmt->fetchAll();
但是这个在使用变量时不起作用吗?
$itemstring = "somevalue"
$stmt = $db->prepare('SELECT tablename FROM catalogs WHERE item = :item ');
$stmt->execute(array('item ' => $itemstring));
$result = $stmt->fetchAll();
我错过了一些明显的东西吗?
这是在WAMP 2.4 / MySQL
上只有改变是我使用变量而不是字符串?
答案 0 :(得分:2)
你在第一行末尾缺少一个分号。这也应该在您的错误日志中可见。
始终检查错误日志!
如果您没有收到错误,请在执行任何其他操作之前解决此问题。
$itemstring = "somevalue"; // <- missing semi-colon at end
$stmt = $db->prepare('SELECT tablename FROM catalogs WHERE item = :item ');
$stmt->execute(array('item ' => $itemstring));
$result = $stmt->fetchAll();
答案 1 :(得分:0)
问题是:我的字符串中的HTML字符!该字符串返回文本,但有这样的标签: string1 (粗体html标签),它应该是这样的:string1
我解决了这个问题:
$MYFILTERVALUE= preg_replace('/<[^>]*>/', '', $_POST['stringtoget']);
这会对变量进行清理。
答案 2 :(得分:0)
This is late but I'm pretty sure the syntax should be like the below. And this can help you understand a bit more about how PDO works.
https://code.tutsplus.com/tutorials/why-you-should-be-using-phps-pdo-for-database-access--net-12059
$itemstring = "somevalue";
$stmt = $dbcon->prepare('SELECT tablename FROM catalogs WHERE item = :item ');
$stmt->execute(array(':item' => $itemstring));<-- Colon in the identifier
$result = $stmt->fetchAll();
或
$itemstring = "somevalue";
$query="SELECT tablename FROM catalogs WHERE item = :item";
$stmt = $dbcon->prepare($query);
$params = array(':item' => $itemstring);<-- Colon in the identifier, setting parameters.
$stmt->execute($params);
$result = $stmt->fetchAll();