一种Stack Overflow成员在将不安全的查询转换为使用参数的查询方面给了我一些帮助,但我很难让它工作。我本可以一直打扰他,但最初的问题是无关紧要的。所以我发布了一个新的!
<?php
$mysqli = new mysqli("host", "user", "password", "database");// connection
$key = $_POST['key'];
$query = $mysqli->prepare("SELECT * FROM handover WHERE hs LIKE ? OR WHERE nv
LIKE ? OR WHERE vsa LIKE ?");
$stmt->bind_param("sss", $key, $key, $key);
$stmt->execute();
$result = mysqli_query($mysqli,$query);
$count=mysqli_num_rows($result);
if($count==0 ){
echo "</br></br></br></br></br></br></br><h2>Handover Details</h2><p> No results
found</p>";
}
else{
while($row = mysqli_fetch_array($result)) {
These are my errors:
我收到此错误:
注意:未定义的变量:第112行的E:\ NEW1 \ xampp \ htdocs \ FINTAN \ keyword.php中的stmt
致命错误:在第112行的E:\ NEW1 \ xampp \ htdocs \ FINTAN \ keyword.php中的非对象上调用成员函数bind_param()
<?php
$mysqli = new mysqli("localhost", "root", "", "test3");// connection
$key = $_POST['key'];
$query = $mysqli->prepare("SELECT * FROM handover WHERE hs LIKE ? OR nv LIKE ? OR vsa
LIKE ?");
$stmt->bind_param("sss", $key, $key, $key);
$stmt->execute();
$stmt->store_result();
$rows = $stmt->num_rows;
if($rows==0 ){
echo "</br></br></br></br></br></br></br><h2>Handover Details</h2>
<p> WORKING none
found</p>";
}
else{
while($row = mysqli_fetch_array($result))
答案 0 :(得分:0)
SELECT * FROM handover WHERE hs LIKE ? OR nv
LIKE ? OR vsa LIKE ?"
删除额外的WHERE,你也需要
$query->bind_param("sss", $key, $key, $key);
$query->execute();
$query->store_result();
$rows = $query->num_rows;
if($rows==0 )