Question

所以基本上你可以使用REGEXP来搜索包含你想要的一个或多个字符串的任何内容。像这样：

SELECT * FROM dbTable WHERE LOWER(description) REGEXP 'foo|bar'

但是我在使用准备好的PDO语句的用户输入动态使用它时遇到了麻烦：

HTML：

<!doctype html>
<html>
<head></head>
<body>
  <form id="search" action="/search.php" method="POST">
    <input type="text" name="searchQ" value="<?php echo $searchQ; ?>">
    <input type="submit" value="Search">
  </form>
</body>
</html>

PHP：

<?php
  $hCon = new PDO("mysql:host=$dbhost_n;dbname=$dbname_n",$dbuser_n,$dbpasswd_n,array(PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8"));
  if (isset($_POST['searchQ']) && $_POST['searchQ'] != '') {
      $searchQ = htmlspecialchars($_POST['searchQ']);
      $searchQ = strtolower($searchQ); 
      $searchQ = str_replace(" ","|",$searchQ); //replace spaces with | because it means OR in regex

      $q = $hCon->prepare("SELECT * FROM " . $dbtable . " WHERE LOWER(description) REGEXP ':searchQ'");
      $q->execute(array(':searchQ'=>$searchQ));

      while($row = $q->fetch(PDO::FETCH_ASSOC)) {
          echo "<p>" . $row['description'] . "</p>";
      }
  }
?>

还有其他办法吗？

使用REGEXP和PDO在mySQL表中搜索

0 个答案: