这是我的代码旧代码,其中一切正常:
if($tags != ""){
$TagsSearch = " AND Tags LIKE '%".$tags."%'";
}
$requested_page = isset($_GET['page']) ? intval($_GET['page']) : 1;
$r = mysql_query("SELECT COUNT(*) FROM `Blog` WHERE `Title`!='' $TagsSearch");
$d = mysql_fetch_row($r);
$product_count = $d[0];
$products_per_page = 10;
$page_count = ceil($product_count / $products_per_page);
$first_product_shown = ($requested_page - 1) * $products_per_page;
这是我的新代码:
if($tags != ""){
$TagsSearch = " AND Tags LIKE '%".$tags."%'";
}
$requested_page = isset($_GET['page']) ? intval($_GET['page']) : 1;
$r = $db->prepare("SELECT COUNT(*) FROM `Blog` WHERE `Title`!='' :TagsSearch");
$r->bindParam(':TagsSearch',$TagsSearch);
$d = $r->fetch(PDO::FETCH_ASSOC);
$product_count = $d[0];
$products_per_page = 10;
$page_count = ceil($product_count / $products_per_page);
$first_product_shown = ($requested_page - 1) * $products_per_page;
我收到以下错误:
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?' at line 1' in /var/www/html/blog.php:48 Stack trace: #0 /var/www/html/blog.php(48): PDO->prepare('SELECT COUNT(*)...') #1 {main} thrown in /var/www/html/blog.php on line 48
我的错误在哪里,我该如何解决?
提前致谢!
答案 0 :(得分:0)
TLabel.Font.Name的价值是多少?它从您提供的代码看起来就像它本身的SQL本身而不是普通的字符串或整数。您无法将其添加到function LoadResourceFontByName( const ResourceName : string; ResType: PChar ) : Boolean;
var
ResStream : TResourceStream;
FontsCount : DWORD;
begin
ResStream := TResourceStream.Create(hInstance, ResourceName, ResType);
try
Result := (AddFontMemResourceEx(ResStream.Memory, ResStream.Size, nil, @FontsCount) <> 0);
finally
ResStream.Free;
end;
end;
function LoadResourceFontByID( ResourceID : Integer; ResType: PChar ) : Boolean;
var
ResStream : TResourceStream;
FontsCount : DWORD;
begin
ResStream := TResourceStream.CreateFromID(hInstance, ResourceID, ResType);
try
Result := (AddFontMemResourceEx(ResStream.Memory, ResStream.Size, nil, @FontsCount) <> 0);
finally
ResStream.Free;
end;
end;
procedure TForm1.FormCreate(Sender: TObject);
begin
if LoadResourceFontByName('MyFont1', RT_RCDATA) then
Label1.Font.Name := 'My Font Name 1';
if LoadResourceFontByID(2, RT_FONT) then
Label2.Font.Name := 'My Font Name 2';
end;
的查询中,因为它的全部内容是它会转义SQL代码。
在您更新问题后,我认为您实际想要做的是;
$TagsSearch答案 1 :(得分:0)
您无法在预准备语句的替换参数中包含部分查询。这是因为查询首先完整地解析 ,然后然后在执行时进行替换。请参阅the documentation,第二个注意:,大约是页面的一半。
处理此问题的一种方法是动态构建查询字符串,如下所示:
$query = "SELECT COUNT(*) FROM `Blog` WHERE `Title`!=''";
$args = array();
if (isset($tags) && '' != $tags)
{
$query .= " AND Tags LIKE :tags";
$args[':tags'] = "%" . $tags . "%"; // % must be in arg, not query
}
$stmt = $db->prepare($query);
$stmt->execute($args);