这是我的代码
$question = "What is your Name";
$query = "SELECT * FROM `def_questions` where `question` LIKE '$question' ";
它不会重新获得确切的结果 我需要确切的(你的名字是什么),有些人会帮我做这件事。
提前致谢!
答案 0 :(得分:1)
尝试添加'%'变量之前和之后如下所示。
$question = mysql_real_escape_string($question);
编辑要防止SQL注入,请执行以下操作:
function AnyFunction(){
'aaa'
Write-Host 'bbb'
}
答案 1 :(得分:1)
$question = rtrim(ltrim(strip_tags(What is your Name)));
$query = "SELECT * FROM `def_questions` where `question` LIKE '%$question%' ";
答案 2 :(得分:1)
SQL Injection您的代码可能容易受到攻击。您应该使用预准备语句将值传递给查询:
## cool function!
tidy_midpt <- function(df, lbl_col) {
lbl_quo <- enquo(lbl_col)
df %>%
gather(key = coord, value = value, -!!lbl_quo) %>%
mutate(coord = str_sub(coord, 1, 1)) %>%
group_by(lbl, coord) %>%
summarise(value = mean(value)) %>%
ungroup() %>%
spread(key = coord, value = value)
}
ggplot(data = bar) +
geom_point(aes(x = x, y = y), data = foo, color = "grey") +
geom_segment(aes(x = x1, y = y1, xend = x2, yend = y2), size = 0.75, arrow = arrow(length = unit(0.5, "cm"))) +
geom_text(aes(x = x, y = y, label = lbl), data = . %>% tidy_midpt(lbl))
请注意,您还应该从搜索值中转义一些特殊字符,以使其与$questions = Yii::$app->db
->createCommand("SELECT * FROM `def_questions` where `question` LIKE :question", [
':question' => "%$question%",
])
->queryAll();
运算符一起正常工作(例如将LIKE
视为%
而不是“任何”,请参阅How to use a percent (%) in a LIKE without it being treated as a wildcard?):
%
完成整个事情的最简单方法可能是使用Query
:
$question = strtr($question, [
'%' => '\%',
'_' => '\_',
'\\' => '\\\\',
]);
$questions = Yii::$app->db
->createCommand("SELECT * FROM `def_questions` where `question` LIKE :question", [
':question' => "%$question%",
])
->queryAll();
$questions = (new \yii\db\Query())
->from('def_questions')
->where(['like', 'question', $question])
->all();
将为您进行转义,并将返回SQL查询的结果:
Query
答案 3 :(得分:0)
如果您想要精确的结果,可以使用=而不是LIKE
$question = "What is your Name";
$query = "SELECT * FROM `def_questions` where `question` = '$question'"