SQL不会将$ customerID变量读作变量。我认为()是问题所在,因为当我删除()的第一部分时,编辑器将变量看作变量但SQL不起作用。
$customerID = $_SESSION['ID'];
$query = $conn->prepare(
"SELECT * FROM quiz_list
WHERE (
(status = 1 AND shared = 1)
OR customer = '$customerID')
AND friendly LIKE '%$searchValue%'
ORDER BY id LIMIT 25;"
);
$query->execute();
答案 0 :(得分:1)
准备语句时,应使用占位符作为参数。然后在执行语句之前,在第二次调用中将这些占位符绑定到预准备语句。
$query = $conn->prepare("SELECT * FROM quiz_list WHERE ((status = 1 and shared = 1) OR customer = '?') AND friendly LIKE '%?%' ORDER BY id LIMIT 25;");
$query->bind_param('is', $customerID, $searchValue);
$query->execute()
有关更详细的示例,请查看mysqli prepare documentation