Use PDO parameterized queries to create methods with LIKE statements
P粉394812277
2023-08-22 12:33:39
<p>这是我尝试的代码:</p>
<pre class="brush:php;toolbar:false;">$query = $database->prepare('SELECT * FROM table WHERE column LIKE "?%"');
$query->execute(array('value'));
while ($results = $query->fetch())
{
echo $results['column'];
}</pre></p>
For those using named parameters, here's how to do a % partial match using
LIKE
in aMySQL database
:The named parameter is
:dangerousstring
.In other words, you use explicit unescaped
%
symbols in your queries, which are separate from user input.EDIT: For Oracle Database, the join syntax uses the join operator:
||
, so it will simplify to:However, as @bobince mentioned here, there are some caveats:
Therefore, there are other things to pay attention to when combining like and parameterization.
I found the answer after posting: