Use PDO parameterized queries to create methods with LIKE statements
P粉394812277
P粉394812277 2023-08-22 12:33:39
0
2
593
<p>这是我尝试的代码:</p> <pre class="brush:php;toolbar:false;">$query = $database->prepare('SELECT * FROM table WHERE column LIKE "?%"'); $query->execute(array('value')); while ($results = $query->fetch()) { echo $results['column']; }</pre></p>
P粉394812277
P粉394812277

reply all(2)
P粉722521204

For those using named parameters, here's how to do a % partial match using LIKE in a MySQL database:

WHERE column_name LIKE CONCAT('%', :dangerousstring, '%')

The named parameter is :dangerousstring.

In other words, you use explicit unescaped % symbols in your queries, which are separate from user input.

EDIT: For Oracle Database, the join syntax uses the join operator: ||, so it will simplify to:

WHERE column_name LIKE '%' || :dangerousstring || '%'

However, as @bobince mentioned here, there are some caveats:

Therefore, there are other things to pay attention to when combining like and parameterization.

P粉731861241

I found the answer after posting:

$query = $database->prepare('SELECT * FROM table WHERE column LIKE ?');
$query->execute(array('value%'));

while ($results = $query->fetch())
{
    echo $results['column'];
}
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template