MySQLi準備語句和提取字段

Question

我有一個名爲$lines的字符串數組，我想用每個字符串搜索一個數據庫。

我有什麼的作品：

foreach($lines as $line) { 
    $line = real_escape_string($line); 
    $sql = "select * from $table where $column like '%$line%'" 
    $result = $conn->query($sql); 
    if($result->num_rows) { 
     while ($row = $result->fetch_assoc()) 
      //Name and Date are are only 2 out of 15+ column names from the db table 
      echo "<tr><td> {$row['Name']} </td> 
        <td>  {$row['Date']} </td></tr>"; 
    } 

不過，我不希望這樣。我想使用準備好的語句並能夠使用上面的列名稱。我已經試過：（從here）

$vars = array(); 
$data = array(); 
$stmt = $conn->prepare("SELECT * FROM $table WHERE `$column` LIKE '%?%'"); 
$stmt->bind_param("s", $line); 
$stmt->execute(); 
$result = $stmt->store_result(); 
$meta = $result->result_metadata(); 

echo "WORKS"; //doesn't print 
while ($field = $meta->fetch_field()) 
    $vars[] = &$data[$field->name]; 
call_user_func_array(array($result, 'bind_result'), $vars); 
$i = 0; 
while ($result->fetch()) { 
    $array[$i] = array(); 
     foreach ($data as $k=>$v) 
      $array[$i][$k] = $v; 
     $i++; 
} 
print_r($array); 

Answer 1

由於使用預處理語句繞過需要報價和傳遞的確切變量，你需要通過通配符在你的變量，而不是在查詢：

$stmt = $conn->prepare("SELECT * FROM $table WHERE `$column` LIKE ?"); 
$stmt->bind_param("s", '%'.$line.'%');