0
所以,我寫了這段代碼,它的工作原理。但是,它只返回一個結果。所以我在我的數據庫中有兩個'Eric Clapton'的名字,每個都有不同的id。但查詢只返回其中的一個2.任何想法?如何接收來自MySQL'LIKE'的各種結果?
<?php
$now = htmlentities(rawurldecode($_GET['word'])); // in this case i passed in 'Eric Clapton'
$cat = htmlentities($_GET['cat']); // category, in this case lets say i passed in 'music'
$con = mysql_connect("localhost","USERNAME","PASS");
if (!$con)
{
echo "<pre>An error occured, please try again later. Sorry...</pre>";
}
else{ mysql_select_db("DATABASE", $con);
$result = mysql_query("SELECT id, name FROM $cat WHERE name LIKE '%$now%'");
$row = mysql_fetch_array($result);
echo "<pre>";
print_r($row);
echo "</pre>";
mysql_close($con);
}
?>
真理,現在我們talking->
<?php
$now = '%'.htmlentities(rawurldecode($_GET['word'])).'%';
$cat = htmlentities($_GET['cat']);
$dsn = 'mysql:dbname=DATABASE;host=localhost';
$user = "USER";
$password = "PASS";
# connect to the database
try {
$DBH = new PDO($dsn, $user, $password);
$DBH->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
# the data we want to insert
$data = array($now);
$STH = $DBH->prepare("SELECT id, name FROM $cat WHERE name LIKE ?");
$STH->execute($data);
$result = $STH->fetchAll();
}
catch(PDOException $e) {
echo "Uh-Oh, something wen't wrong. Please try again later.";
file_put_contents('PDOErrors.txt', $e->getMessage(), FILE_APPEND);
}
echo "<pre>";
print_r($result);
echo "</pre>";
$DBH = null;
?>
您應該真正清理您的輸入和/或移動PDO和準備好的語句。 –
好的,會那樣做。謝謝! – Hadrian
你怎麼看'mysql_real_escape_string'?在進行查詢之前,在$ cat和$ word上。 – Hadrian