Php 在记录未转义的位置搜索带撇号的查询
这是在mysql中:Php 在记录未转义的位置搜索带撇号的查询,php,mysql,Php,Mysql,这是在mysql中: Column: Title ___________ Children's 代码: 如果您真的必须使用过时的mysql扩展,那么您必须对输入进行转义,以防止出现这样的语法错误。使用: $searchTerm = mysql_real_escape_string($searchTerm); 在查询之前 但是您确实应该转换为mysqli或PDO`,这允许您编写参数化查询。在PDO中,您可以这样写: $stmt = $pdo->prepa
Column: Title
___________
Children's
如果您真的必须使用过时的
mysql$searchTerm = mysql_real_escape_string($searchTerm);
mysqli$stmt = $pdo->prepare("
SELECT *
FROM bookings_css_multi_lang
WHERE model='pjCourse' AND field = 'title'
AND content LIKE CONCAT('%', :search_term, '%')
LIMIT :start_from, :results_per_page");
$stmt->bindParam(':search_term', $searchTerm);
$stmt->bindParam(':start_from', $start_from);
$stmt->bindParam(':results_per_page', $results_per_page);
$stmt->execute();
while($myrow = $stmt->fetch(PDO::FETCH_ASSOC)) {
...
}
$stmt = $pdo->prepare("
SELECT *
FROM bookings_css_multi_lang
WHERE model='pjCourse' AND field = 'title'
AND content LIKE CONCAT('%', :search_term, '%')
LIMIT :start_from, :results_per_page");
$stmt->bindParam(':search_term', $searchTerm);
$stmt->bindParam(':start_from', $start_from);
$stmt->bindParam(':results_per_page', $results_per_page);
$stmt->execute();
while($myrow = $stmt->fetch(PDO::FETCH_ASSOC)) {
...
}