PHP PDO如何在查询中搜索2个或更多值？_Php_Search_Pdo

PHP PDO如何在查询中搜索2个或更多值？

php search

PHP PDO如何在查询中搜索2个或更多值？,php,search,pdo,Php,Search,Pdo,假设我有一个搜索表单，我想按姓名或电子邮件搜索，我只按一个值搜索，否则，我会得到一个SQL错误我浏览了整个网站，但没有找到解决问题的方法此代码适用于： if (isset($_POST['search'])) { $search = $_POST['search']; $sql = "SELECT * FROM `users` WHERE `name` LIKE ?"; $stmt = $pdo->prepare($sql); $stmt-

假设我有一个搜索表单，我想按姓名或电子邮件搜索，我只按一个值搜索，否则，我会得到一个SQL错误

我浏览了整个网站，但没有找到解决问题的方法

此代码适用于：

    if (isset($_POST['search'])) {
    $search = $_POST['search'];

    $sql = "SELECT * FROM `users` WHERE `name` LIKE ?";

    $stmt = $pdo->prepare($sql);

    $stmt->execute(array($search));

当我像这样尝试时，它不会结束：

    if (isset($_POST['search'])) {

    $search = $_POST['search'];

    $sql = "SELECT * FROM `users` WHERE `name` LIKE ? OR `email` LIKE ?";

    $stmt = $pdo->prepare($sql);

    $stmt->execute(array($search));

我如何通过姓名或电子邮件搜索它

编辑：以下是错误：

未捕获的PDOException:SQLSTATE[HY093]：参数编号无效

编辑2：

以下是有效的解决方案：

    $search = $_POST['search'];

    if (isset($search)) {

        $sql = "SELECT * FROM `users` WHERE `name` LIKE ? OR `email` LIKE 
    ?";

        $stmt = $pdo->prepare($sql);

        $stmt->execute(["%$search%", "%$search%"]);
    }

我认为问题在于

$search

变量只包含一个元素。试试这个：

$search = $_POST['search'];

if (isset($search)) {

    $sql = "SELECT * FROM `users` WHERE `name` LIKE ? OR `email` LIKE ?";

    $stmt = $pdo->prepare($sql);

    $stmt->execute([$search, $search]);
}

另一个解决方案是将

PDO:：ATTR\u EMULATE\u PREPARES

连接选项设置为

TRUE

。通过这种方式，您可以使用具有相同名称的多个命名标记（此处为

：search

），并为它们指定单个变量的值（此处为组合字符串

“%”.$search.%'

）

注意：当使用一个或两个百分比字符（

）时，查询将返回包含所提供搜索值的所有值。然而，在完全省略

-字符的情况下，查询将返回所有精确值，并且

LIKE

可以替换为

。这取决于你想使用哪种替代方案

下面是一个完整的示例：

connection.php:

<?php

/*
 * This page contains the code for creating a PDO connection instance.
 */

// Db configs.
define('HOST', 'localhost');
define('PORT', 3306);
define('DATABASE', 'tests');
define('USERNAME', 'abc');
define('PASSWORD', 'def');
define('CHARSET', 'utf8');

// Error reporting.
error_reporting(E_ALL);
ini_set('display_errors', 1); /* SET IT TO 0 ON A LIVE SERVER! */

// Create a PDO instance as db connection to db.
$connection = new PDO(
        sprintf('mysql:host=%s;port=%s;dbname=%s;charset=%s', HOST, PORT, DATABASE, CHARSET)
        , USERNAME
        , PASSWORD
        , [
    PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
    PDO::ATTR_EMULATE_PREPARES => TRUE, /* This is the option of interest */
    PDO::ATTR_PERSISTENT => FALSE,
    PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
        ]
);

<?php

require 'connection.php';

// Hardcoded value, for testing. Should be read from $_POST array.
$search = 'joe';

$sql = 'SELECT * FROM users WHERE name LIKE :search OR email LIKE :search';

$bindings = [
    ':search' => '%' . $search . '%',
];

$statement = $connection->prepare($sql);
$statement->execute($bindings);

$fetchedData = $statement->fetchAll(PDO::FETCH_ASSOC);

// Display fetched data.
if ($fetchedData) {
    echo '<pre>' . print_r($fetchedData, TRUE) . '</pre>';
} else {
    echo 'No data found.';
}

CREATE TABLE tests.users (
    id BIGINT NOT NULL AUTO_INCREMENT,
    name varchar(100) NULL,
    email varchar(100) NULL,
    CONSTRAINT users_PK PRIMARY KEY (id)
)
ENGINE=InnoDB
DEFAULT CHARSET=utf8
COLLATE=utf8_general_ci;

id|name   |email              |
--|-------|-------------------|
 1|j.r.   |joey@example.com   |
 2|michael|michael@example.com|
 3|joe    |joe@example.com    |

表格定义：

<?php

/*
 * This page contains the code for creating a PDO connection instance.
 */

// Db configs.
define('HOST', 'localhost');
define('PORT', 3306);
define('DATABASE', 'tests');
define('USERNAME', 'abc');
define('PASSWORD', 'def');
define('CHARSET', 'utf8');

// Error reporting.
error_reporting(E_ALL);
ini_set('display_errors', 1); /* SET IT TO 0 ON A LIVE SERVER! */

// Create a PDO instance as db connection to db.
$connection = new PDO(
        sprintf('mysql:host=%s;port=%s;dbname=%s;charset=%s', HOST, PORT, DATABASE, CHARSET)
        , USERNAME
        , PASSWORD
        , [
    PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
    PDO::ATTR_EMULATE_PREPARES => TRUE, /* This is the option of interest */
    PDO::ATTR_PERSISTENT => FALSE,
    PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
        ]
);

<?php

require 'connection.php';

// Hardcoded value, for testing. Should be read from $_POST array.
$search = 'joe';

$sql = 'SELECT * FROM users WHERE name LIKE :search OR email LIKE :search';

$bindings = [
    ':search' => '%' . $search . '%',
];

$statement = $connection->prepare($sql);
$statement->execute($bindings);

$fetchedData = $statement->fetchAll(PDO::FETCH_ASSOC);

// Display fetched data.
if ($fetchedData) {
    echo '<pre>' . print_r($fetchedData, TRUE) . '</pre>';
} else {
    echo 'No data found.';
}

CREATE TABLE tests.users (
    id BIGINT NOT NULL AUTO_INCREMENT,
    name varchar(100) NULL,
    email varchar(100) NULL,
    CONSTRAINT users_PK PRIMARY KEY (id)
)
ENGINE=InnoDB
DEFAULT CHARSET=utf8
COLLATE=utf8_general_ci;

id|name   |email              |
--|-------|-------------------|
 1|j.r.   |joey@example.com   |
 2|michael|michael@example.com|
 3|joe    |joe@example.com    |

已用数据：

<?php

/*
 * This page contains the code for creating a PDO connection instance.
 */

// Db configs.
define('HOST', 'localhost');
define('PORT', 3306);
define('DATABASE', 'tests');
define('USERNAME', 'abc');
define('PASSWORD', 'def');
define('CHARSET', 'utf8');

// Error reporting.
error_reporting(E_ALL);
ini_set('display_errors', 1); /* SET IT TO 0 ON A LIVE SERVER! */

// Create a PDO instance as db connection to db.
$connection = new PDO(
        sprintf('mysql:host=%s;port=%s;dbname=%s;charset=%s', HOST, PORT, DATABASE, CHARSET)
        , USERNAME
        , PASSWORD
        , [
    PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
    PDO::ATTR_EMULATE_PREPARES => TRUE, /* This is the option of interest */
    PDO::ATTR_PERSISTENT => FALSE,
    PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
        ]
);

<?php

require 'connection.php';

// Hardcoded value, for testing. Should be read from $_POST array.
$search = 'joe';

$sql = 'SELECT * FROM users WHERE name LIKE :search OR email LIKE :search';

$bindings = [
    ':search' => '%' . $search . '%',
];

$statement = $connection->prepare($sql);
$statement->execute($bindings);

$fetchedData = $statement->fetchAll(PDO::FETCH_ASSOC);

// Display fetched data.
if ($fetchedData) {
    echo '<pre>' . print_r($fetchedData, TRUE) . '</pre>';
} else {
    echo 'No data found.';
}

CREATE TABLE tests.users (
    id BIGINT NOT NULL AUTO_INCREMENT,
    name varchar(100) NULL,
    email varchar(100) NULL,
    CONSTRAINT users_PK PRIMARY KEY (id)
)
ENGINE=InnoDB
DEFAULT CHARSET=utf8
COLLATE=utf8_general_ci;

id|name   |email              |
--|-------|-------------------|
 1|j.r.   |joey@example.com   |
 2|michael|michael@example.com|
 3|joe    |joe@example.com    |

资源：

<?php

/*
 * This page contains the code for creating a PDO connection instance.
 */

// Db configs.
define('HOST', 'localhost');
define('PORT', 3306);
define('DATABASE', 'tests');
define('USERNAME', 'abc');
define('PASSWORD', 'def');
define('CHARSET', 'utf8');

// Error reporting.
error_reporting(E_ALL);
ini_set('display_errors', 1); /* SET IT TO 0 ON A LIVE SERVER! */

// Create a PDO instance as db connection to db.
$connection = new PDO(
        sprintf('mysql:host=%s;port=%s;dbname=%s;charset=%s', HOST, PORT, DATABASE, CHARSET)
        , USERNAME
        , PASSWORD
        , [
    PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
    PDO::ATTR_EMULATE_PREPARES => TRUE, /* This is the option of interest */
    PDO::ATTR_PERSISTENT => FALSE,
    PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
        ]
);

<?php

require 'connection.php';

// Hardcoded value, for testing. Should be read from $_POST array.
$search = 'joe';

$sql = 'SELECT * FROM users WHERE name LIKE :search OR email LIKE :search';

$bindings = [
    ':search' => '%' . $search . '%',
];

$statement = $connection->prepare($sql);
$statement->execute($bindings);

$fetchedData = $statement->fetchAll(PDO::FETCH_ASSOC);

// Display fetched data.
if ($fetchedData) {
    echo '<pre>' . print_r($fetchedData, TRUE) . '</pre>';
} else {
    echo 'No data found.';
}

CREATE TABLE tests.users (
    id BIGINT NOT NULL AUTO_INCREMENT,
    name varchar(100) NULL,
    email varchar(100) NULL,
    CONSTRAINT users_PK PRIMARY KEY (id)
)
ENGINE=InnoDB
DEFAULT CHARSET=utf8
COLLATE=utf8_general_ci;

id|name   |email              |
--|-------|-------------------|
 1|j.r.   |joey@example.com   |
 2|michael|michael@example.com|
 3|joe    |joe@example.com    |

什么是$search的var\u dump？string（9）“something”我想我不能这样做，因为我的搜索表单中只有一个$search字段？我希望键入的字符串与名称或电子邮件一样匹配，但只在一个字段中匹配。向我显示您要执行的真实sql查询$search变量必须是具有两个值的数组，否则您的代码容易被sql注入。我希望执行以下操作：$sql=“SELECT*FROM

users

WHERE

name

LIKE？或

email

LIKE？”；例如，如果

$search

变量为`“joejoe@gmail.com“

，您需要名为joe或email的用户joe@gmail.com您可以按delimeter

explode（“”，$search）`按空格将$search变量拆分为数组，然后执行查询