需要一些关于mysqli准备语句的帮助

时间:2014-11-20 11:08:15

标签: php mysql mysqli 

<!doctype html>
<body>
<?php
$mysqli = new mysqli("localhost", "root", "", "test3");

$hs_data= '%' .$_POST['hs_data']. '%'; //changed this and it worked!
$nv_data= '%' .$_POST['hs_data']. '%';
$vsa_data= '%' .$_POST['hs_data']. '%';

$query = $mysqli->stmt_init();
//create a prepared statement


$query = "SELECT hs,nv,vsa FROM handover WHERE hs like ? or nv like ? or vsa like ?";
//$query = "SELECT id,hs,nv,vsa FROM sectona_product WHERE hs = ? or nv = ?";



$statement = $mysqli->prepare($query);

//bind parameters for markers, where (s = string, i = integer, d = double,  b = blob)
$statement->bind_param('sss',$hs_data,$nv_data,$vsa_data);

//execute query
$statement->execute();

//bind result variables to be printed
$statement->bind_result( $hs,$nv,$vsa);

$statement->store_result();
if( $statement->num_rows > 0 )
{

print '<table border="1">'; 
print '<tr>';
//fetch records
while($statement->fetch()) {


print '<td>'.$hs.'</td>';
print '<td>'.$nv.'</td>';
print '<td>'.$vsa.'</td>';
print '</tr>';

}   
print '</table>';

} else {

print "<p>No Rows</p>";
}
//close connection
$statement->close();

?>

最终的工作代码得到了sectona的大力帮助 - 只是让每个人都能清楚地看到。这是对名为hs_data的输入的关键字搜索。我检查我的数据库hs,nv,vsa中的列,它将匹配的结果打印到表中。

2 个答案:

答案 0 :(得分:0)

这段代码应该有所帮助,我相信它应该对你有用(虽然我还没有测试过它。 我只是编码正确的方式) 首先,您需要能够区分intger和varchar系列数据。 在Mysqli中,Interger,数字由i表示,varchar family由s表示 因此,在你的绑定中,你可能有类似

的东西 
$stmt->bind_param('sis',$varchar,$integer,$text); etc.

请遵循此代码,您的问题就解决了。如果你仍然无法解决它,请给我一个喊叫。 谢谢.. Sectona 

<?
$mysqli = new mysqli("localhost", "root", "root777", "sectona_db");

$hs_data= '%' .$_POST['hs_data']. '%'; //changed this and it worked!
$nv_data= '%' .$_POST['hs_data']. '%';
$vsa_data= '%' .$_POST['hs_data']. '%';
$stmt = $mysqli->stmt_init();
if($stmt->prepare("SELECT * FROM handover WHERE hs LIKE ? OR nv LIKE ? OR vsa LIKE ?")) {
$stmt->bind_param('sss',$hs1,$nv1,$vsa1);
 $stmt->execute();

    // Close statement object
    $stmt->close();
print "<font size=4 color=green>Query Successful </font>";
}
else{
print "<font size=4 color=red>Somethin is wrong somewhere </font>";
}
/* close connection */
$mysqli->close();
?>

答案 1 :(得分:0)

代码已经过测试,现在可以使用了

首先创建表并插入记录

create table sectona_product(id int primary key auto_increment, hs varchar(100), nv varchar(80),vsa varchar(86));
insert into sectona_product(hs,nv,vsa) values('jon','gab','secunda');

<?php

$mysqli = new mysqli("localhost", "root", "root_password", "sectona_db");

$hs_data = 'jon';
$nv_data = 'gab';

$query = $mysqli->stmt_init();
//create a prepared statement


$query = "SELECT id,hs,nv,vsa FROM sectona_product WHERE hs like ? or nv like ?";
//$query = "SELECT id,hs,nv,vsa FROM sectona_product WHERE hs = ? or nv = ?";



$statement = $mysqli->prepare($query);

//bind parameters for markers, where (s = string, i = integer, d = double,  b = blob)
$statement->bind_param('ss',$hs_data,$nv_data);

//execute query
$statement->execute();

//bind result variables to be printed
$statement->bind_result($id, $hs, $nv,$vsa);

Print "Your data is printed successfully";
print '<table border="1">';

//fetch records
while($statement->fetch()) {
    print '<tr>';
    print '<td>'.$id.'</td>';
    print '<td>'.$hs.'</td>';
    print '<td>'.$nv.'</td>';
    print '<td>'.$vsa.'</td>';

    print '</tr>';
}   
print '</table>';

//close connection
$statement->close();

?>

如果查询来自表单输入Eg。

<input type=text name="hs_data" id="hs_data>

然后你可以将php变量设置为

$hs_data=$_POST['hs_data'];

如果您在输出或打印数据库中的数据时仍需要保护脚本免受XSS攻击,则可以 使用htmlentities() or htmlspecialchars() 

functions as per below

print '<td>'.htmlentities($vsa, ENT_QUOTES, "UTF-8").'</td>';

如果您觉得有趣,请评价并给我一个喊叫。 .... Sectona

相关问题
最新问题