PDO查询运行正常,但是当我尝试使用LIKE查询时它不起作用并给出错误.我知道我做错了什么,如果有人能指出我哪里出错了以及如何正确运行LIKE查询,请.
<?php
/**
* Created by PhpStorm.
* User: HaiderHassan
* Date: 9/3/14
* Time: 9:52 PM
*/
header('Access-Control-Allow-Origin: *');
try {
$conn = new PDO('mysql:host=localhost;dbname=houserentsystem;charset=utf8', 'root', 'admin');
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch(PDOException $e) {
echo 'ERROR: ' . $e->getMessage();
}
if($_POST['searchFilter']){
$searchFilter = "%".$_POST['searchFilter']."%";
echo $searchFilter;
$stmt = $conn->query("SELECT roomName FROM roomnames WHERE roomName LIKE".$searchFilter);
$results = $stmt->fetchAll(PDO::FETCH_ASSOC);
$stmt->closeCursor();
print_r(json_encode($results));
}
我有表(两列roomnames)roomID和roomName
我想这与公布值匹配数据的结果.
你有很多问题:
a)易受SQL注入攻击
b)LIKE之后缺少空格,这意味着你正在制作
... LIKE%foo%
c)搜索参数周围缺少引号,所以即使你确实修复了b),你仍然会遇到问题.它应该是
... LIKE '$searchParameter'
^----------------^--- note the quotes