我在通过mysqli执行准备好的语句时遇到问题。
首先,我正在使Command出现同步错误。我正在存储结果并关闭连接,并且我已经停止获取此错误,因此希望该问题已停止。
但是,我的sql语法错误中的错误又出现了,该错误在命令不同步时可以正常工作。这是我当前的代码:
我已经尝试了许多不同的方法来纠正此snytax错误,从使用CONCAT(由于失败而被注释掉)到在绑定之前为变量分配%符号等,都没有用。
尝试使用:
$numRecords->bind_param("s", "%".$brand."%");
导致通过引用传递错误。
<?php $con = mysqli_connect("localhost", "blah", "blah", "blah"); if (!$con) { echo "Can't connect to MySQL Server. Errorcode: %s\n". mysqli_connect_error(); exit; } $con->query("SET NAMES 'utf8'"); $brand = "o"; $brand = "% ".$brand." %"; echo "\n".$brand; $countQuery = "SELECT ARTICLE_NO FROM AUCTIONS WHERE upper(ARTICLE_NAME) LIKE ?"; //CONCAT('%', ?, '%')"; echo "\ntest"; if ($numRecords = $con->prepare($countQuery)) { $numRecords->bind_param("s", $brand); echo "\ntest bind"; $numRecords->execute(); echo "\ntest exec"; $numRecords->store_result(); $data = $con->query($countQuery) or die(print_r($con->error)); $rowcount = $data->num_rows; $numRecords->free_result(); $numRecords->close(); echo "/ntest before rows"; $rows = getRowsByArticleSearch("test", "Auctions", " "); $last = ceil($rowcount/$page_rows); } else { print_r($con->error); } foreach ($rows as $row) { $pk = $row['ARTICLE_NO']; echo '<tr>' . "\n"; echo '<td><a href="#" onclick="updateByPk(\'Layer2\', \'' . $pk . '\')">'.$row['USERNAME'].'</a></td>' . "\n"; echo '<td><a href="#" onclick="updateByPk(\'Layer2\', \'' . $pk . '\')">'.$row['shortDate'].'</a></td>' . "\n"; echo '<td><a href="#" onclick="deleterec(\'Layer2\', \'' . $pk . '\')">DELETE RECORD</a></td>' . "\n"; echo '</tr>' . "\n"; } function getRowsByArticleSearch($searchString, $table, $max) { $con = mysqli_connect("localhost", "blah", "blah", "blah"); //global $con; $recordsQuery = "SELECT ARTICLE_NO, USERNAME, ACCESSSTARTS, ARTICLE_NAME, date_format(str_to_date(ACCESSSTARTS, '%d/%m/%Y %k:%i:%s'), '%d %m %Y' ) AS shortDate FROM $table WHERE upper(ARTICLE_NAME) LIKE '%?%' ORDER BY str_to_date(ACCESSSTARTS, '%d/%m/%Y %k:%i:%s')" . $max; if ($getRecords = $con->prepare($recordsQuery)) { $getRecords->bind_param("s", $searchString); $getRecords->execute(); $getRecords->bind_result($ARTICLE_NO, $USERNAME, $ACCESSSTARTS, $ARTICLE_NAME, $shortDate); while ($getRecords->fetch()) { $result = $con->query($recordsQuery); $rows = array(); while($row = $result->fetch_assoc()) { $rows[] = $row; } return $rows; } } }
确切的错误是:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?' at line 11
第11行是定义$ countQuery的行。
如您所见,品牌被赋予“ o”;
因此,SQL语句应为
SELECT ARTICLE_NO FROM AUCTIONS WHERE upper(ARTICLE_NAME) LIKE %o%;
当我手动将其插入时,效果很好。
mysqli_stmt::bind_param只能绑定特定的变量,不能绑定表达式。所提供的变量是通过引用而不是通过值传递给“绑定”的,这意味着底层SQL在执行命令时(而不是在绑定时)获得变量具有的任何值。
mysqli_stmt::bind_param
使用:
WHERE field LIKE CONCAT('%', ?, '%")
或执行以下操作:
$brand = '%' . $brand . '%'
在执行命令之前。
您不能做的是:
WHERE field LIKE '%?%
因为?绑定变量必须对应一个字符串或数字值,而不是子字符串(或字段名)。
?
*在这种情况下进行 *EDIT ,您真正的问题似乎是将准备好的语句(由mysqli::prepare和支持mysqli_stmt::execute())与普通的旧查询(与完成)混合在一起mysqli::query()。您还应该直接从数据库服务器请求行数,而不是提取数据并使用num_rows:
mysqli::prepare
mysqli_stmt::execute()
mysqli::query()
$countQuery = "SELECT COUNT(ARTICLE_NO) FROM AUCTIONS WHERE upper(ARTICLE_NAME) LIKE ?"; if ($numRecords = $con->prepare($countQuery)) { $numRecords->bind_param("s", $brand); $numRecords->execute(); $numRecords->bind_result($num_rows); $numRecords->fetch(); $numRecords->free_result(); $numRecords->close(); $last = ceil($rowcount/$page_rows); } else { print_r($con->error); }
