问题描述
我需要帮助将此 sql 转换为准备好的语句。这是我的搜索栏。我是初学者,希望能得到一些帮助。
这是我的 sql
$conn = MysqLi_connect('localhost','root','','my_db');
$MysqL = "SELECT * FROM catetable";
$bike_list = MysqLi_query($conn,$MysqL);
$catesql = "SELECT catename FROM catetable";
$cate_list = MysqLi_query($conn,$catesql);
这就是我想更改为 Prepared Statement 的内容
if (isset($_GET['search']))
{
$search = $_GET['search'];
$searchlist = array();
$lowersearchlist = array();
$i = 0;
while ($one_cate = MysqLi_fetch_assoc($cate_list))
{
$searchlist[$i] = $one_cate['catename'];
$lowersearchlist[$i] = strtolower($one_cate['catename']);
$i++;
}
if (in_array($search,$searchlist) || in_array($search,$lowersearchlist))
{
header("Location:feature.PHP");
}
else
{
header("Location:index.PHP?error=true");
}
}
解决方法
编写与 WHERE 子句中的参数匹配的查询。 MySQL 通常默认为不区分大小写的比较,因此您不需要获取所有行来准确且不区分大小写地比较它们。
if (isset($_GET['search'])) {
$stmt = $conn->prepare("SELECT COUNT(*) AS c FROM yourTable WHERE catename = ?");
$stmt->bind_param("s",$_GET['search']);
$stmt->execute();
$result = $stmt->get_result();
$row = $result->fetch_assoc();
if ($row['c'] > 0) {
header("Location: feature.php");
} else {
header("Location: index.php?error=true";
}
}