【问题标题】:Using SHOW COLUMNS with LIKE clause in PDO在 PDO 中使用带有 LIKE 子句的 SHOW COLUMNS
【发布时间】:2014-09-05 03:54:02
【问题描述】:

我不知道为什么这不起作用:

    $stmt_field_exists = $db->prepare("SHOW COLUMNS
        FROM uf_users
        LIKE :field_name");

    $sqlVars[':field_name'] = "%display_name%";

prepare 语句出现错误, SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?' at line 3

起初我以为我要么错误地使用了SHOW COLUMNS 查询,要么错误地形成了占位符,但是当我单独尝试这两个中的任何一个时,它们都可以正常工作:

    // Works fine
    $stmt_field_exists = $db->prepare("SELECT display_name
        FROM uf_users
        WHERE display_name LIKE :value");

    $sqlVars[':value'] = "%admin%";


    // Also works fine
    $stmt_field_exists = $db->prepare("SHOW COLUMNS
        FROM uf_users
        LIKE '%display_name%'");

我使用的是 MySQL 5.5.31。这到底是怎么回事?我发现错误了吗?

【问题讨论】:

  • 请提供完整的错误信息。
  • 你能创建一个最小的代码来重现这个问题吗?
  • 当,应该在高峰时段问这个问题。如果您已将 $db 定义为 PDO 数据库对象(我当然会这样做),这应该可以正常工作。

标签: php mysql sql pdo sql-like


【解决方案1】:

完整功能如下:

function fetchUserField($user_id, $field_name){    
try {
    global $db_table_prefix;

    $db = pdoConnect();

    $sqlVars = array();

    // First, check that the specified field exists.  Very important as we are using other unsanitized data in the following query.
    $stmt_field_exists = $db->prepare("SHOW COLUMNS
        FROM ".$db_table_prefix."users
        LIKE :field_name");

    $sqlVars[':field_name'] = "%" . $field_name . "%";

    $stmt_field_exists->execute($sqlVars);

    if (!($results = $stmt_field_exists->fetch(PDO::FETCH_ASSOC))){
        // The field does not exist
        return false;
    }

    $query = "SELECT 
        `$field_name`
        FROM ".$db_table_prefix."users
        WHERE
        id = :user_id
        LIMIT 1";

    $stmt = $db->prepare($query);

    $sqlVars[':user_id'] = $user_id;

    $stmt->execute($sqlVars);

    if (!($results = $stmt->fetch(PDO::FETCH_ASSOC))){
        // The user does not exist
        return false;
    }

    $stmt = null;
    return $results[$field_name];

} catch (PDOException $e) {
  addAlert("danger", "Oops, looks like our database encountered an error.");
  error_log("Error in " . $e->getFile() . " on line " . $e->getLine() . ": " . $e->getMessage());
  return false;
} catch (ErrorException $e) {
  addAlert("danger", "Oops, looks like our server might have goofed.  If you're an admin, please check the PHP error logs.");
  return false;
}

}

像这样简单地使用它

// Return the timestamp when this user's account was registered 
$author = fetchUserField($user_id, $field);

虽然由于某种原因简单地返回 false,但无法提取数据。

【讨论】:

    猜你喜欢
    • 1970-01-01
    • 2012-11-29
    • 2013-06-27
    • 1970-01-01
    • 2014-09-23
    • 2019-11-21
    • 1970-01-01
    相关资源
    最近更新 更多