使用 bindParam 显示数据库中的数据

Question

我想尝试使用 bindParam 从数据库中显示我的数据，但我遇到了一些错误。

可恢复的致命错误：无法将 PDOStatement 类的对象转换为第 15 行 C:\xampp\htdocs\piratefiles\search.php 中的字符串

这是我的代码

$category = htmlentities($_GET['c']);
$query = htmlentities($_GET['q']);

$page = (isset($_GET['page'])) ? $_GET['page'] : 1;
$limit = 20;
$limit_start = ($page - 1) * $limit;

$query = $db->prepare ("SELECT * FROM `posting` WHERE 'category' = :category AND 'file_name' like :query ORDER BY date DESC LIMIT ".$limit_start.",".$limit);

$query->bindParam(":category", $category);
$query->bindParam(":query", $query);

$query->execute();

Answer 1

$query 是用户输入，然后将其分配为 PDOStatement，然后将其传递回 bindParam

更改变量名称。

$category = htmlentities($_GET['c']);
$query = htmlentities($_GET['q']);

$page = (isset($_GET['page'])) ? $_GET['page'] : 1;
$limit = 20;
$limit_start = ($page - 1) * $limit;

$stmt = $db->prepare ("SELECT * FROM `posting` WHERE 'category' = :category AND 'file_name' like :query ORDER BY date DESC LIMIT ".$limit_start.",".$limit);

$stmt->bindParam(":category", $category);
$stmt->bindParam(":query", $query);

$stmt->execute();

Answer 2

由于我使用LIKE所以，需要制作另一个变量。

$keyword1 = "%".$category."%";
$keyword2 = "%".$query1."%";

这是完整的代码。

$category = htmlentities($_GET['c']);
$query1 = htmlentities($_GET['q']);

$page = (isset($_GET['page'])) ? $_GET['page'] : 1;
$limit = 20;
$limit_start = ($page - 1) * $limit;

$query = $db->prepare ("SELECT * FROM `posting` WHERE category LIKE :category AND file_name LIKE :query1 ORDER BY date DESC LIMIT ".$limit_start.",".$limit);

$keyword1 = "%".$category."%";
$keyword2 = "%".$query1."%";

$query->bindParam(":category", $keyword1);
$query->bindParam(":query1", $keyword2);

$query->execute();