我使用MySQL像這樣執行刪除查詢潛在的不良數據:如何從PHP和MySQL的PDO
public function query($query, $params = array(), $format = array()) {
if (!is_array($params)) return false;
$dbh = parent::$dbh;
if (empty($dbh)) return false;
$stmt = $dbh->prepare($query);
if (!empty($format)) {
$values = array_values($params);
foreach ($format as $key => $bind) {
switch ($bind) {
case '%d':
$stmt->bindValue($key + 1, $values[$key], PDO::PARAM_INT);
break;
case '%s':
$stmt->bindValue($key + 1, $values[$key], PDO::PARAM_STR);
break;
default:
$stmt->bindValue($key + 1, $values[$key], PDO::PARAM_STR);
break;
}
}
}
$stmt->execute($params);
return $stmt;
}
我怎樣才能安全地使用LIKE搜索中刪除無效字符:
例如:
$filter = "filter's";
if (isset($filter)) {
$search_filter = 'content LIKE \'%'.$filter.'%\'';
$sql = "SELECT $search_filter FROM messages";
$stmt = $this->query($sql);
}
你可以'$ search_filter ='content like'。$ dbh-> quote(「%」。$ filter。「%」);' – Orangepill
@Orangepill恐怕你沒有得到這個問題。 –
http://stackoverflow.com/questions/3683746/escaping-mysql-wild-cards – bitWorking