dongronge3732 2012-08-20 16:37
浏览 27
已采纳

LIKE-Query with PHP,mySQL和PDO

I want to match \' in my a column in a table in a MySQL Database, because these are entries where the data wasn't properly escaped.

I use PHP with PDO, this is the relevant code:

$stmt = $db->prepare("SELECT * FROM table WHERE title LIKE :title");
$stmt->bindValue(':title',"%\\'%",PDO::PARAM_STR);

Problem is, this matches titles with \' as well with a single '. I tried various combinations of \\\\\' etc., but nothing really worked to just match \', not the single '.

What am I doing wrong?

  • 写回答

1条回答 默认 最新

  • douguanci9158 2012-08-20 18:13
    关注

    As it turns out, you actually need to do this:

    $stmt->bindValue(':title',"%\\\\\\'%",PDO::PARAM_STR);

    That is 6 backslashes and one apostrophe which then matches one backslash and one apostrophe. Anyone got an explanation for this?

    PS: I don't know why just adding backslashes didn't work before, I tried that, seems like I had double quotes or something.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 2020长安杯与连接网探
  • ¥15 关于#matlab#的问题:在模糊控制器中选出线路信息,在simulink中根据线路信息生成速度时间目标曲线(初速度为20m/s,15秒后减为0的速度时间图像)我想问线路信息是什么
  • ¥15 banner广告展示设置多少时间不怎么会消耗用户价值
  • ¥16 mybatis的代理对象无法通过@Autowired装填
  • ¥15 可见光定位matlab仿真
  • ¥15 arduino 四自由度机械臂
  • ¥15 wordpress 产品图片 GIF 没法显示
  • ¥15 求三国群英传pl国战时间的修改方法
  • ¥15 matlab代码代写,需写出详细代码,代价私
  • ¥15 ROS系统搭建请教(跨境电商用途)