PHP中的PHP循环和绑定查询

Context

I'm trying to write an efficient and secure search script using PHP and MySQL which will prevent SQL injection attempts. I'm using the MySQLi suite of functions and specifically binding user input to the database queries. Because users may be searching for multiple words at a time I have developed a method to dynamically bind variables to a MySQLi query but am getting stuck in one particular place.

I have an example table of users and a table of all the skills the users have:

USERS:               SKILLS:
ID | Username        Userid  | Skill
1  | Patty           1       | Decorating
2  | Billy           1       | Renovating
                     2       | Painting
                     2       | Flooring

I have produced a search query which explodes all of the search terms a visitor has searched for and then runs them through a MYSQLi query:

$searched = explode (' ', stripslashes ($search)); // What the visitor searched for

$bindParam = new BindParam (); // Initiate the dynamic binding class
$qArray = array (); 

foreach ($searched as $sd) {    
    $sd = trim ($sd);   
    if ($sd != '') {
        $qArray[] = 'skills.skill LIKE CONCAT(?,\'%\')'; // Use arrays to construct part of the dynamic query
        $bindParam->add ('s', $sd); // Users are searching for strings so use 's' as opposed to 'i' for integer for example
    }
}

$query = "SELECT username FROM users WHERE users.id IN (SELECT skills.userid FROM skills WHERE ";
$query .= implode (' OR ', $qArray);
$query .= ")"; // Join the query together

$stmt = $mysqli->prepare ($query) or die ("Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error);    
call_user_func_array (array ($stmt, "bind_param"), $bindParam->get ()); // Bind the variables to the query

$stmt->execute ();
$stmt->store_result ();

if ($stmt->num_rows > 0) {              
    $stmt->bind_result ($username);
    $searchoutput = array ();
    while ($stmt->fetch ()) {
        $searchoutput[] = $username; // send all usernames to an array      
    }

print_r ($searchoutput); // print all contents of the array

}

The Question

Now, when the visitor searches for "decorating renovating painting" the code returns:

Array ( [0] => patsy [1] => billy )

...as the MySQL query is effectively ignoring the fact that Patsy comes up twice. Ideally I would like the array to actually show:

Array ( [0] => patsy [1] => patsy [2] => billy )

Unless I incorporate the query into a loop based on the number of search terms, How can I solve this?

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

1条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
doufu5747 2014-04-26 21:50
关注
Instead of a subquery I would recommend a JOIN:

SELECT username FROM users JOIN skills ON users.id=skills.userid WHERE skills.skill LIKE CONCAT(?,\'%\') OR skills.skill LIKE CONCAT(?,\'%\') OR ...

This should show username multiple times when they match on multiple skills.
本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

报告相同问题？

关注问题

PHP中的PHP循环和绑定查询 mysql php sql
2014-04-26 21:43

回答 1 已采纳 Instead of a subquery I would recommend a JOIN: SELECT username FROM users JOIN skills ON users.
如何在PHP中控制绑定param变量 mysql php
2019-04-19 20:00

回答 1 已采纳 If I understand correctly, you can do this in a single database query. SELECT q.* FROM question
求一个PHP功能，获取本地绑定ip php 有问必答
2023-04-20 11:41

回答 4 已采纳用shell_exec或者exec执行系统命令获取，不过需要管理员权限，租用的虚拟机就不用想了windows系统执行ipconfig命令，需要正则分析获取下ip地址 <meta charset
PHP面试题（含答案），持续更新
2022-08-25 14:50

ypa-达瓦里希的博客 PHP面试题（含答案），持续更新（会有重复）
php绑定引号在html中 html laravel php
2016-10-21 10:03

回答 3 已采纳 I prefer to use single quotes for outputting variables like HTML to the browser. Simply use \' to
PHP PDO Query不读取绑定值 php
2018-10-30 10:54

回答 2 已采纳 From docs: PDO::query — Executes an SQL statement, returning a result set as a PDOStatement ob
如何在php父类中使用单例和静态后期绑定toghter php
2017-04-10 08:06

回答 1 已采纳 You could turn $_instance into an array of instances by class name using get_called_class() http:/
电商业务技术基础知识&电商业务中常用的大数据技术介绍
2023-09-22 01:50

禅与计算机程序设计艺术的博客电商（E-commerce）网站是指在线零售活动平台，基于互联网、传统的商务渠道、移动支付、物流配送等多种商业模式的综合体，通过提供网络购物环境、网络交易功能、物流服务和相关信息的服务型网站，帮助消费者通过电脑...
双向绑定PHP和AngularJS javascript mysql php
2016-02-27 23:35

回答 1 已采纳 Make an AJAX request do the server with the checkbox state (your newsletter scope variable). Howev
无法在Laravel原始查询中绑定参数 laravel php
2018-12-08 05:30

回答 2 已采纳 try to used like that $query = "SELECT 1 AS rank, 'CATEGORY' AS type, category_id AS id, name AS
在for / foreach循环中绑定pdo变量 php
2018-04-08 17:31

回答 1 已采纳 You need to move the code inside the loop: <?php $db = dbCon(); $sql = "INSERT INTO required_f
深入解析PHP7个预定义接口
2021-08-17 11:28

PHP开源社区的博客场景：平常工作中写的都是业务模块，很少会去实现这样的接口，但是在框架里面用的倒是很多。 1. Traversable（遍历）接口该接口不能被类直接实现，如果直接写了一个普通类实现了该遍历接口，是会直接报致命的错误...
PHP ADODB和MySQL，绑定参数 mysql php
2015-02-26 03:18

回答 1 已采纳 This is how i got it to work with mysql, without having to implement PDO $sql = "INSERT INTO bra
常见的PHP问题
2019-12-11 11:33

fareast_mzh的博客 * Apache， nginx区别 1．Nginx比Apache更轻量级，使用更少的内存及资源 ...3．Nginx除了可以提供web服务还可以提供反向代理服务和邮件服务 4．Nginx 静态处理性能比 Apache 高 3倍以上 5．apache适合处理动态请...
最新PHP 面试、笔试题汇总(code happy)
2019-06-28 19:27

想出家的霸天虎的博客 $_SERVER ----->系统环境变量 $_SESSION ----->会话控制的时候会用到 $_COOKIE ----->会话控制的时候会用到十九、echo、print_r、print、var_dump之间的区别 * echo、print是php语句，var_dump和print_r是函数 * ...
没有解决我的问题, 去提问

悬赏问题

¥15 微信会员卡接入微信支付商户号收款
¥15 如何获取烟草零售终端数据
¥15 数学建模招标中位数问题
¥15 phython路径名过长报错不知道什么问题
¥15 深度学习中模型转换该怎么实现
¥15 HLs设计手写数字识别程序编译通不过
¥15 Stata外部命令安装问题求帮助！
¥15 从键盘随机输入A-H中的一串字符串，用七段数码管方法进行绘制。提交代码及运行截图。
¥15 TYPCE母转母，插入认方向
¥15 如何用python向钉钉机器人发送可以放大的图片？

PHP中的PHP循环和绑定查询

1条回答 默认 最新

悬赏问题

1条回答默认最新