2015-07-18 17:18
浏览 73


I want to retrieve student name from database using mysql LIKE, i have following form

  <form action="search.php" method="POST">
        <input type="text" name="search" id="search-input">
        <input type="submit" value="Submit" id="submit">

And my search.php

        require_once 'db.php';
        if (isset($_POST['search']) && !empty($_POST['search'])) {
            $search_param = trim($_POST['search']);

            $slct_search = $db->prepare("SELECT student_name FROM student_details WHERE student_name LIKE ?") or die($db->error);
            $slct_search = bind_param('s', $search_param);
            $res = $slct_search->get_result();  
            if($res->num_rows) {            
                while ($result = $res->fetch_object()) {
                    echo $result->student_name;
            } else {
                echo 'OOPS we had a problem';

When I click the submit button i am receiving following error

Fatal error: Call to undefined function bind_param() in F:\xampp\htdocs\sel\search.php on line 7

  • 写回答
  • 好问题 提建议
  • 关注问题
  • 收藏
  • 邀请回答

2条回答 默认 最新

  • duanlai1855 2015-07-18 17:44

    Have you tried:

    $slct_search->bind_param('s', $search_param);

    Also note that you might use trim() but it still leaves you open to SQL-injection. Try to do someting like:

    $db->real_escape_string( trim( $_POST['search'] ) );

    Read about some other escapeing here:

    解决 无用
    打赏 举报
  • dongrongdao8902 2018-09-22 15:42

    Please use - > for the bind_param

    Use this $slct_search - >bind_param

    Instead of this $slct_search = bind_param

    解决 无用
    打赏 举报

相关推荐 更多相似问题