1

我正在使用 PDO 进行查询,并尝试转义一些“&”,因为它们使请求无效。我已经尝试过使用 mysql_real_escape_string 和 pdo 引用...两者都没有逃脱“&”。我的价值观是例如“詹姆斯和杰克”。

作为连接器:

$this->connect = new PDO("mysql:host=$db_host;dbname=$db_name;", $db_user, $db_pass,array(PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8"));

作为查询:

function check_exist($query,$parameter)
{
    try
    {
    $this->connect->prepare($query);
    $this->connect->bindParam(':parameter', $parameter, PDO::PARAM_STR);
    $this->connect->execute();
    return $this->connect->fetchColumn();


        unset ($query);
    }
    catch(PDOException $e) 
    {  
        echo $e->getMessage(); 
    }

}

最终行动号召

$db = new database;
$db->connect('framework','localhost','root','');
$result = $db->check_exist('SELECT COUNT(*) FROM cat_merge WHERE cat=:parameter',$cat);
4

1 回答 1

3

尝试以这种方式使用准备好的语句:

<?php
// Connect to the database
$db = new PDO('mysql:host=127.0.0.1;dbname=DB_NAME_HERE', 'username', 'password');
// Don't emulate prepared statements, use the real ones
$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
// Prepare the query
$query = $db->prepare('SELECT * FROM foo WHERE id = ?');
// Execute the query
$query->execute($_GET['id']);
// Get the result as an associative array
$result = $query->fetchAll(PDO::FETCH_ASSOC);
// Output the result
print_r($result);
?>
于 2012-11-23T02:33:36.670 回答