-2

我一直试图让它工作,但我认为我的 sql 设置不正确。

例如,我试图从 URL 中获取搜索词,然后使用准备好的语句将其插入,以便在数据库中安全使用。

首先,我从会话中调用他们拥有的产品的用户 ID。

然后我检查他们是否有超过 1 个项目,如果他们设置了一个数组并插入到数据库中,如果他们没有超过 1 个项目,那么我只是简单地插入到数据库中以检索数据。

我将它设置为变量的原因是因为它被发送到分页类,所以它会对结果进行分页。

这是html的标题:

<?php

$searchword = $urlmaker->geturlandsearch($_GET["search"]);

$findcomma = strpos($_SESSION["SESS_USERSPRODUCTIDS"], ",");

if($findcomma == true){

    $userproductid = explode(',', $_SESSION["SESS_USERSPRODUCTIDS"]);
    $prep       = array(':like' => "%$searchword%", ':like2' => "%$searchword%");

    $q = '';
    $e = '';
    $i = 1;

    foreach($userproductid as $productid){

        $q   .= 'productid=:productid' . $i . ' || ';
        $prep[":productid{$i}"] = $productid;
        $i++;

    }

    $q = rtrim($q, " || ");

} else {

    $q = 'productid=:productid';
    $prep = array(':productid' => $_SESSION["SESS_USERSPRODUCTIDS"], ':like' => "%$searchword%", ':like2' => "%$searchword%");

}

$maxlimit = 15;

$geturi = "/Search-Forum/" . $_GET['search'] . "/";

$string     = "SELECT id,title,date,username,viewcount,replycount,replyuser,replydate FROM forum_topics WHERE " . $q . " AND title LIKE :like OR content like :like2 ORDER BY replydate DESC";
$pagstring  = "SELECT id FROM forum_topics WHERE  " . $q . " AND title LIKE :like OR content like :like2";
$pagurl     = $geturi;

这是前端代码:

<?php

$topicQuery = $pagination->paginatedQuery($pdo, $string, $maxlimit, $prep);
if($topicQuery != "no query"){

while($fetchquery = $topicQuery->fetch()) { 
$topicid            = stripslashes($fetchquery["id"]);
$topictitle         = stripslashes($fetchquery["title"]);
$topicdate          = stripslashes($fetchquery["date"]);
$topicusername      = stripslashes($fetchquery["username"]);
$topicviewcount     = stripslashes($fetchquery["viewcount"]);
$topicreplycount    = stripslashes($fetchquery["replycount"]);
$topicreplyuser     = stripslashes($fetchquery["replyuser"]);
$topicreplydate     = stripslashes($fetchquery["replydate"]);

?>
<li>
    <div class="topiclisttitle"><p><b><a href="<?php echo '/Forum-'.$_GET["forumid"].'/Product-'.$_GET["productid"].'/' . $urlmaker->sluggify($topictitle); ?>/<?php echo $topicid ; ?>/<?php echo $_GET["proid"]; ?>/"><?php echo ucwords($topictitle); ?></a></b><br><?php echo $topicusername ; ?> on <?php echo $betterTime->dateAndtime($topicdate); ?></p></div>
    <div class="topiclistview"><p><b><?php echo $topicviewcount ; ?></b><br>Views</p></div>
    <div class="topiclistview"><p><b><?php echo $topicreplycount ; ?></b><br>Replies</p></div>
    <div class="topiclistlastposted"><?php if(!empty($topicreplyuser)){ ?><p>By: <b><?php echo $topicreplyuser ; ?></b> On<br><?php echo $betterTime->dateAndtime($topicreplydate); ?></p><?php } else { ?><p>By: <b><?php echo $topicusername ; ?></b> On<br><?php echo $betterTime->dateAndtime($topicreplydate); ?></p><?php } ?></div>
</li>
<?php } } else { ?>
<li><p class="morepadding">No Topics Regarding Your Search Words :(</p></li>
<?php } ?>

这是分页类的数据库输入:

$freebiesquery = $pdo->prepare($string . " LIMIT " . $maxlimit);
$freebiesquery->execute($prep);
$freebiesquery_num = $freebiesquery->rowCount();

所有这些都适用于其他页面,所以它必须是我做代码标题部分的方式,首先是格式化 sql 查询的方式。

我得到的唯一错误如下:

警告:PDOStatement::execute(): SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number

警告:PDOStatement::execute(): SQLSTATE[HY093]: 参数号无效

但这不能像我算过的那样,它们是一样的吗?

4

1 回答 1

1

将包含的字符串=>放入数组中不会产生关联。=>是数组文字语法的一部分,它们必须在字符串之外。

代替:

$prep[] = "':productid{$i}' => {$productid}";

和:

$prep[":productid{$i}"] = $productid};

代替:

$e = "':productid' =>" .  $_SESSION["SESS_USERSPRODUCTIDS"];

和:

$prep = array(':productid' => $_SESSION["SESS_USERSPRODUCTIDS"]);

代替:

$prep       = array($e, ':like' => "%$searchword%", ':like2' => "%$searchword%");

和:

$prep[':like'] = "%$searchword%";
$prep[':like2'] = "%$searchword%";
于 2013-04-23T10:34:43.520 回答