I am trying to find the number of rows that match a specific pattern. In this example, all that START with "123":
我试图找到与特定模式匹配的行数。在这个例子中,所有START以“123”开头:
This is working:
这是有效的:
$query = mysql_query("SELECT * FROM table WHERE the_number LIKE '123%'");
$count = mysql_num_rows($query);
The problem is the LIKE will vary, so I'm trying to define it in the script, then execute the query, but this is NOT working:
问题是LIKE会有所不同,所以我试图在脚本中定义它,然后执行查询,但这不起作用:
$prefix = "123";
$query = mysql_query("SELECT * FROM table WHERE the_number LIKE $prefix.'%'");
$count = mysql_num_rows($query);
How can I get this query to work properly in the second example?
如何在第二个示例中使此查询正常工作?
EDIT: I've also tried it without the period (also not working):
编辑:我也尝试过没有句号(也没有工作):
$query = mysql_query("SELECT * FROM table WHERE the_number LIKE $prefix'%'");
2 个解决方案
#1
15
You have the syntax wrong; there is no need to place a period inside a double-quoted string. Instead, it should be more like
你的语法错了;不需要在双引号字符串中放置句点。相反,它应该更像
$query = mysql_query("SELECT * FROM table WHERE the_number LIKE '$prefix%'");
You can confirm this by printing out the string to see that it turns out identical to the first case.
您可以通过打印出字符串来确认这一点,以确定它与第一种情况相同。
Of course it's not a good idea to simply inject variables into the query string like this because of the danger of SQL injection. At the very least you should manually escape the contents of the variable with mysql_real_escape_string
, which would make it look perhaps like this:
当然,由于SQL注入的危险,简单地将变量注入到查询字符串中并不是一个好主意。至少你应该使用mysql_real_escape_string手动转义变量的内容,这可能会使它看起来像这样:
$sql = sprintf("SELECT * FROM table WHERE the_number LIKE '%s%%'",
mysql_real_escape_string($prefix));
$query = mysql_query($sql);
Note that inside the first argument of sprintf
the percent sign needs to be doubled to end up appearing once in the result.
请注意,在sprintf的第一个参数内,百分号需要加倍才能在结果中出现一次。
#2
3
DO it like
好吗
$query = mysql_query("SELECT * FROM table WHERE the_number LIKE '$yourPHPVAR%'");
Do not forget the %
at the end
不要忘记最后的%
#1
15
You have the syntax wrong; there is no need to place a period inside a double-quoted string. Instead, it should be more like
你的语法错了;不需要在双引号字符串中放置句点。相反,它应该更像
$query = mysql_query("SELECT * FROM table WHERE the_number LIKE '$prefix%'");
You can confirm this by printing out the string to see that it turns out identical to the first case.
您可以通过打印出字符串来确认这一点,以确定它与第一种情况相同。
Of course it's not a good idea to simply inject variables into the query string like this because of the danger of SQL injection. At the very least you should manually escape the contents of the variable with mysql_real_escape_string
, which would make it look perhaps like this:
当然,由于SQL注入的危险,简单地将变量注入到查询字符串中并不是一个好主意。至少你应该使用mysql_real_escape_string手动转义变量的内容,这可能会使它看起来像这样:
$sql = sprintf("SELECT * FROM table WHERE the_number LIKE '%s%%'",
mysql_real_escape_string($prefix));
$query = mysql_query($sql);
Note that inside the first argument of sprintf
the percent sign needs to be doubled to end up appearing once in the result.
请注意,在sprintf的第一个参数内,百分号需要加倍才能在结果中出现一次。
#2
3
DO it like
好吗
$query = mysql_query("SELECT * FROM table WHERE the_number LIKE '$yourPHPVAR%'");
Do not forget the %
at the end
不要忘记最后的%