Svaret er, at det behøver du ikke. Den korrekte måde at bruge PDO's forberede på er sådan her:
$stmt = $pdo->prepare(
"SELECT * FROM `products_keywords` WHERE `product_type` = ?");
Dette er hele pointen med at bruge en forberedt erklæring. Så binder parameteren som følger:
$stmt->bindParam(1, $product_type)
Bevis,
Skema:
create table `products_keywords`
( `id` int not null,
`products_keywords` varchar(1000) not null,
`product_type` varchar(100) not null
);
insert `products_keywords` (`id`,`products_keywords`,`product_type`) values
(1,'zoom lawn cut mower',"Lawn Mower"),
(2,'stylish torso Polo','Men\'s Shirt');
Se data:
select * from `products_keywords`;
+----+---------------------+--------------+
| id | products_keywords | product_type |
+----+---------------------+--------------+
| 1 | zoom lawn cut mower | Lawn Mower |
| 2 | stylish torso Polo | Men's Shirt |
+----+---------------------+--------------+
PHP:
<?php
// turn on error reporting, or wonder why nothing is happening at times
error_reporting(E_ALL);
ini_set("display_errors", 1);
$servername="localhost";
$dbname="so_gibberish";
$username="nate123";
$password="openSesame1";
try {
$pdo = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$pdo->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
$product_type="Men's Shirt";
$stmt = $pdo->prepare("SELECT * FROM `products_keywords` WHERE `product_type` = ?");
$stmt->bindParam(1, $product_type);
$stmt->execute();
while($row = $stmt->fetch()) {
echo $row['id'].", ".$row['products_keywords'].", ".$row['product_type']."<br/>";
}
} catch (PDOException $e) {
echo 'pdo problemo: ' . $e->getMessage(); // dev not production code
exit();
}
?>
Browser: