我正在将我所有的站点代码从使用 mysql_* 函数转换为 PDO.PDO 上的 PHP 文档不符合我的需要.提供了使用的功能,但在不同场景下不详细说明.
I'm converting all my sites code from using mysql_* functions to PDO. The PHP documentation on PDO is not clear for my needs. It gives you the functions to use, but does not go into detail to explain them in different scenarios.
Basically, I have a mysql fulltext search:
$sql = "SELECT ... FROM search_table WHERE MATCH(some_field) AGAINST ('{$searchFor}*' IN BOOLEAN MODE)";
The actual statements much longer, but this is what it basically does.
我的问题是,我如何将其合并到 PDO 中?
My question is, how would I incorporate this into PDO?
我知道您不打算在位置标记周围使用引号,所以您是否将它们留在 AGAINST() 函数中?我包括他们吗?如果我将它们排除在外,通配符等会怎样?
I know you're not meant to use quotes around the place-marker, so do you leave them out in the AGAINST() function? Do I include them? If I leave them out, what happens to the wildcard symbol etc?
$sql = $this->db->prepare("SELECT ... FROM search_table WHERE MATCH(some_field) AGAINST(:searchText IN BOOLEAN MODE");
$sql->bindValue(':searchText', $searchFor . '*');
不幸的是,这是使用查询参数的一个奇怪的例外(但显然不是在最近的点发布每个 MySQL 分支,见下文).
This is unfortunately a weird exception to the use of query parameters (edit: but apparently not in the most recent point-release of each MySQL branch, see below).
中的模式必须 是一个常量字符串,而不是一个查询参数.与 SQL 查询中的其他常量字符串不同,这里不能使用查询参数,仅仅是因为 MySQL 中的限制.
The pattern in AGAINST()
must be a constant string, not a query parameter. Unlike other constant strings in SQL queries, you cannot use a query parameter here, simply because of a limitation in MySQL.
要将搜索模式安全地插入到查询中,请使用 PDO::quote()功能.请注意,PDO 的 quote() 函数已经添加了引号分隔符(与 mysql_real_escape_string() 不同).
$quoted_search_text = $this->db->quote('+word +word');
$sql = $this->db->prepare("SELECT ... FROM search_table
WHERE MATCH(some_field) AGAINST($quoted_search_text IN BOOLEAN MODE");
Re comment from @YourCommonSense:
- 在 AGAINST() 子句中使用存储过程参数总是返回相同的结果:http://bugs.mysql.com/bug.php?id=3734
- 准备好的语句、MATCH 和 FULLTEXT 导致崩溃或奇怪的结果:http://bugs.mysql.com/bug.php?id=14496
