Fatal error: Call to undefined function bind_param()

Question

我想使用mysql LIKE 从数据库中检索学生姓名，我有以下表格

  <form action="search.php" method="POST">
        <input type="text" name="search" id="search-input">
        <input type="submit" value="Submit" id="submit">
  </form>

还有我的search.php

<?php 
        require_once 'db.php';
        if (isset($_POST['search']) && !empty($_POST['search'])) {
            $search_param = trim($_POST['search']);

            $slct_search = $db->prepare("SELECT student_name FROM student_details WHERE student_name LIKE ?") or die($db->error);
            $slct_search = bind_param('s', $search_param);
            $slct_search->execute();        
            $res = $slct_search->get_result();  
            if($res->num_rows) {            
                while ($result = $res->fetch_object()) {
                    echo $result->student_name;
                }
            } else {
                echo 'OOPS we had a problem';
            }   
        }
    ?>

当我点击提交按钮时收到以下错误

Fatal error: Call to undefined function bind_param() in F:\xampp\htdocs\sel\search.php on line 7

Answer 1

你试过了吗：

$slct_search->bind_param('s', $search_param);

另请注意，您可能会使用 trim()，但它仍然会让您面临 SQL 注入。尝试做一些类似的事情：

$db->real_escape_string( trim( $_POST['search'] ) );

在此处阅读有关其他逃脱的信息：

• mysqli_real_escape_string()
• strip_tags()
• htmlentities()

Answer 2

bind_param

请使用->

使用这个 $slct_search - >bind_param

而不是这个 $slct_search = bind_param