Site users use a search form to query a database of products. The keywords entered search the titles for the products in the database.
public function startSearch($keywords){
$keywords = preg_split('/[\s]+/', $keywords);
$totalKeywords = count($keywords);
foreach($keywords as $key => $keyword){
$search .= '%'.$keyword.'%';
if($key != ($totalKeywords)-1){
$search .= ' AND itemTitle LIKE ';
}
}
$sql=$this->db->prepare("SELECT * FROM prodsTable WHERE itemTitle LIKE ?");
$sql->bindParam(1, $search);
$sql->execute ();
$sql->fetchALL(PDO::FETCH_ASSOC);
The search works if a user enters a single keyword, but if multiple keywords are used the query does not execute.
if:
$keywords = 'apple ipod';
$search = '%apple% AND itemTitle LIKE %ipod%';
So the prepared statement should look like this:
"SELECT * FROM prodsTable WHERE itemTitle LIKE %apple% AND itemTitle LIKE %ipod%"
No results return when two products should return having both "apple" and "ipod" in their titles.
What am I doing wrong?
Prepared statements protect you from sql injection, so sql code in the parameters will not be interpreted. You will have to build a sql query with the correct number of AND itemTitle LIKE ? before calling prepare().
$keywords = preg_split('/[\s]+/', $keywords);
$totalKeywords = count($keywords);
$query = "SELECT * FROM prodsTable WHERE itemTitle LIKE ?";
for($i=1 ; $i < $totalKeywords; $i++){
$query .= " AND itemTitle LIKE ? ";
}
$sql=$this->db->prepare($query);
foreach($keywords as $key => $keyword){
$sql->bindValue($key+1, '%'.$keyword.'%');
}
$sql->execute ();
Related
Site users use a search form to query a database of products. The keywords entered search the titles for the products in the database.
public function startSearch($keywords){
$keywords = preg_split('/[\s]+/', $keywords);
$totalKeywords = count($keywords);
foreach($keywords as $key => $keyword){
$search .= '%'.$keyword.'%';
if($key != ($totalKeywords)-1){
$search .= ' AND itemTitle LIKE ';
}
}
$sql=$this->db->prepare("SELECT * FROM prodsTable WHERE itemTitle LIKE ?");
$sql->bindParam(1, $search);
$sql->execute ();
$sql->fetchALL(PDO::FETCH_ASSOC);
The search works if a user enters a single keyword, but if multiple keywords are used the query does not execute.
if:
$keywords = 'apple ipod';
$search = '%apple% AND itemTitle LIKE %ipod%';
So the prepared statement should look like this:
"SELECT * FROM prodsTable WHERE itemTitle LIKE %apple% AND itemTitle LIKE %ipod%"
No results return when two products should return having both "apple" and "ipod" in their titles.
What am I doing wrong?
Prepared statements protect you from sql injection, so sql code in the parameters will not be interpreted. You will have to build a sql query with the correct number of AND itemTitle LIKE ? before calling prepare().
$keywords = preg_split('/[\s]+/', $keywords);
$totalKeywords = count($keywords);
$query = "SELECT * FROM prodsTable WHERE itemTitle LIKE ?";
for($i=1 ; $i < $totalKeywords; $i++){
$query .= " AND itemTitle LIKE ? ";
}
$sql=$this->db->prepare($query);
foreach($keywords as $key => $keyword){
$sql->bindValue($key+1, '%'.$keyword.'%');
}
$sql->execute ();
Site users use a search form to query a database of products. The keywords entered search the titles for the products in the database.
public function startSearch($keywords){
$keywords = preg_split('/[\s]+/', $keywords);
$totalKeywords = count($keywords);
foreach($keywords as $key => $keyword){
$search .= '%'.$keyword.'%';
if($key != ($totalKeywords)-1){
$search .= ' AND itemTitle LIKE ';
}
}
$sql=$this->db->prepare("SELECT * FROM prodsTable WHERE itemTitle LIKE ?");
$sql->bindParam(1, $search);
$sql->execute ();
$sql->fetchALL(PDO::FETCH_ASSOC);
The search works if a user enters a single keyword, but if multiple keywords are used the query does not execute.
if:
$keywords = 'apple ipod';
$search = '%apple% AND itemTitle LIKE %ipod%';
So the prepared statement should look like this:
"SELECT * FROM prodsTable WHERE itemTitle LIKE %apple% AND itemTitle LIKE %ipod%"
No results return when two products should return having both "apple" and "ipod" in their titles.
What am I doing wrong?
Prepared statements protect you from sql injection, so sql code in the parameters will not be interpreted. You will have to build a sql query with the correct number of AND itemTitle LIKE ? before calling prepare().
$keywords = preg_split('/[\s]+/', $keywords);
$totalKeywords = count($keywords);
$query = "SELECT * FROM prodsTable WHERE itemTitle LIKE ?";
for($i=1 ; $i < $totalKeywords; $i++){
$query .= " AND itemTitle LIKE ? ";
}
$sql=$this->db->prepare($query);
foreach($keywords as $key => $keyword){
$sql->bindValue($key+1, '%'.$keyword.'%');
}
$sql->execute ();
I have a current SQL search query that lets users enter keywords to search for my SQL database. At the moment, the search will work with multiple words, but will show all results for either keyword. If you type in "Ford Mustang" it will show all results that have either "Ford" or "Mustang", but I need it to only show results that show both "Ford" and "Mustang".
What I have tried is below
public function getProductByName($name){
$stmt = $this->pdo->prepare('SELECT * FROM tbl_products WHERE name REGEXP :names');
$names = "[[:<:]](" . str_replace(" ", "|", $name) . ")[[:>:]]";
$stmt->execute(array('names' => $names));
return $stmt;
}
maybe this what you're looking for
select * from example where name like "%mustang%ford%"
You can write the query
select * from tbl_products where name like "%Mustang%" and name like "%ford%";
PHP code
//you may split search string like
$searchArray = explode(' ', $name);
//for loop for preparing the query
$query = 'SELECT * FROM tbl_products WHERE ';
$searchParams = array();
$conditions = [];
for($searchArray as $searchStr){
$conditions[] = 'name like ?';
$searchParams[] = "%$searchStr%";
}
//attach the conditions
$query .= implode(" and ", $conditions);
//execute the query
$stmt = $this->pdo->prepare($query);
$stmt->execute($searchParams);
I would like to use name placeholder to pass the value of an array to a select statement, such as:
$keywords=("word1", "word2", etc);
$sql = "SELECT * FROM TABLE WHERE name LIKE :word1 AND name LIKE :word2 etc"
Below is the script that I am working on:
$symptoms=$_POST['search'];
$keywords = preg_split('/[\s]+/', $symptoms);
$totalKeywords = count($keywords);
$sql = "SELECT * FROM TABLE_3 WHERE MATCH (symptoms) AGAINST (:symptoms) ";
$like_placeholder = implode(' AND ', array_fill(0, $totalKeywords, 'symptoms LIKE ?'));
$sql .= " AND ({$like_placeholder})"; // build the query with placeholders
// prep input
$where_keywords = array_map(function($value) {
return "%{$value}%";
}, $keywords);
$stmt = $pdo->prepare($sql);
$stmt->bindValue(':symptoms', $symptoms);
$stmt->execute([$_POST['search']]);
$stmt->execute($keywords);
$results = $stmt->fetchAll();
You can't use both named and question-mark placeholders in the same query. Change the :symptoms placeholder to ? and insert $symptoms at the beginning of your $keywords array.
You're never using $where_keywords. You can concatenate the % wildcard in the SQL code itself.
$symptoms=$_POST['search'];
$keywords = preg_split('/[\s]+/', $symptoms);
$totalKeywords = count($keywords);
$sql = "SELECT * FROM TABLE_3 WHERE MATCH (symptoms) AGAINST (?) ";
$like_placeholder = implode(' AND ', array_fill(0, $totalKeywords, "symptoms LIKE CONCAT('%', ?, '%')"));
$sql .= " AND ({$like_placeholder})"; // build the query with placeholders
$stmt = $pdo->prepare($sql);
array_unshift($keywords, $symptoms);
$stmt->execute($keywords);
$results = $stmt->fetchAll();
Site users use a search form to query a database of products. The keywords entered search the titles for the products in the database.
public function startSearch($keywords){
$keywords = preg_split('/[\s]+/', $keywords);
$totalKeywords = count($keywords);
foreach($keywords as $key => $keyword){
$search .= '%'.$keyword.'%';
if($key != ($totalKeywords)-1){
$search .= ' AND itemTitle LIKE ';
}
}
$sql=$this->db->prepare("SELECT * FROM prodsTable WHERE itemTitle LIKE ?");
$sql->bindParam(1, $search);
$sql->execute ();
$sql->fetchALL(PDO::FETCH_ASSOC);
The search works if a user enters a single keyword, but if multiple keywords are used the query does not execute.
if:
$keywords = 'apple ipod';
$search = '%apple% AND itemTitle LIKE %ipod%';
So the prepared statement should look like this:
"SELECT * FROM prodsTable WHERE itemTitle LIKE %apple% AND itemTitle LIKE %ipod%"
No results return when two products should return having both "apple" and "ipod" in their titles.
What am I doing wrong?
Prepared statements protect you from sql injection, so sql code in the parameters will not be interpreted. You will have to build a sql query with the correct number of AND itemTitle LIKE ? before calling prepare().
$keywords = preg_split('/[\s]+/', $keywords);
$totalKeywords = count($keywords);
$query = "SELECT * FROM prodsTable WHERE itemTitle LIKE ?";
for($i=1 ; $i < $totalKeywords; $i++){
$query .= " AND itemTitle LIKE ? ";
}
$sql=$this->db->prepare($query);
foreach($keywords as $key => $keyword){
$sql->bindValue($key+1, '%'.$keyword.'%');
}
$sql->execute ();