I have a code in php it takes a well formatted string such as 'field,operator,value' and produces a WHERE statement to MySQL database query.
if the two fields names below end with the same characters such as '*id' such as 'id' and 'classid' it produces strange behavior. such as the following:
$where = $_GET['where'];
$tokens = multiexplode(array("^", "~", "(", ")"), $where);
$where = str_replace("^", " AND ", $where);
foreach ($tokens as $item) {
if (!empty($item)) {
$where = str_replace($item, getOperand($item), $where);
}
}
echo 'WHERE '.$where;
function multiexplode($delimiters, $string)
{
$unifydelimters = str_replace($delimiters, $delimiters[0], $string);
$conditions = explode($delimiters[0], $unifydelimters);
return $conditions;
}
function getOperand($item)
{
$extokens = explode (",", $item);
switch (trim($extokens[1])) {
case 'eq':
return trim($extokens[0]) . " = '" . trim($extokens[2]) . "' ";
break;
default:
return "";
break;
}
}
tested with :
http://localhost/test/test.php?where=id,eq,1^classid,eq,19
ALways show: id = '1' AND classid='1' 9
Not: id = '1' AND classid='19'
But if any other field ends differently from the other such as:
http://localhost/test/test.php?where=id,eq,1^class,eq,19
It correctly shows: id = '1' AND class='19'
Any idea why this is happening??
Thanks,
The problem is that when you search for the first expression id,eq,1 for the replacement in the string
id,eq,1^classid,eq,19
You will find two positions:
id,eq,1^classid,eq,19
^ ^
id,eq,1 |
id,eq,1
This means you will do two replacements, even though you wanted only replace one.
To solve this problem you don't need to work with the original input string $where. Instead you can use the already create array in $tokens and change the individual array elements. You can use array_map() to do that, like this:
$changed = array_map('getOperand', $tokens);
Then you can put the array together to a string with ' AND ' as the separator:
$result = implode(' AND ', $changed);
This will finally generate the following result:
id = '1' AND classid = '19'
Keep in mind that you should use prepared statements to avoid SQL injections, see How can I prevent SQL injection in PHP?
Related
i want to get the count of some text that starts with specific letter with "/"
just like as follows. i want the count of all "A/" occurancves in that array.
<?php
$arr_vals = array("A/V","A/B","B/A","D/D","A/v","A/A");
$count_A = count($arr_vals,"A/*");
?>
Simple and easy one..Here is your solution:-
$input = preg_quote('A/', '~'); // don't forget to quote input string!
$arr_vals = array("A/V","A/B","B/A","D/D","A/v","A/A");
$result = preg_grep('~' . $input . '~', $arr_vals);
echo count($result); die;
array_reduce can be used to take your entire array and compute a result, through the use of a callback function. We can use regular expressions to define what your pattern is. Combining these two things, we have your solution:
$arr_vals = array("A/V","A/B","B/A","D/D","A/v","A/A");
function match($carry, $item) {
return $carry + preg_match('/A\/./', $item);
}
var_dump(array_reduce($arr_vals, 'match', 0)); // Returns 4
Using fnmatch would also work and uses shell wildcards, e.g. * and ?:
function count_pattern(array $input, string $pattern): int {
$count = 0;
foreach ($input as $string) {
$count += fnmatch($pattern, $string);
}
return $count;
}
Usage
$arr_vals = array("A/V","A/B","B/A","D/D","A/v","A/A");
echo count_pattern($arr_vals, "A/*"); // 4
Note: in order to use scalar type hints and returns you need PHP7. If you are not on PHP7 yet, you can just omit them.
Yes the correct answer is
$input = preg_quote('A/', '~'); // don't forget to quote input string!
$arr_vals = array("A/V","A/B","B/A","D/D","A/v","A/A");
$result = preg_grep('~' . $input . '~', $arr_vals);
echo count($result); die;
i wrote the following code:
<?php
$listO = $_POST["letter"];
//print_r($listO);
//Array ( [0] => A [1] => B [2] => C)
function to_pg_array($set) {
settype($set, 'array'); // can be called with a scalar or array
$result = array();
foreach ($set as $t) {
if (is_array($t)) {
$result[] = to_pg_array($t);
} else {
$t = str_replace('"', '\\"', $t); // escape double quote
if (! is_numeric($t)) // quote only non-numeric values
$t = '"' . $t . '"';
$result[] = $t;
}
}
return '{' . implode(",", $result) . '}'; // format
}
$pg_array_listO = to_pg_array($listO);
//print_r($pg_array_list_organisms);
//{"A","B","C"}
$conn = pg_connect("host=X dbname=Y user=Z");
$result = pg_query_params($conn, 'SELECT count(cp.id)
FROM cp, act, a, t
WHERE t.tid = a.tid AND
a.aid = act.aid AND
act.m = cp.m AND
t.n = $1 AND
act.st = $2 AND
t.o LIKE ANY(ARRAY[$3])', array($t1, $a2, $pg_array_listO));
while($row = pg_fetch_row($result)) {echo $row[0];}
?>
However i can't figure out how to pass the array $pg_array_listO to the postgres query. The function to_pg_array converts the php array into postgres array but still don't work. How can i do this?
postgres array looks like '{list}' :
t=# select array['a','b','c'];
array
---------
{a,b,c}
(1 row)
so you need to get rid of double quotes, otherwise postgres understands literals as identities.
Eg with $pg_array_listO = str_replace('"', '\\"',to_pg_array($listO)) or smth smarter - sorry - I'm not good in php
additionally modify ANY(ARRAY[$3]) to ANY('$3'::text[]), cos array[] or '{}'::text[] would be accepted
update
based on
//print_r($pg_array_list_organisms);
//{"A","B","C"}
I expect this to work:
$result = pg_query_params($conn, "SELECT count(cp.id)
FROM cp, act, a, t
WHERE t.tid = a.tid AND
a.aid = act.aid AND
act.m = cp.m AND
t.n = $1 AND
act.st = $2 AND
t.o LIKE ANY($3)", array($t1, $a2, str_replace('"', '',to_pg_array($listO))));
mind I changed quotes and SQL and str_replace for $3 variable
a working example of this approach:
t=# select 'a' like any('{a,b,c}'::text[]);
?column?
----------
t
(1 row)
I have text :
$a = I wanna eat apple , and banana .
I wanna get every words and punctuation of that sentence :
$b = explode(' ', strtolower(trim($a)));
the result of explode is array.
I have a words table on db that has fields : id, word and typewords all in lowercase. but for punctuation there are no exist in db.
I wanna search every words in db to take the type of words, so the final result that i want to get is :
words/typeofwords = I/n wanna/v eat/v apple/n ,/, and/p banana/n ./.
here's the code :
function getWord ($word){
$i = 0 ;
$query = mysql_query("SELECT typewords FROM words WHERE word = '$word' ");
while ($row = mysql_fetch_array($query)) {
$word[$i] = $row['typewords'];
$i++;
}
return $word;
}
echo $b.'/'.getWord($b);
but it doesn't work, please help me, thanks !
Try with this:
function getWord($words){
$association = array();
foreach($words as $word)
{
$query = mysql_query("SELECT typewords FROM words WHERE word = '$word' ");
if($row = mysql_fetch_array($query))
$association[$word] = $row['typewords'];
elseif(preg_match('/[\.\,\:\;\?\!]/',$word)==1)
$association[$word] = $word;
}
return $association;
}
$typewords = getWord($b);
foreach($b as $w)
echo $w.'/'.$typewords[$w];
function getWord($word){
// concat the word your searching for with the result
// http://dev.mysql.com/doc/refman/5.0/en/string-functions.html#function_concat
$query = mysql_query("SELECT CONCAT(word,'/',typewords) as this_result FROM words WHERE word = '$word' ");
$row = mysql_fetch_array($query);
return $row['this_result']." "; // added a space at the end.
}
// loop through the $b array and send each to the function
foreach($b as $searchword) {
echo getWord($searchword);
}
You assume the function parameter to be an array, but it is a string.
Edit: In your function you treat $word as an array as well as a string. Decide what you want and recode your function.
This question already has answers here:
mysql_fetch_array()/mysql_fetch_assoc()/mysql_fetch_row()/mysql_num_rows etc... expects parameter 1 to be resource
(31 answers)
Closed 8 years ago.
Can someone please help me with my code, I can't get it to work.
I have an html input form where I type for example "This is a sample".
(data is saved in $_POST['Begriff'])
I want to achive a simple translation, so that the table "drinks" in column "English" is checked for existence of every single word from my input sample sentence and output if found every entry from the corresponding row in one line.
Right now I have two problems:
As soon as I add " where English in $wert" to the select statement I get:
Notice: Array to string conversion in nachlesen.php on line 34
Warning: mysql_fetch_assoc() expects parameter 1 to be resource, boolean given
Second Problem: How to I put the sentence together again from the returned results?
(Right now I get the output for every found word below each other, instead of one line)
Here is my code:
if ( $_POST['Begriff'] <> "")
{
$wert = explode(' ',$_POST['Begriff']);
$select = mysql_query ("SELECT * FROM drinks where English in $wert");
while ( $row = mysql_fetch_assoc($select))
{
echo ("$row[German] <br>");
echo ("$row[English]<br>");
}
}
Thanks in Advance, Daniel
<?php
// premise: the user input in $_POST['Begriff'] is a string like 'This is a sample'
//first split it into single words
// preg_split: \s+ -> one or more whitespaces , PREG_SPLIT_NO_EMPTY -> no "empty" words
// e.g. " Mary had a little lamb" -> array('Mary','had','a','little','lamb')
$words = preg_split('!\s+!', $_POST['Begriff'], -1, PREG_SPLIT_NO_EMPTY);
// now encode each string so that it can be used
// safely as a string-literal within your sql query
// see: sql injection
// this should be:
// $words = array_map(function($e) use($mysql) { return mysql_real_escape_string($e, $mysql); }, $words);
// but apparently you're not storing the resource that is returned by mysql_connect
// mysql_real_escape_string() is applied to each single element in $words
// e.g. array("it's", "been") -> array("it\\'s", "been")
$words = array_map('mysql_real_escape_string', $words);
// now put the string literals into your query
// format: ... IN ('x','y','z')
// join(",", $words) gives you x,y,z
// join("','", $words) gives you x','y','z
// i.e. the first and the last ' has to be added "manually"
// keep in mind that for an empty array $words this will produce WHERE ... IN ('')
// better test that before even trying to build the query
$query = sprintf("
SELECT
German,English
FROM
drinks
WHERE
English IN ('%s')
", join("','", $words));
// send the query to the MySQL server
// should be: $result = mysql_query($query, $mysql);
$result = mysql_query($query);
// database query -> failure is always an option
if ( !$result ) {
// add error handling here
}
else {
// in case there is not a single match in the database
// your script would print ...nothing
// I don't like that - but that debatable
// anway: wrapped in a fieldset
echo '<fieldset><legend>results:</legends>';
while( false!==($row=mysql_fetch_array($result, MYSQL_FETCH_ASSOC)) ) {
printf('%s<br />%s<br />',
// just like on the input-side you had to worry about
// sql injections
// on the output side you want to avoid
// that characters from the database can break your html structure
htmlentities($row['German']),
htmlentities($row['English'])
);
}
echo '</fieldset>';
}
(script is untested)
why don't you try implode() and convert your array to string??
if ( $_POST['Begriff'] <> "")
{
//you'l have to replace all "spaces with ',' "
$pattern = '/\s*,\s*/';
$replace = "','";
$wert = preg_replace($pattern, $replace, $_POST['Begriff']);
$select = mysql_query ("SELECT * FROM drinks where English in ('$wert')");
while ( $row = mysql_fetch_assoc($select))
{
echo ("$row[German] <br>");
echo ("$row[English]<br>");
}
}
ANOTHER SOLUTION (TO PREVENT SQL INJECTION)
if ( $_POST['Begriff'] <> "")
{
//replace multiple spaces
$str1 = preg_replace( "/\s+/", " ", $_POST['Begriff'] );
//convert to array, separated by space
$arr=explode(" ",$str1);
$safe_params=array();
foreach($arr as $param){
$safe_params[]=mysql_real_escape_string($param);
}
$wert=implode("','",$safe_params);
$select = mysql_query ("SELECT * FROM drinks where English in ('$wert')");
while ( $row = mysql_fetch_assoc($select))
{
echo ("$row[German] <br>");
echo ("$row[English]<br>");
}
}
EDIT
Processing query output according to language
$german_words=array();
while ( $row = mysql_fetch_assoc($select))
{
$german_words[$row['English']]=$row['Gernam'];
}
//$str1 is having english string
echo "English: ".$str1."<br/>";
echo "German : ";
//$arr is having array of words of $str1
foreach($arr as $eng_word){
echo $german_words[$eng_word]." ";
}
"SELECT * FROM drinks where English in ('". implode("','", $wert) . "')"
EDIT: SQL Injection safe query:
$dsn = 'mysql:dbname=' . $settings['dbname'] . ';host=' . $settings['dbhost'];
$pdo = new PDO($dsn, $settings['dbuser'], $settings['dbpass'], array(PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8"));
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$pdo->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
if ( $_POST['Begriff'] <> "")
{
$wert = explode(' ',$_POST['Begriff']);
$placeholders = implode(',', array_fill(0, count($wert), '?'));
$sth = $pdo->prepare("SELECT * FROM drinks WHERE English in ({$placeholders})");
$sth->execute($wert);
$rows = $sth->fetchAll();
foreach($rows as $row) {
print_r( $row );
}
}
I hope you can help me.
I have a string like the following
Luke 1:26-38
And I would like to be able to break it up into tokens or individual variables so that I can use the variables in an SQL query.
I've tried using explode, however I've only been able to make it explode on one character such as : or -
My string has : and - and also a space between the name and the first number.
My goal is to have:
$name = Luke;
$book = 1;
$from = 26;
$to = 38;
Is anyone able to help please.
Many thanks
You can do that with a simple string scanning (Demo):
$r = sscanf("Luke 1:26-38", "%s %d:%d-%d", $name, $book, $from, $to);
The varibales then contain the information. %s represents a string (without spaces), %d a decimal. See sscanf.
To make this "bible safe", it needs some additional modifications:
$r = sscanf($string, "%[ a-zA-Z] %d:%d-%d", $name, $book, $from, $to);
$name = trim($name);
(Second demo).
list( $name, $book, $from, $to ) = preg_split( '/[ :-]/', 'Luke 1:26-38' );
echo $name; //"Luke"
/* Split results in an Array
(
[0] => Luke
[1] => 1
[2] => 26
[3] => 38
)
*/
$string = "Luke 1:26-38";
preg_match('#^(\w+)\s(\d+):(\d+)-(\d+)$#', $string, $result);
print_r($result);
regex is hard to configure for this because of the multiple configurations of bible book names, chapter and verse num. Because some books begin with a number and some books have multiple spaces in the book names.
I came up with this for building a sql query, it works for these passage search types..
(John), (John 3), (Joh 3:16), (1 Thes 1:1)
Book names can be 3 letter abbreviations.
Does unlimited individual word search and exact phrase.
$string = $_GET['sstring'];
$type = $_GET['stype'];
switch ($type){
case "passage":
$book = "";
$chap = "";
$stringarray = explode(':', $string); // Split string at verse refrence/s, if exist.
$vref = $stringarray[1];
$vrefsplit = explode('-', $vref);// Split verse refrence range, if exist.
$minv = $vrefsplit[0];
$maxv = $vrefsplit[1]; // Assign min/max verses.
$bc = explode(" ", $stringarray[0]); // Split book string into array with space as delimiter.
if(is_numeric($bc[count($bc)-1])){ // If last book array element is numeric?
$chap = array_pop($bc); // Remove it from array and assign it to chapter.
$book = implode(" ", $bc); // Put remaining elemts back into string and assign to book.
}else{
$book = implode(" ", $bc); // Else book array is just book, convert back to string.
}
// Build the sql query.
$query_rs1 = "SELECT * FROM kjvbible WHERE bookname LIKE '$book%'";
if($chap != ""){
$query_rs1.= " AND chapternum='$chap'";
}
if($maxv != ""){
$query_rs1.= " AND versenum BETWEEN '$minv' AND '$maxv'";
}else if($minv != ""){
$query_rs1.= " AND versenum='$minv'";
}
break;
case "words":
$stringarray = explode(" ", $string); // Split string into array.<br />
// Build the sql query.
$query_rs1 = "SELECT * FROM kjvbible WHERE versetext REGEXP '[[:<:]]". $stringarray[0] ."[[:>:]]'";
if(count($stringarray)>1){
for($i=1;$i<count($stringarray);$i++){
$query_rs1.= " AND versetext REGEXP '[[:<:]]". $stringarray[$i] ."[[:>:]]'";
}
}
break;
case "xphrase":
// Build the sql query.
$query_rs1 = "SELECT * FROM kjvbible WHERE versetext REGEXP '[[:<:]]". $string ."[[:>:]]'";
break;
default :
break;
}