I am creating a database website wherein there is a search bar then it will lead to a search results page (in table form). The user will then select a specific result that would lead to a custom webpage for that result. Is there a way to do that in PHP/MYSQL?
Here is my PHP code:
<?php
include "databaseconnect.php";
$keywordfromform = $_GET["Search"];
$sql = ("SELECT titleID, authorsID, yearID, subjectID
FROM researchpapertable
WHERE titleID LIKE '%" . $keywordfromform . "%'
OR authorsID LIKE '%" . $keywordfromform . "%'
OR yearID LIKE '%" . $keywordfromform . "%'
OR subjectID LIKE '%" . $keywordfromform . "%'
");
$result = $mysqli->query($sql);
if ($result-> num_rows>0) {
// output data of each row
while($row = mysqli_fetch_assoc($result)) {
echo '<tr><td>'. $row["titleID"]."</td><td>". $row["authorsID"]."</td><td>". $row["yearID"]."</td><td>". $row["subjectID"]."</td></tr>";
}
} else {
echo "<tr><td> 0 results </td><td> 0 results </td><td> 0 results </td><td> 0 results </td><tr>";
}
$mysqli->close();
?>
I placed a <a href="indivpage.php"> in the column where they will select the title of their choice. What should I place there for it to lead to its specific page? I am not sure what I should search for in order to search for similar tutorials/code. If there are similar questions/code to this, it would help a lot. Thank you in advance!
You would send a unique identifier as a parameter to your page. Like this:
echo '<tr><td>' . $row["titleID"] . '...etc...</td></tr>';
Then in your indivpage.php you would use $_GET['title_id'] to fetch all the details from the database.
Let me add to this that there is very much wrong with the code you wrote. To begin with I would suggest to read about SQL injection
Related
This question already has answers here:
Can I mix MySQL APIs in PHP?
(4 answers)
Closed 3 years ago.
I am building an android application which uses mysql database as backend. I am trying to search through tables and multiple columns with a keyword and return them to the android app using php in a json format.
I tried a sample code i got from this question but it doesn't seem to work.
Here is my php code
<?php
require "conn.php";
$key = $_POST["key"];
$array = array();
$mysql_query = "(SELECT *, 'home' AS type FROM home WHERE food_name LIKE '%" . $key . "%' OR descrip LIKE '%" . $key ."%' OR user_name LIKE '%" . $key ."%'
UNION
SELECT *, 'c4c' AS type FROM cook4cash WHERE food_name LIKE '%" . $key . "%' OR descrip LIKE '%" . $key ."%' OR user_name LIKE '%" . $key ."%'
UNION
SELECT *, 'vendor' AS type FROM vendors_info WHERE user_name LIKE '%" . $key . "%'
UNION
SELECT *, 'customer' AS type FROM customers_info WHERE user_name LIKE '%" . $key . "%')";
mysql_query($query);
$result = mysqli_query($conn, $mysql_query);
if(mysqli_num_rows($result) > 0){
session_start();
while($row = mysqli_fetch_assoc($result)){
$array[] = $row;
//echo json_encode($row);
}
foreach($array as $new_array){
$new_array['id'] . '<br/>';
$new_array['food_name'] . '<br/>';
$new_array['descrip'] . '<br/>';
$new_array['price'] . '<br/>';
$new_array['quantity'] . '<br/>';
$new_array['image_url'] . '<br/>';
$new_array['user_name'] . '<br/>';
$new_array['profile_pic'] . '<br/>';
$new_array['delivery_time'] . '<br/>';
$new_array['delivery_cost'] . '<br/>';
$new_array['location'] . '<br/>';
$new_array['email'] . '<br/>';
}
echo json_encode(array("userInfo" => $array));
} else {
echo "No data was found";
}
?>
When i use postman to test, it gives the error code 500 (Internal Server Error).
I want to know what is wrong with this code.
Did you check PHP error_logs? I guess reason of the problem is line 14. You're using mysqli_* methods but on line 14, you had tried to use a mysql_* method. I think you should remove the code on this line and try again.
This question already has answers here:
Search Form with One or More (Multiple) Parameters
(2 answers)
Closed 7 years ago.
I am trying to create a database with multiple fields for searching but it is displaying the entire database if there is an empty field. i suspect it is because of the OR's in the query and i am not sure how to fix it.
<?php
if (isset($_POST['Submit']))
{
$con = mysqli_connect();
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$surname = $_POST['surname'];
$firstname = $_POST['firstname'];
$maiden = $_POST['maiden'];
$birth = $_POST['birth'];
$death = $_POST['death'];
$keyword = $_POST['keyword'];
$sql = "SELECT * FROM obits WHERE surname LIKE '%" . $surname . "%' OR firstname LIKE '%" . $firstname . "%' OR maiden LIKE '%" . $maiden . "%' OR birth LIKE '%" . $birth . "%' OR death LIKE '%" . $death . "%' OR obittext LIKE '%" . $keyword . "%'";
$result = mysqli_query($con, $sql);
further down i have this:
if (isset($result) && $result->num_rows > 0);
then follows the table etc. i think i have all the pertinent info here. any suggestions? please use english rather than programmer, i am quite new at this. thanks in advance!
Let's look at one of the conditions:
surname LIKE '%" . $surname . "%'
Assuming, $surname is Miller here, you select all rows that have a surname like %Miller%. The % signs are wildcards, which can basically stand for anything. This means you are selecting all rows where the surname contains Miller with any string before or after it, including empty ones.
Now, if Miller would be empty in this case, you are looking for %%, so an empty string with anything before or after it -- so really any possible string. As a result, every row will be selected.
Since this is true not only for the surname, but for any of the columns, leaving any of the criteria blank will result in all rows being selected.
Find more info on SQL Wildcards.
To skip empty values in your where clause, you can build it dynamically:
$condition = "WHERE";
if(!empty($surname)){
$condition .= "surname LIKE '$surname' OR";
}
if(!empty($firstname)){
$condition .= "firstname LIKE '$firstname' OR";
}
// ...
$sql = "SELECT * FROM obits " . $condition;
Note:
There will be a trailing OR in the condition that you will have to remove.
If all conditions are blank, this will also lead to an error.
But it should give you an inpiration! :-)
Side Note:
You should look into prepared statements. Passing POST variables directly into an SQL statement is highly dangerous.
Im trying to make an easy Select from the db and save the results in an array.
$query = "SELECT ID FROM Publikationen WHERE Personen LIKE '%; " . $autor2 . "%';";
echo($query);
// get IDs
$res = mysqli_query($link,$query );
$i = 0;
while ($row = mysqli_fetch_assoc($res)){
echo($row['ID']);
$IDarray[$i]= $row['ID'];
$i++;
}
The $autor2 variable is an Name like: "Doe, John".
The code seems to not go in the loop, and mysqli_error after the loop is null so it seems im not getting results from the db.
When im copying the echo from $query in phpMyAdmin it works fine. Also when im using a Name instead $autor2 it also works fine and im getting my whole Array.
$query = "SELECT ID FROM Publikationen WHERE Personen LIKE '%" . $autor2 . "%'";
write this code.
As far as I can see in the SQL query, there's a syntax error.
You wrote :
SELECT ID FROM Publikationen WHERE Personen LIKE '%; " . $autor2 . "%';
but it should have been :
SELECT ID FROM Publikationen WHERE Personen LIKE '%" . $autor2 . "%';
Hope it helps!
Remove the semicolon from the query.
$query = "SELECT ID FROM Publikationen WHERE Personen LIKE '% " . $autor2 . "%'";
Simply use this -
$query = "SELECT ID FROM Publikationen WHERE Personen LIKE '%$autor2%'";
If the semicolon is important then use it but use the $author2 variable just inside single quote (' ').
I apologize if this question has come up before, but I've looked and only found people who are only concerned with the actual result returned by
mysql_query($query);
I'm making a php/mysql page with ajax for a project where the user can create a database and perform a search by interacting with a few select boxes. I would also like to be able to print out the actual query generated by the php, just for testing.
if($dArray[0] == 'sb2a'){
$sql = "SELECT * FROM Vehicles WHERE " . $dArray[1] . " = \'" . $dArray[2] + "\'";}
print($sql);
It just prints 0 rather than something like
"SELECT * FROM Vehicles WHERE VID = '01'"
Any help would be greatly appreciated.
Near the end of your line of code setting the value for $sql:
. $dArray[2] + "\'";
That + should be a .
if($dArray[0] == 'sb2a')
{
$sql = "SELECT * FROM Vehicles WHERE " . $dArray[1] . " = \'" . $dArray[2] . "\'";
}
print($sql);
To concatenation we should always use '.'
Query should be like this.
$sql = "SELECT * FROM Vehicles WHERE {$dArray[1]} = '{$dArray[2]}'";
I want to write a Mysql statement that selects all from a table(posting) where title is like $title except for the title of $title. Basically I want to display all related posting of a certain posting. I want the query to select all the postings in the table that has the title name in the title OR detail. But I don't want the posting to display in the related postings.
//pseudocode
$query="Select * From posting Where title,detail, like %$title% except $title";
how do I write the except part?
This is the code you need, although it will be better if you have the current post id and just have something like WHERE id != " . (int)$current_post_id . "
$title = mysql_real_escape_string($title);
$sql = "
SELECT *
FROM posting
WHERE
title LIKE '%" . $title . "%' AND
detail LIKE '%" . %title . "%' AND
title != " . $title . "
";
Here is the ID version, way better :)
$title = mysql_real_escape_string($title);
$sql = "
SELECT *
FROM posting
WHERE
title LIKE '%" . $title . "%' AND
detail LIKE '%" . %title . "%' AND
id != " . (int)$post_id . "
";
EDIT: If you want LIKE '%$title%' AND != '$title' then:
SELECT * FROM posting
WHERE title LIKE '%$title%' AND detail LIKE '%$title%' AND title != '$title';
else
SELECT * FROM posting
WHERE title LIKE '%$title%' AND detail LIKE '%$title%' AND title NOT LIKE '%$title%';
Are you sure that's correct? LIKE '%$title%' AND NOT LIKE '%$title%' is a contradiction.