I'm trying to search for specific users, using a form with a text input. Right now I'm testing the connection and var_dump the array on the page to see if my search is returning any results. Currently with the following code I'm able to connect to my database and pull in the correct users if I only search for the last name. If I search for the first and last name it returns no results in the array. What am I doing wrong here?
if (isset($_POST['user'])) {
$keyword = $_POST['user'];
$skuser = $wpdb->get_results("SELECT * FROM table_name WHERE last LIKE '%$keyword%';");
var_dump($skusers);
}
This is WordPress on a custom page template as you can see from my code snippet I'm using the $wpdb global database variable. Again, this does work if I type in someones last name but if I type their entire name it can't find anything. Thanks for pointing me in the right direction!
SELECT *
FROM table
WHERE CONCAT( nameFirst,' ', nameLast ) LIKE '%Noman%'
sanitize any user submitted input before applying in the query or use MYSQLi
Related
Using a plugin I'm able to use PHP on page by using [insert_php] as a tag however, whenever I try using SQL it doesn't seem to work.
I tried using:
global $wpdb;
$prepared = $wpdb->get_row(
"SELECT SiteID, SiteName
FROM $wpdb->Site
WHERE SiteID = 1");
echo $prepared->SiteName;
echo "test";
All I'm getting is test on the page and I've tested to see if my sql statement was at fault and it seems to be working fine so I'm guessing there's an issue with $wpdb or the way I'm outputting the data.
WordPress.org has a lot of detailed information in their reference.
I think attempting to refer to $wpdb->Site is a likely suspect for why your code is not working. You will need to know the exact fields in the table to pull your information.
Here is a reference for the wp_site table. I think you're actually looking for the 'domain' field, not 'sitename'.
Try replacing $wpdb->Site with the actual name of the table. I also get errors like that at first since $wpdb->table_name only works with the default wp tables.
EDIT
It should be something like this:
SELECT SiteID, SiteName FROM Site WHERE SiteID = 1
I'm writing a php program using mssql where I have a long query with many parameters and a quite big database. How could I solve that a parameter in the query only gets included when the corresponding form field is filled?
example:
SELECT * FROM Users WHERE UserdID='' AND Status='' AND ...
Lets say that this is an admin tool for seraching users but I only want to include those AND parameter='' sections where the corresponding form field has been filled.
I could check each form field and stich together the query but I feel like there is an easier and more elegant way.
Brother I hope you go with bellow algorithm
Create a Globel Variable for condition.
Check first input that value is not blank, if not blank then put into globel variable .
So on with other fileds.
After All input check the globel varriable content only those condtion which user submited.
Sample Example.
var a="";
if(txtUser!="")
{
a = a==""?"username= ".txtUser:"username= ".txtUser;
}
if(txtCountry!="")
{
a = a==""?"country= ".txtCountry:a." and country= ".txtCountry;
}
a variable for where condition
I'm working on a sort-of registration system for a Wordpress site. The bulk of the work is done with the "Formidable Forms Pro" WP plugin.
In the system a code is generated for each player that has been 'accepted'. The player is then sent an email with the code and is expected to enter it in a field on another form.
I would post this question on the Formidable support form but... they don't help with custom code.
Basically, the issue is that no matter what code is entered in the field the error message is ALWAYS returned, even if the code is in fact in the database. I'm not sure what I've done wrong - and am unsure of how I can debug this in Wordpress. I have checked that my field values (stored as globals for the time being) are correct and they are.
Anyways, here's the php function in question:
add_filter('frm_validate_field_entry', 'validatePlayerPassCode', 10, 3);
function validatePlayerPassCode($errors, $posted_field, $posted_value)
{
global $wpdb;
global $code_entry_field;
global $code_field;
if ($posted_field->id == $code_entry_field) {
$prefix = $wpdb->prefix;
$actual_codes = $wpdb->get_results(
$wpdb->prepare(
"SELECT meta_value FROM %s WHERE field_id = %d",
$prefix . "frm_item_metas",
$code_field
));
if (in_array($posted_value, $actual_codes)) {
return;
}
$errors['field'. $posted_field->id] = '<p>Failed to register player, player passcode incorrect.</p>';
}
return $errors;
}
To sum up, what is wrong in this code of mine that causes correct codes to still be read as wrong?
Thanks!
Your array is not what you think it is:
$actual_codes = $wpdb->get_results(...);
Will get you (from the WordPress codex):
Generic, multiple row results can be pulled from the database with
get_results.
So your $actual_codes array is a multi-dimensional array where each row contains an array with the results from the database: You have an array of arrays and not an array of values. In your case these arrays contain just one element, but that element is not a direct value of the $actual_codes so this will always fail:
if (in_array($posted_value, $actual_codes)) {
Instead of selecting all the codes in your database and trying to match your code with the results, you should select just that row from the database that has that code and see if your query returns 0 or 1 rows.
I am editing a template to try and add some conditional logic to my page.
The page template shows topics related to a user.
I want to add a piece of code which will grab the user name from the page we are viewing and then use that in a string for my conditional statements.
The code I have put together is as follows, but it breaks my page so I am doing something wrong.
<?php global
// I query the ID and try and set that to the $userID - I think I am doing this wrong, but when I echo the ID it gets the correct info.
$userID = get_queried_object()->ID;
// This is the string I create using the userID which should be from the query above
$memberstatus = get_user_meta($userID,'member_status',true);
?>
later on I use IF statements to use thsi result (which i know work) so i won't post them. My problem is trying to get the above to work.
Any help?
damm, looks like when I remove 'global' from the php it works! I thought global had to be in this...ah well
I need something simple; I have page where a user clicks an author to see the books associated with that author. On my page displaying the list of books for the author, I want a simple HTML title saying: 'The books for: AUTHORNAME'
I can get the page to display author ID but not the name. When the user clicks the link in the previous page of the author, it looks likes this:
<?php echo $row['authorname']?>
And then on the 'viewauthorbooks.php?author_id=23' I have declared this at the start:
$author_id = $_GET['author_id'];
$authorname = $_GET['authorname'];
And finally, 'The books for: AUTHORNAME, where it says AUTHORNAME, I have this:
echo $authorname
(With PHP tags, buts its not letting me put them in!) And this doesnt show anything, however if I change it to author_id, it displays the correct author ID that has been clicked, but its not exactly user friendly!! Can anyone help me out!
You could pull the author_id from the query string as you did using $_GET but beware you will need to validate what is coming through by the query. I hope you can see that without validation how bad of a security hole this is.
I am at work at the moment, but this is a quick example that should give you what you need without sanitizing your query.
$id = intval($_GET['author_id']);
// of course, perform more validation checks
// just don't assume its safe.
$sql = "SELECT authorname FROM authors_tb WHERE author_id=" . $id;
$result = mysql_query($sql);
while($row = mysql_fetch_array($result)) {
echo "The books for: " . $row['authorname'];
}
The reason why your approach wasn't working was because you utilize the $_GET URL parameter passing for author_name where you weren't supplying the parameters in the URL, just the author_id.
You don't send it in the query string, thus you can't get it from the $_GET array.
Just request it from the database using id.
An important note: Always use htmlspacialchars() when you display the data, coming from the client side.
This is because you do not define the author name in your get.
You should make the following your url:
<?php echo $row['authorname']?>
Or rather select the data from the database again, on the new page, using the ID you retrieved from the URI.
Author name won't be in $_GET. As your code stands, you only use it as the link title. It is no where in the address. Try this instead:
<?php echo $row['authorname']?>
It would be better to re-request it from the database using the author_id though.
EDIT:
To explain the problem in more detail. You have two pages, the new.php page and the viewauthorbooks.php page. You're sending users from the new page to the view page using the link you posted, right?
The problem with that is, your link assigns one variable in get. Here's the query string it would generate:
viewauthorbooks.php?author_id=13
What that will do is send the user to viewauthorbooks and place the value '13' in the $_GET variable: $_GET['author_id']. That is why the author_id is there and displays on viewauthorbooks. However, authorname is never passed to viewauthorbooks, it isn't in $_GET['authorname'] because you never set $_GET['authorname']. If you want it to be in $_GET, then you need your query string to look like this:
viewauthorbooks.php?author_id=13&authorname=bob
You can accomplish that using the new HTML code for the link I posted above. Look at it closely, there's a key difference from the one you have now.
However, it is generally discouraged to pass data through GET, because the query string is displayed to the user and it leaves you open to injection attacks. A better way to do this would be to use the author_id you are already passing to viewauthorbooks.php to retrieve the authorname from the database again. You can use the same code you used on the new.php page.