i am try to implement a search that but it shows error when I use Single Quotes like (manu's ,ramu's)
When I change my term part like %".$term."% and use back quotes it shows same error.
Query :
$this->db->select('*');
$this->db->from('tbl_doctor');
$this->db->join("tbl_specialisation", "tbl_specialisation.spec_id = tbl_doctor.spec_id",'left');
$this->db->where("(tbl_doctor.dr_name LIKE `%".$term."%` OR tbl_doctor.district LIKE `%".$term."%` OR tbl_specialisation.spec_specialise LIKE `%".$term."%`OR tbl_doctor.place LIKE `%".$term."%` )");
$this->db->limit($limit, $offset);
and my error
You need escape string before including it inside query string. Use $this->db->escape_like_str() to escape string.
As you asked "why?", here is the explanation.
Explanation : When you are trying to add anu's in your search query its single quote(') is getting treated as end of string. escape_like_str() will automatically add slash() before any quote to prevent string from unintended termination. Escape That's why you need to escape the string before adding it inside your query.
$this->db->select('*');
$this->db->from('tbl_doctor');
$this->db->join("tbl_specialisation", "tbl_specialisation.spec_id = tbl_doctor.spec_id",'left');
$this->db->where("(tbl_doctor.dr_name LIKE '%".$this->db->escape_like_str($term)."%' OR tbl_doctor.district LIKE '%".$this->db->escape_like_str($term)."%' OR tbl_specialisation.spec_specialise LIKE '%".$this->db->escape_like_str($term)."%'OR tbl_doctor.place LIKE '%".$this->db->escape_like_str($term)."%' )");
$this->db->limit($limit, $offset);
You need to escape the string. Use $this->db->escape_like_str().
Try this code :
$this->db->escape_like_str($term);
You need to use Escape String to search. Try this below code with codeigniter function
$this->db->escape_like_str($term)
New Code is
$this->db->select('*');
$this->db->from('tbl_doctor');
$this->db->join("tbl_specialisation", "tbl_specialisation.spec_id = tbl_doctor.spec_id",'left');
$this->db->where("(tbl_doctor.dr_name LIKE `%".$this->db->escape_like_str($term)."%` OR tbl_doctor.district LIKE `%".$this->db->escape_like_str($term)."%` OR tbl_specialisation.spec_specialise LIKE `%".$this->db->escape_like_str($term)."%`OR tbl_doctor.place LIKE `%".$this->db->escape_like_str($term)."%` )");
$this->db->limit($limit, $offset);
Wrap $term variable with mysql_real_escape_string() in query.
Like : mysql_real_escape_string($term)
Source
Related
I have written one codeigniter model function, but getting syntax error in php 7.. will you please suggest me changes
Error near group by order by statements..
My Code Snippet:
function listing($searchText = '', $page, $segment)
{
$this->db->select('tr.*,group_concat(tg.groundname) as grplist ');
$this->db->from('tb_tournament as tr ');
$this->db->join('tournamentground as tg', 'tr.tournamentId=tg.tournamentId', 'left');
$this->db->where('tr.is_deleted','0');
if(!empty($searchText)) {
$likeCriteria = " (tr.organizerName LIKE '%".$searchText."%'
OR tr.location LIKE '%".$searchText."%'
OR tr.phone LIKE '%".$searchText."%'
OR tr.email LIKE '%".$searchText."%'
OR tr.level LIKE '%".$searchText."%'
OR tr.gender LIKE '%".$searchText."%')";
$this->db->where($likeCriteria);
}
$this->db->group_by('tr.tournamentId');
$this->db->order_by('tr.tournamentId', 'DESC');
$this->db->limit($page, $segment);
$query = $this->db->get();
$result = $query->result();
//print"<pre>";
//print_r($result);
return $result;
}
You can use following logic in your query:
....
$this->db->or_like('tr.organizerName',$searchText);
$this->db->or_like('tr.location',$searchText);
....
....
It's done :)
The error is with the SQL query being generated, not from PHP.
Instead of this big where condition you need need to use query grouping as outlined in https://www.codeigniter.com/user_guide/database/query_builder.html#query-grouping
$likeCriteria = " (tr.organizerName LIKE '%".$searchText."%'
OR tr.location LIKE '%".$searchText."%'
OR tr.phone LIKE '%".$searchText."%'
OR tr.email LIKE '%".$searchText."%'
OR tr.level LIKE '%".$searchText."%'
OR tr.gender LIKE '%".$searchText."%')";
$this->db->where($likeCriteria);
I haven't actually used codeIgnitor, but based on a quick look at the docs you probably need to replace the problematic block with something like this:
$this->db->group_start()
->or_where(tr.organizerName LIKE "%{$searchText}%")
->or_where(tr.location LIKE "%{$searchText}%")
->or_where(tr.phone LIKE "%{$searchText}%")
->or_where(tr.email LIKE "%{$searchText}%")
->or_where(tr.level LIKE "%{$searchText}%")
->or_where(tr.gender LIKE "%{$searchText}%")
->group_end();
It's worth noting that you could use some business logic to improve this query as well. For instance you could recognise when the search term is a phone number, or an email and restrict the query accordingly
here is my solution with query grouping
function listing($searchText = '', $page, $segment)
{
$this->db->select('tr.*,group_concat(tg.groundname) as grplist ');
$this->db->from('tb_tournament as tr ');
$this->db->join('tournamentground as tg', 'tr.tournamentId=tg.tournamentId', 'left');
$this->db->where('tr.is_deleted','0');
if(!empty($searchText)) {
$this->db->group_start()
$this->db->like('tr.organizerName',$searchText);
$this->db->or_like('tr.location',$searchText);
$thsi->db->group_end()
}
$this->db->group_by('tr.tournamentId');
$this->db->order_by('tr.tournamentId', 'DESC');
$this->db->limit($page, $segment);
$query = $this->db->get();
$result = $query->result();
//print"<pre>";
//print_r($result);
return $result;
}
Read more about query grouping here
https://www.codeigniter.com/user_guide/database/query_builder.html#query-grouping
SO i get data from a form using this
$LoadId=implode(',',array_filter($_POST["load"]));
I then would like to submit this to a MSSQL query with an "in" statement
where myLoadId in $LoadId
but the $LoadID looks like 7209,7210 and I need it to look like
('7209','7210')
Seems your LoadId column contains interger value so why you need single quotes ' around it? Simply use-
$LoadId=implode(',',array_filter($_POST["load"]));
$query = "SELECT * FROM your_table WHERE myLoadId IN ($LoadId)";
echo $query;
If you still need quotes around it then you can do it this way-
$LoadId = "'".implode("','", array_filter($_POST["load"]))."'";
$query = "SELECT * FROM your_table WHERE myLoadId IN ($LoadId)";
echo $query;
WORKING DEMO: https://3v4l.org/2XEjJ
Put simple quotes around the implode() and change it's glue from , to ',' :
$LoadId = "'".implode("','", array_filter($_POST["load"]))."'";
I've got a table in which a field contains pattern Like this [{"vendor":"10","status":"paid"}] :
table
I want to make a query 'like' in codeigniter , but I got an error:
model :
function get_total_order($id_vendor){
$this->db->like('payment_status', 'vendor":"'.$id_vendor.'","status":"due');
$this->db->from('sale');
return $this->db->count_all_results();
}
view :
<?php
$new_order = $this->crud_model->get_total_order($this->session->userdata('vendor_id'));
echo "<h1>".$new_order."</h1>";
?>
when i run this, i got blank page, how i fix this?
thanks.
Since you use "Like" query type, you should add '%' in the query argument or send a complete argument:
function get_total_order($id_vendor)
{
$this->db->like('payment_status', '%vendor":"'.$id_vendor.'","status":"due%');
$this->db->from('sale');
return $this->db->count_all_results();
}
Try this:
function get_total_order($id_vendor){
$this->db->like('vendor',$id_vendor);
$this->db->like('status',"due");
$this->db->from('sale');
return $this->db->count_all_results();
}
if your searching json data so you have pass the data in like query and like query data should be look like data inside the table how it looks .
your query should be something like this
<?php
$id_vendor =123;
$ss= '%"vendor":"'.$id_vendor.'","status":"due"%';
$sssss ="select * from sale where payment_status like '$ss' ";
echo $sssss;
query look like this
select * from sale where payment_status like '%"vendor":"123","status":"due"%'
?>
and also you can use wildcard (%) more place with your wish.
You can customize where as per your requirement with and condition or another condition.
$where = "payment_status like '%$id_vendor%' OR status like '%$status%'";
$this->db->where($where);
try this one:
Because 'like is time consuming.
function get_total_order($id,$vendor)
{
$this->db->where('vender', $id);
$this->db->where('status',$vendor);
$this->db->get('sale');
$result=$res->result_array();
return $result;
}
You can use $this->db->where_in() like below:-
$names = array('Frank', 'Todd', 'James');
$this->db->where_in('username', $names);
// Produces: WHERE username IN ('Frank', 'Todd', 'James')
For more details, please check below link:-
https://www.codeigniter.com/userguide2/database/active_record.html
I have a problem with use two like statement and where together:
$this->db->select('something');
$this->db->where('WHERE',$var);
$this->db->where_in('WHEREIN', $var);
$this->db->like('LIKE1',$query);
$this->db->or_like('LIKE2',$query);
$query = $this->db->get('table');
My query must select LIKE1 or LIKE2 where WHERE andWHEREIN is true.
If I use or_like, where statement get or too,
If i use just like, it's become like AND like statement
Any solution??
I found this solution:
use group_start() and group_end(), so my code turn to
$this->db->select('something');
$this->db->where('WHERE',$var);
$this->db->where_in('WHEREIN', $var);
$this->db->group_start();
$this->db->like('LIKE1',$query);
$this->db->or_like('LIKE2',$query);
$this->db->group_end();
$query = $this->db->get('table');
If you have a complex where clause, you can write it this way:
$this->db->where("doc = '123456' AND place IN('1,2,3') AND name (LIKE '%query%' ESCAPE '!' OR code LIKE '%query%' ESCAPE '!' )", NULL);
When you run this kind of query is better if you create a model like this:
function example(){
$query = "( SQL QUERY )";
$search = $this->db->query($query);
return $search->result_array();
}
I have a query in model using active record , my query is like this
SELECT MID(id,1,1) id_depan_user,MID(id,5,10) id_belakang_user ,
id, nama_lengkap from user where id like '_001%'
how to convert the part in where like condition id like '_001%' I want to make that to be active record, my problem just at like condition like that.
this is my full code
function get_id_child($id_parent){
$this->db->select('MID(id,1,1) id_depan_user',false);
$this->db->select('MID(id,5,LENGTH(id)) id_belakang_user',false);
$this->db->select('id');
$this->db->from('user');
$this->db->like('id', '_'.$id_parent,'after');
$query =$this->db->get();
return $query->result_array();
}
$this->db->like('id ', '_001', 'after');
Use this . you need to concate your variable with _ and assign it to variable your also remove quotes from like query
function get_id_child($id_parent) {
$id = "_" . $id_parent;// assign it to variable
$this->db->select('MID(id,1,1) AS id_depan_user', FALSE);
$this->db->select('MID(id,5,10) AS id_belakang_user', FALSE);
$this->db->select('id');
$this->db->select('nama_lengkap');
$this->db->like('id', $id, 'after');// use after in your query
$query = $this->db->get("user");
$result = $query->result_array();
}