I am looking to have what my 'echo' line is but if there is more than one match to the FSC/NIIN field then it should show me the additional matches.
There is more than one part number listed for some FSC/NIIN fields, I am working towards having it show those additional part numbers that match the stock number (FSC/NIIN).
<?php
require "conn.php";
$FSC = $_POST["FSC"];
$NIIN = $_POST["NIIN"];
$mysql_qry = "select * from MYTAB where FSC like '$FSC' and NIIN like '$NIIN';";
$result = mysqli_query($conn, $mysql_qry);
if (mysqli_num_rows($result) > 0) {
$row = mysqli_fetch_assoc($result);
$PART_NUMBER = $row["PART_NUMBER"];
$FSC = $row["FSC"];
$NIIN = $row["NIIN"];
$ITEM_NAME = $row["ITEM_NAME"];
echo $ITEM_NAME, ", " .$PART_NUMBER, ", " .$FSC, ", " .$NIIN;
} else {
echo "Query Failed! - No such NSN is loaded to the database! Please double
check the information is correct and resubmit request...";
}
mysqli_close($con);
You need to loop the results:
....
if(mysqli_num_rows($result) > 0) {
while($row = mysqli_fetch_assoc($result)) { //<-----
$PART_NUMBER = $row["PART_NUMBER"];
$FSC = $row["FSC"];
$NIIN = $row["NIIN"];
$ITEM_NAME = $row["ITEM_NAME"];
echo $ITEM_NAME, ", " .$PART_NUMBER, ", " .$FSC, ", " .$NIIN;
}
} else {
...
And you should use prepared statements, take a look how to here:
How can I prevent SQL injection in PHP?
Related
I tried to get multiple rows out from my database with PHP but all I get is one line of text like: "8910"
My code is following:
$sql = "SELECT * FROM posts WHERE idUsers=$id";
$sth = $conn->query($sql);
if(!$sth) {
echo("Error description: " . mysqli_error($conn));
die();
}
$rows = mysqli_num_rows($sth);
for ($x = 0; $x <= $rows; $x++) {
$sql = "SELECT idPosts FROM posts WHERE idUsers=$id";
if(!$sth) {
echo("Error description: " . mysqli_error($conn));
die();
}
$result = mysqli_fetch_array($sth);
$postId = $result['idPosts'];
echo $postId;
}
And then I edit this: echo $postId." ";
And get a space between the id's like this: 8 9 10.
I tried to do $postIds = explode(" ", $postId);
And then echoing out for example $postIds[0] but I get all the id's once again
Now I do not know what to do so I need help ^^
Replace $postId = $result['idPosts']; with $postId[] = $result['idPosts'];. That way you create an array an you can just access it like $postId[0].
You also forgot to query again.
...
$sql = "SELECT idPosts FROM posts WHERE idUsers=$id";
$sth = $conn->query($sql);
if(!$sth) {
...
Your second query is unnecessary, you already have all the data from your first query. Just replace your code with this:
$sql = "SELECT * FROM posts WHERE idUsers=$id";
$sth = $conn->query($sql);
if (!$sth) {
echo("Error description: " . mysqli_error($conn));
die();
}
$postIds = array();
while ($row = mysqli_fetch_array($sth)) {
$postIds[] = $result['idPosts'];
}
After this loop you will have an array of all the idPosts values. You can then process them as you need to. Or you can process them in the loop:
while ($row = mysqli_fetch_array($sth)) {
$postId = $result['idPosts'];
// code to process postId e.g.
echo "$postId<br/>";
}
I need to get variable code from URL so I $codes = $_GET['code']; (url example website.com/update?code[]=7291&code[]=9274&code[]=8264&) then I SELECT firstname FROM guests WHERE invitecode = $codes" then I output data and set as $relatives = $row["firstname"] and then later on in the file I need to echo/print print $relative.
Why is this not working for me?
... connection made ...
$codes = $_GET['code'];
$sql = "SELECT firstname FROM guests WHERE invitecode = $codes";
$result = mysqli_query($conn, $sql);
if (mysqli_num_rows($result) > 0) {
// output data of each row
while($row = mysqli_fetch_assoc($result)) {
$relatives[] = $row["firstname"];
}
}
foreach ($relatives as $relative) {
print $relative;
}
Update:
So now using:
<?php
$codes = $_GET['code'];
$thecodes = "";
foreach($codes as $vals)
$thecodes .= (int)$vals . ",";
if($thecodes != "")
{
$thecodes = trim($thecodes, ",");
$sql = "SELECT firstname FROM guests WHERE invitecode IN ($thecodes)";
$result = mysqli_query($conn, $sql);
$result = mysqli_query($conn, $sql);
if (mysqli_num_rows($result) > 0) {
while($row = mysqli_fetch_assoc($result)) {
$relatives[] = $row["firstname"];
}
}
foreach ($relatives as $relative) {
print $relative;
}
}
else
{
}
?>
It works but I would like to enter the foreach ($relatives as $relative) { echo $relative; }; into a value like this $message = $firstname . " " . $lastname . " will be coming to your event. " . ;.
In the end it would turn out something like this: $message = $firstname . " " . $lastname . " will be coming to your event. " . foreach ($relatives as $relative) { echo $relative . " "; };.
For some reason it won't work when I combine them.
Use the IN operator for this.
<?php
$codes = $_GET['code'];
$thecodes = "";
foreach($codes as $vals)
$thecodes .= (int)$vals . ","; //Loop through making sure each is an int for security reasons (No sqli)
if($thecodes != "") //There is at least one code
{
$thecodes = trim($thecodes, ","); //Remove any additional commas
$sql = "SELECT firstname, lastname FROM guests WHERE invitecode IN ($thecodes)"; //Use the IN operator
$result = mysqli_query($conn, $sql);
if (mysqli_num_rows($result) > 0) {
while($row = mysqli_fetch_assoc($result)) {
echo $row["firstname"] . " " . $row["lastname"] . "is coming to your event";
}
}
}
else //No codes to be queried
{
}
?>
Can this be a solution for you?
$relatives = array(); // declare array
$codes = $_GET['code'];
$sql = "SELECT firstname FROM guests WHERE ";
foreach ($codes as $code) $sql .= "invitecode = " . intval($code) . " OR ";
$sql .= "1=2"; // simple way to remove last OR or to make sql valid if there are no codes
$result = mysqli_query($conn, $sql);
if (mysqli_num_rows($result) > 0) {
// output data of each row
while($row = mysqli_fetch_assoc($result)) {
array_push($relatives, $row["firstname"]);
}
}
foreach ($relatives as $relative) {
print $relative;
}
I think this will work...
... connection made ...
$codes = $_GET['code'];
$sql = "SELECT firstname FROM guests WHERE invitecode = '$codes'";
$result = mysqli_query($conn, $sql) or die('-1' . mysqli_error());
if (mysqli_num_rows($result) > 0) {
// output data of each row
while($row = mysqli_fetch_assoc($result)) {
echo ($row['firstname']);
}
}
I'm up to my neck trying to figure out why my query isn't working. This is what my search.php page results in. I am able to _GET the search term perfectly but can't display the results.
Not sure if the issue is the fetch_array_assoc or what! Here's my code. Any help with this would be appreciated. Not 100% sure if my syntax is correct.
// Check connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$button = $_GET ['submit'];
$search = $_GET ['query'];
if (strlen($search) <= 1) {
echo "Search term too short";
}
else {
echo "You searched for <b>$search</b> <hr size='1'></br>";
$con = new mysqli("localhost", "user", "pass", "db");
// Check connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$search_exploded = explode(" ", $search);
foreach ($search_exploded as $search_each) {
$x++;
if ($x == 1) {
$query = "Keyword_ID LIKE '%$search_each%' or Keyword_Name LIKE '%$search_each%' ";
}
else {
$query .= "OR Keyword_ID LIKE '%$search_each%' or Keyword_Name LIKE '%$search_each%' ";
}
}
$construct = mysqli_query($con, "SELECT * FROM profileTable WHERE $query");
$construct = mysqli_query($con, "SELECT * FROM addKeywordTable (Keyword_Name) WHERE $query");
$constructs = mysqli_multi_query($construct);
if (mysqli_multi_query($construct)) {
$numrows = mysqli_num_rows($query);
if ($numrows > 0) {
while ($row = mysqli_fetch_assoc($constructs)) {
$key = $row['Keyword_Name'];
$keyID = $row['keyID'];
$fname = $row['FirName'];
$lname = $row['LaName'];
$mname = $row['MName'];
$suffix = $row['Suffix'];
$title = $row['Title'];
$dept = $row['Dept'];
$phone1 = $row['PH1'];
$phone2 = $row['PH2'];
$email = $row['Email'];
$photo = $row['Photo'];
$bio = $row['BioLK'];
$tags = $row['Tags'];
echo '<h2>$fname $lname</h2>';
echo $key;
echo $title;
echo $dept;
}
}
else {
echo "Results found: \"<b>$x</b>\"";
}
}
}
mysqli_close();
?>
I am trying to search two different tables. addKeywordTable and profileTable. Profile table has all of the profile info for a user. The addKeywordTable stores the keywords/tag names 'Keyword_Name'.
I attempted to create a mysqli_multi_query but its not working at all.
I assuming:
$con is set by
$con = mysqli_connect("host", "user", "password", "db");
mysqli_multi_query : you must all sql commands, except the last, terminate with ;
and concenat $construct with .= . Otherwise you overwrite your $construct.
$construct = "SELECT * FROM profileTable WHERE $query ;");
$construct .= "SELECT * FROM addKeywordTable (Keyword_Name) WHERE $query");
don't set $construct with
$construct = mysqli_query($con, "SELECT * FROM profileTable WHERE $query");
your $construct will only become TRUE or FALSE .
with a variable wich contents TRUE or FALSEyou can not call
$constructs = mysqli_multi_query($con,TRUE);
And you call it wrong
$constructs = mysqli_multi_query($construct);
correct
$constructs = mysqli_multi_query($con,$construct);
You call mysqli_multi_query($construct) twice
$constructs = mysqli_multi_query($construct);
if (mysqli_multi_query($construct)) { ...
the first call is not necessary.
call it only with
if (mysqli_multi_query($con,$construct)) { ...
complete wrong is
if (mysqli_multi_query($construct)) {
$numrows = mysqli_num_rows($query);
if ($numrows > 0) {
while ($row = mysqli_fetch_assoc($constructs)) {
$query is at the moment a simple 'string'
$query = "Keyword_ID LIKE '%$search_each%' or Keyword_Name LIKE '%$search_each%' ";
Also wrong
while ($row = mysqli_fetch_assoc($constructs)) {
To retrieve the resultset from the first query you can use mysqli_use_result() or mysqli_store_result(). All subsequent query results can be processed using mysqli_more_results() and mysqli_next_result().
Call it like this instead
if (mysqli_multi_query($con,$construct)) {
if ($result = mysqli_store_result($con)) {
while ($row = mysqli_fetch_row($result)) {
printf("%s\n", $row[0]);
}
mysqli_free_result($result);
Set $x before you do $x++ .
$x = 0;
You can't be sure that $x is always automatically set to 0 .
I'm struggling to create a search that searches for multiple words. My first attempt yielded no results whatsoever and is as follows:
require_once('database_conn.php');
if($_POST){
$explodedSearch = explode (" ", $_POST['quickSearch']);
foreach($explodedSearch as $search){
$query = "SELECT *
FROM jobseeker
WHERE forename like '%$search%' or surname like '%$search%'
ORDER BY userID
LIMIT 5";
$result = mysql_query($query);
}
while($userData=mysql_fetch_array($result)){
$forename=$userData['forename'];
$surname=$userData['surname'];
$profPic=$userData['profilePicture'];
$location=$userData['location'];
echo "<div class=\"result\">
<img class=\"quickImage\" src=\"" . $profPic. "\" width=\"45\" height=\"45\"/>
<p class=\"quickName\">" . $forename . " " . $surname . "</p>
<p class=\"quickLocation\"> " . $location . "</p>
</div>";
}
}
I also tried the following, which yielded results, but as you can imagine, I was getting duplicate results for every word I entered:
if($_POST){
$explodedSearch = explode (" ", $_POST['quickSearch']);
foreach($explodedSearch as $search){
$query = "SELECT *
FROM jobseeker
WHERE forename like '%$search%' or surname like '%$search%'
ORDER BY userID
LIMIT 5";
$result .= mysql_query($query);
while($userData=mysql_fetch_array($result)){
$forename=$userData['forename'];
$surname=$userData['surname'];
$profPic=$userData['profilePicture'];
$location=$userData['location'];
echo "<div class=\"result\">
<img class=\"quickImage\" src=\"" . $profPic. "\" width=\"45\" height=\"45\"/>
<p class=\"quickName\">" . $forename . " " . $surname . "</p>
<p class=\"quickLocation\"> " . $location . "</p>
</div>";
}
}
}
I'm pretty much at a loss as to how to proceed with this, any help would be greatly appreciated.
EDIT:
if($_POST){
$quickSearch = $_POST['quickSearch'];
$explodedSearch = explode (" ", trim($quickSearch));
$queryArray = array();
foreach($explodedSearch as $search){
$term = mysql_real_escape_string($search);
$queryArray[] = "forename like '%" . $term . "%' surname like '%" . $term . "%'";
}
$implodedSearch = implode(' or ', $queryArray);
$query="SELECT *
FROM jobseeker
WHERE ($implodedSearch)
ORDER BY userID
LIMIT 5";
$result = mysql_query($query);
while($userData=mysql_fetch_array($result, MYSQL_ASSOC)){
$forename=$userData['forename'];
$surname=$userData['surname'];
$profPic=$userData['profilePicture'];
$location=$userData['location'];
echo "<div class=\"result\">
<img class=\"quickImage\" src=\"" . $profPic. "\" width=\"45\" height=\"45\"/>
<p class=\"quickName\">" . $forename . " " . $surname . "</p>
<p class=\"quickLocation\"> " . $location . "</p>
</div>";
}
}
I've been working on the same subject (search with keywords) for a while and this how i did it :
$words = $_POST['keywords'];
if(empty($words)){
//redirect somewhere else!
}
$parts = explode(" ",trim($words));
$clauses=array();
foreach ($parts as $part){
//function_description in my case , replace it with whatever u want in ur table
$clauses[]="function_description LIKE '%" . mysql_real_escape_string($part) . "%'";
}
$clause=implode(' OR ' ,$clauses);
//select your condition and add "AND ($clauses)" .
$sql="SELECT *
FROM functions
WHERE
user_name='{$user_name}'
AND ($clause) ";
$results=mysql_query($sql,$connection);
if(!$results){
redirect("errors/error_db.html");
}
else if($results){
$rows = array();
<?php
while($rows = mysql_fetch_array($results, MYSQL_ASSOC))
{
// echo whatever u want !
}
?>
-- Now this is how it look when i tried to run it with FULLTEXT search :
But you should set the table type as "MyISAM"
<?php
$words = mysql_real_escape_string($_POST['function_keywords']);
if(empty($words)){
redirect("welcome.php?error=search_empty");
}
//if the columns(results)>1/2(columns) => it will return nothing!(use "NATURAL LANGUAGE"="BOOLEAN")
$sql="SELECT * FROM functions
WHERE MATCH (function_description)
AGAINST ('{$words}' IN NATURAL LANGUAGE MODE)";
$results=mysql_query($sql,$connection);
if(!$results){
redirect("errors/error_db.html");
}
else if($results){
$rows = array();
while($rows = mysql_fetch_array($results, MYSQL_ASSOC))
{
// echo
}
}
?>
Perhaps what you are looking for is a MySQL full-text search.
For your example, you could do something like:
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$search = $_POST['quickSearch'];
// Todo: escape $search
$sql = "
SELECT
*,
MATCH (`forename`)
AGAINST ('{$search}' IN NATURAL LANGUAGE MODE) AS `score`
FROM `jobseeker`
WHERE
MATCH (`forename`)
AGAINST ('{$search}' IN NATURAL LANGUAGE MODE)";
// Todo: execute query and gather results
}
Note that you will need to add a FULLTEXT index to the column forename.
Take a look at MySQL fulltext searches, if you must use MySQL. Otherwise take a look at SOLR, which is a fulltext search engine. You can use MySQL and SOLR in combination to provide enterprise level search capabilities for your apps.
here's what i did
if (isset($_POST['search'])){
$words = mysql_real_escape_string($_POST['searchfield']);
$arraySearch = explode(" ", trim($words));
$countSearch = count($arraySearch);
$a = 0;
$query = "SELECT * FROM parts WHERE ";
$quote = "'";
while ($a < $countSearch)
{
$query = $query."description LIKE $quote%$arraySearch[$a]%$quote ";
$a++;
if ($a < $countSearch)
{
$query = $query." AND ";
}
}
$result=mysql_query($query) or die(error);
//you could just leave it here, short and sweet but i added some extra code for if it doesnt turn up any results then it searches for either word rather than boths words//
$num = mysql_num_rows($result);
if ($num == 0){
$a = 0;
$query = "SELECT * FROM parts WHERE ";
while ($a < $countSearch)
{
$query = $query."description LIKE $quote%$arraySearch[$a]%$quote ";
$a++;
if ($a < $countSearch)
{
$query = $query." OR ";
$msg = "No exact match for: $words. Maybe this is what you're looking for though? If not please try again.";
}
}
}
$result=mysql_query($query) or die($query);
if (mysql_num_rows($result) == 0){
$msg = "No results, please try another search";
}
}
i am a beginner. but I'm practicing a lot for few days with php mysql, and I am trying to use for loop to search an exploded string, one by one from mysql server.
Till now I have no results.
I'm giving my codes,
<?php
// Example 1
$var = #$_GET['s'] ;
$limit=500;
echo " ";
echo "$var";
echo " ";
$trimmed_array = explode(" ", $var);
echo "$trimmed_array[0]"; // piece1
echo " ";
$count= count($trimmed_array);
echo $count;
for($j=0;$j<$count;$j++)
{
e cho "$trimmed_array[$j]";;
echo " ";
}
echo " ";
for($i=0; $i<$count ; $i++){
$query = "select * from book where name like \"%$trimmed_array[$i]%\" order by name";
$numresults=mysql_query($query);
$numrows =mysql_num_rows($numresults);
if ($numrows == 0)
{
echo "<h4>Results</h4>";
echo "<p>Sorry, your search: "" . $trimmed_array[i] . "" returned zero results</p>";
}
if (empty($s)) {
$s=0;
}
$query .= " limit $s,$limit";
$result = mysql_query($query) or die("Couldn't execute query");
echo "<p>You searched for: "" . $var . ""</p>";
echo "Results<br /><br />";
$count=1;
while ($row= mysql_fetch_array($result)) {
$name = $row["name"];
$publisher=$row["publisher"];
$total=$row["total"];
$issued=$row["issued"];
$available=$row["available"];
$category=$row["category"];
echo "<table border='1'><tr><td>$count)</td><td>$name </td><td>$publisher </td><td>$total </td><td>$issued </td><td>$available </td><td>$category </td></tr></table>" ;
$count++ ;
}
}
?>
In your case, you do for every record in your array ($trimmed_array) a new select. Thats not really good.
It would be better when you create just one select...
For example this:
// you need 1=1 for example when $i<count is false...
$baseQuery = "select * from book where 1=1";
$query = $baseQuery;
for($i=0; $i<$count ; $i++){
$query .= " OR name like ?";
}
// do your ordering:
$query.= " order by name";
But what does this "?" mean?
--> Do you know what sql-injection means? somebody could really easy put some information in this array wich could give any information about your database.. therefore you have to escape every userinput...
i like the mysqli package in php5. watch this example:
$query = "SELECT `id` FROM employees WHERE `name`=?";
// Setup parameter to be bound into query
$name = "Joey";
// Get instance of statement
$stmt = $mysqli->stmt_init();
// Prepare Query
if($stmt->prepare($query)){
// Bind Parameters [s for string]
$stmt->bind_param("s",$name);
// Execute statement
$stmt->execute();
// Bind result variables
$stmt->bind_result($employee_id);
// Fetch Value
$stmt->fetch();
// Echo results
echo "$name has an ID of $employee_id";
// Close Statement
$stmt->close();
}
Damn, your code really extremely crazy. Here you example about how to work with this:
<?php
$var = $_GET['s'];
$exp = explode(" ",$var);
$total = count($exp) - 1;
for($i = 0; $i <= $total; $i++) {
echo "Search for: " . $exp[$i] ."\n";
$sql = mysql_query("SELECT * FROM `book` WHERE `name` LIKE '%" . mysql_real_escape_string($exp[$i]) ."%'") or die(mysql_error());
if (mysql_fetch_num($sql) != 0) {
// Somthing found
}
}
?>
You have an error on line 25,
e cho "$trimmed_array[$j]";;
should be
echo "$trimmed_array[$j]";
Also, it seems that you are using $GET_[] variables, which are passed via the url string, which does not allow spaces. On line 15, you are splitting the array with explode(" ", $var);
I would also urge you, if you have not, look into sanitizing your database queries.