I need to search data in the database table.
I save data in a variable, then I want to display the data using it LIKE an operator when the data is called.
This is my code :
$data_input_user = $inFilter;
$data_input_user = mysql_real_escape_string($inFilter);
$sqlGetFreq = "SELECT * FROM termfrequency WHERE keyword LIKE
CONCAT("%",$inFilter,"%") ";
$freqResult = mysql_query($sqlGetFreq) or die(mysql_error());
Beside that i was trying this sql query
$sqlGetFreq = "SELECT keyword, frequency FROM termfrequency WHERE keyword LIKE '%$inFilter%' ";
$freqResult = mysql_query($sqlGetFreq) or die(mysql_error());
I was trying that code, but it failed.
Any idea please?
Thanks.
Try this
$sqlGetFreq = "SELECT keyword, frequency FROM termfrequency WHERE keyword LIKE '%".$inFilter."%' ";
Also please set the following to track any possible error.
ini_set("display_errors", "1");
error_reporting(E_ALL);
Related
I am using a drop-down list in the source php file for users to choose a US state. In the action.php, the selected state can be successfully received by the following code, confirmed by echo:
<?php
$state_chosen = $_POST['state_chosen'];
echo $state_chosen;
?>
My question is: How to use the content of the $state_chosen variable in sql query. Use the following code and the state of Maine as example:
$sql = "SELECT * FROM pathjobs WHERE loc_pj LIKE '%Maine%' ";
The above code works fine if use "Maine" directly. But I want to use the content of $state_chosen to replace "Maine" between the two % symbols. I tried the following code by doesn't work:
$sql = "SELECT * FROM pathjobs WHERE loc_pj LIKE '%str($state_chosen)%' ";
Any suggestions?
change
$sql = "SELECT * FROM pathjobs WHERE loc_pj LIKE '%str($state_chosen)%' ";
to
$sql = "SELECT * FROM pathjobs WHERE loc_pj LIKE '%$state_chosen%' ";
Like query documentation
I am creating a library for PHP scripts and I want to be able to show php code on a html webpage.
I have looked at using highlight_file(); but this will show the whole page
For example, If I have a page called code.php which has an sql query on ( select code from table where sequence = $_GET["id"] ) - example then I use
Highlight_file('code.php?id=123');
This will work but will also show the select query which I do not want to show. I would just want to show the code from the database (code column)
How can I display just the code from the database with the correct colours and formatting etc
UPDATE:
<?php
$conn=mysql_connect("localhost","charlie_library","Pathfinder0287");
mysql_select_db("charlie_library",$conn);
function highlight_code_with_id($id, $conn)
{
$query = "select * from library_php where sequence = '$id' ";
$rs = mysql_query($query,$conn);
$code = mysql_fetch_array($rs);
echo highlight_string($code["code"]);
}
// and, use it like this:
highlight_code_with_id($_GET['id'], $conn);
?>
I have tried the above code, which is just displaying the code in plain text
use highlight_string function, like this:
<?php
highlight_string($code);
?>
where $code is the code you have obtained from your SQL query.
You can create a function around this (something along the following lines):
<?php
function highlight_code_with_id($id, $mysqli) {
$query = $mysqli->query("select code from table where sequence = '$id'");
$code = current($query->fetch_assoc());
return highlight_string($code);
}
// and, use it like this:
echo highlight_code_with_id($_GET['id'], $mysqli);
UPDATE:
Your code is a bit incorrect, you can use:
<?php
$conn=mysql_connect("localhost","charlie_library","Pathfinder0287");
mysql_select_db("charlie_library",$conn);
function highlight_code_with_id($id)
{
$query = "select * from library_php where sequence = '$id' ";
$rs = mysql_query($query);
$code = mysql_fetch_assoc($rs); // change is in this line
echo highlight_string($code["code"]);
}
// and, use it like this:
highlight_code_with_id($_GET['id']);
?>
Note that you do not need to include $conn in your function, it can be ommitted. Also, note that you should use mysqli->* family of functions, since mysql_* family has been deprecated.
Perhaps this would work for you.
This post is originally for HTML, but the answer linked above shows an example using PHP.
I'm trying to create an update function in PHP but the records don't seem to be changing as per the update. I've created a JSON object to hold the values being passed over to this file and according to the Firebug Lite console I've running these values are outputted just fine so it's prob something wrong with the sql side. Can anyone spot a problem? I'd appreciate the help!
<?php
$var1 = $_REQUEST['action']; // We dont need action for this tutorial, but in a complex code you need a way to determine ajax action nature
$jsonObject = json_decode($_REQUEST['outputJSON']); // Decode JSON object into readable PHP object
$name = $jsonObject->{'name'}; // Get name from object
$desc = $jsonObject->{'desc'}; // Get desc from object
$did = $jsonObject->{'did'};// Get id object
mysql_connect("localhost","root",""); // Conect to mysql, first parameter is location, second is mysql username and a third one is a mysql password
#mysql_select_db("findadeal") or die( "Unable to select database"); // Connect to database called test
$query = "UPDATE deal SET dname = {'$name'}, desc={'$desc'} WHERE dealid = {'$did'}";
$add = mysql_query($query);
$num = mysql_num_rows($add);
if($num != 0) {
echo "true";
} else {
echo "false";
}
?>
I believe you are misusing the curly braces. The single quote should go on the outside of them.:
"UPDATE deal SET dname = {'$name'}, desc={'$desc'} WHERE dealid = {'$did'}"
Becomes
"UPDATE deal SET dname = '{$name}', desc='{$desc}' WHERE dealid = '{$did}'"
On a side note, using any mysql_* functions isn't really good security-wise. I would recommend looking into php's mysqli or pdo extensions.
You need to escape reserved words in MySQL like desc with backticks
UPDATE deal
SET dname = {'$name'}, `desc`= {'$desc'} ....
^----^--------------------------here
you need to use mysql_affected_rows() after update not mysql_num_rows
I'm having problems getting $schoolname to read in the "insert into" mysqlcommand.
I'm just creating a small thing for a fan club that spans a few schools. So i created a different database table for each school. Each school has a unique id, and the table name corresponds to that. The code is below. Please help. Well, the problem area is the insert portion.
"insert into $schoolname ('cat','...)
For some reason $schoolname is not catching with the $_POST if statement
the mysql command " insert into .... " passes values if i specify a hard coded table name, but it does not pass values if i specify the variable ($schoolname) in place of the table name. I need to specify the variable because there a number of schools with each having their own tables.
<?php
require_once('include.php');
include('imageupload.php');
$schoolid='';
if(isset($_GET['schoolid']) && isset($_GET['schoolid']) != '')
{
$schoolid .= 'and id ='.$_GET['schoolid'];
}
$sqlschoolid = "select * from schools where status = 'Active' ".$schoolid;
$resschoolid = $obj->sql_query($sqlschoolid);
$school = $resschoolid[0];
$schoolname = $school['parameter'];
$schoolid2 = $school['id'];
if($_POST)
{
(isset($_POST['pr']) && $_POST['pr'] != "") ? $price=mysql_real_escape_string($_POST['pr']) : $pr="" ;
$sqlclass = "insert into $schoolname(`category`,`type`,`price`,`title`,`description`,`weburl`,`image`,`email`,`phone`,`address`,`city`,`state`,`zip`,`postdate`,`sponser`,`status`)
values('".$_POST['subcategory']."','".$_POST['type']."','".$pr."','".mysql_real_escape_string($_POST['title'])."','".mysql_real_escape_string($_POST['description'])."','".mysql_real_escape_string($_POST['weburl'])."','".$imagename."','".mysql_real_escape_string($_POST['email'])."','".mysql_real_escape_string($_POST['phone'])."','".mysql_real_escape_string($_POST['address'])."','".mysql_real_escape_string($_POST['city'])."','".mysql_real_escape_string($_POST['state'])."','".mysql_real_escape_string($_POST['zip'])."','".date('Y-m-d H:i:s')."','0','Active')";
}
?>
Since you haven't specified what problem you're seeing, this is only a guess:
if(isset($_GET['schoolid']) && isset($_GET['schoolid']) != '')
Shouldn't that be
if(isset($_GET['schoolid']) && $_GET['schoolid'] != '')
As a side note, consider what happens if the user entered the following in schoolid:
0; delete from schools
This is known as SQL Injection, and you should be using "bind variables" instead of building the query by concatenating strings.
The problem seems to be the below query:
$sqlschoolid = "select * from schools where status = 'Active' ".$schoolid;
What is $schoolid variable at the end? I see what is $schoolid variable and I assume that the variable isn't set correctly.
From what I understand is that the above query might be throwing an error and therefore $schoolname isn't populated at all. Can you please try to print how that query looks like?
EDIT 1 Reading the past discussions, it is clear that $schoolname variable is empty, i.e. has no value. It is not the scope issue because from your code $schoolname is in the global scope and is therefore available inside the $_POST IF check. So let us try to debug the code to analyse options:
Can you put an echo $sqlschoolid; just after where you have written the query? This will confirm that the query format is correct
Assuming that the query is good, let us now check if the query is returning the right data? I'm not sure what DB class are you using, so I can't say what does $obj->sql_query() returns? Perhaps the MySQL resultset. Anyways, can you put var_dump($resschoolid) right after where it is initialized? And another var_dump($school) below?
This is how I would like you to put the debug statements:
$sqlschoolid = "select * from schools where status = 'Active' ".$schoolid;
echo $sqlschoolid;
$resschoolid = $obj->sql_query($sqlschoolid);
var_dump($resschoolid);
$school = $resschoolid[0];
var_dump($school);
$schoolname = $school['parameter'];
$schoolid2 = $school['id'];
I hope the above will give more insight into the problem. Let me know if you've any questions.
I have looked all over the web and cannot seem to find a proper way to assign the result of a MySQL query to a PHP variable. The code that I currently have returns a "resource id #3" error. Here is what it looks like.
//Select the 'aQID' of the question that has it's BOOL set to "true"
$currentQ = mysql_query("SELECT aQID FROM approvedQuestions WHERE status='1'");
$cuQ = mysql_result($currentQ,1,"status");
echo $cuQ;
I know that the query will only ever return one record (the active question). But I cannot seem to figure out what function to use.
$currentQ = mysql_query("SELECT aQID FROM approvedQuestions WHERE status='1'");
$rs = mysql_fetch_array($currentQ);
var_dump($rs);