I am trying to make a search for my website where if i search with member certificate no it will show his full details. But in my code when i search for Certificate No : 1 it show details of Certificate no 1, 10, 11,12,13,14,15,....
Is there any way to show single member details.
if(isset($_POST['search'])){
$searchq = $_POST['search'];
$searchq = preg_replace("#[^0-9a-z]#i","",$searchq);
$query = mysql_query("SELECT * FROM certificate WHERE certificate_no LIKE '%$searchq%' ") or die ("could not search ");
}
$count = mysql_num_rows($query);
if($count==0){
$output = 'There is no search result ';
} else {
while ($row = mysql_fetch_array($query)){
$name =$row['name'];
$certificate_no =$row['certificate_no'];
$y_of_passing =$row['y_of _passing'];
$grade =$row['grade'];
$score =$row['score'];
$output.='<div>Certificate Number : ' .$certificate_no.' <div>Candidate Name : '.$name. '<div>Grade/Score : ' .$grade.' <div>Course Name : '.$score. '<div>Year Of Passing: '.$y_of_passing.'<div>';
echo "<img src ='".$row['photo']."' height='100' width='200' >" ;
}
}
print("$output");
Change your query:
$query = mysql_query("SELECT * FROM certificate WHERE certificate_no LIKE '%$searchq%' ")
to
$query = mysql_query("SELECT * FROM certificate WHERE certificate_no = ". $searchq ."
and try again.
Explanation: When you are using LIKE '%$searchq%' then it will search for a string having 1 at any place i.e. PATTERN MATCHING. But If you want equality comparison than try =. It will search for exact match.
You're using wrong wildcards Use either = or only like or use RLike
SELECT * FROM certificate WHERE certificate_no LIKE '$searchq'
SELECT * FROM certificate WHERE certificate_no = '$searchq'
SELECT * FROM certificate WHERE certificate_no RLike '[[:<:]]$searchq[[:>:]]'
Try editing the $query like this :::
$query = mysql_query("SELECT * FROM certificate WHERE certificate_no LIKE $searchq ") or die ("could not search ");
Like is a pattern matching . It will search the given string in your column.That's why it's returning matched pattern result like this 10, 11,12,13,14,15 .Did you notice that the result all have that 1 . which is you used to match the pattern in like '%1%' . so you need to use comparison operator like this certificate_no=1
Warning mysql_query, mysql_fetch_array,mysql_connect etc.. extensions were deprecated in PHP 5.5.0, and it was removed in PHP 7.0.0.
Instead, the MySQLi or PDO_MySQL extension should be used.
Related
its my first post and I have a problem with a PHP search.
Here,
$searchq = $_POST['searchq'];
so far when a single word is supplied for searchq like naresh, google, lamgade then it search in a db but when there is a multiple search like
naresh lamgade at a same time then there is error for these word because it only search in a first_name column and what i want to search naresh in a first_name column and lamgade in a last_name column
Here is the code
<pre> $searchq = $_POST['searchq'];
$conn = mysqli_connect('localhost','root','','std_info') or die("Cant' Connect to db");
$query = mysqli_query($conn,"select * from student_details where first_name like '%$searchq%' or last_name like '%$searchq%'");
$count = mysqli_num_rows($query);
if($count == 0) {
echo "<br>";
echo "Can't find, try entering only first name or last name";
}
else {
do something`</pre>
}
The problem is
In a search bar, when i try entering naresh lamgade and search then
searchq =naresh+lamgade
and it search in both first_name and last_name column with a naresh+lamgade so there is no result.
I want to know , how to break these two words and search in a different column with these words.
The problem is
In a search bar, when i try entering naresh lamgade and search then
searchq =naresh+lamgade"
I guess that you put the textfield inside a form without method="post".
If you did, try like this in searchq:
... WHERE first_name LIKE "'%'.$searchq.'%'" or last_name like "'%'.$searchq.'%');
Use explode to split query.
Also your code is dangerous. Use mysqli_escape_real_string to escape special characters in a query:
<?php
$searchq = explode(" ", $_POST['searchq']);
$conn = mysqli_connect('localhost', 'root', '', 'std_info') or die("Cant' Connect to db");
$query = mysqli_query($conn, "select * from student_details where (first_name like '%" . mysqli_real_escape_string($searchq[0]) . "%' OR first_name like '%" . mysqli_real_escape_string($searchq[1]) . "%') OR (last_name like '%" . mysqli_real_escape_string($searchq[1]) . "%' OR last_name like '%" . mysqli_real_escape_string($searchq[0]) . "%'");
$count = mysqli_num_rows($query);
if ($count == 0)
{
echo "
";
echo "Can't find, try entering only first name or last name";
}
else
{
do something`
Thanks everyone for the answer but I have used this query and it's working perfectly as I wanted.
$query = mysqli_query($conn, "SELECT * FROM student_details WHERE CONCAT(first_name,' ',last_name) like '%$searchq%'");
I have a SQL query in my PHP file that makes use of some variables in it. I want to print the query itself on the localhost to check as to whether the entire query is been executed or not.
My query is like this:
$result = mysql_query("SELECT * FROM sample WHERE col01 LIKE '%$abc%',$db);
I am trying to print the query using echo $result but get Resource id #25 on localhost. I want to print Select * FROM ... as the output. Is there any way?
First of all: You are missing a double quote: $result = mysql_query("SELECT * FROM sample WHERE col01 LIKE '%$abc%'",$db).
That said, what stops you from
$sql="SELECT * FROM sample WHERE col01 LIKE '%$abc%'";
$result = mysql_query($sql,$db);
echo $sql;
If you were using PDO (and you should, the old mysql_ functions are deprecated and insecure) you could just use PDOStatement->queryString property to view the query at a later time.
Store as a variable $sql
Its normal, first you need to fetch that resource obj
And anyway you missing a double quote,
example.
$sql = "SELECT * FROM sample WHERE col01 LIKE '%$abc%'";
$result = mysql_query($sql);
while ($line = mysql_fetch_object($result)) {
echo $line->colname ."\n";
}
echo "\n" . ' query: ' . $sql
And from PHP 5.5.0 and beyond use mysqli
$sql = "SELECT * FROM sample WHERE col01 LIKE '%$abc%'";
if ($result = $mysqliobj->query($sql)) {
while($line= $result->fetch_object()){
echo = $line->colname ."\n";
}
}
echo "\n" . ' query: ' . $sql
or print_r($mysqliobj->info); # store las query
I am trying to print out some topic information, but it is not going so well. This is my query:
SELECT * FROM topics WHERE id='$read'
This doesn't work. I've echo'ed the $read variable, it says 1. So then if I do like this:
SELECT * FROM topics WHERE id='1'
It works perfectly. I don't get what is the problem. There's no hidden characters in $read or anything else like that.
Try like this:
$query = "SELECT * FROM topics WHERE id='" . $read . "'"
ID is normally a numeric field, it should be
$id = 1;
$query = "SELECT * FROM topics1 WHERE id = {id}"
If you are using strings for some reason, fire a query like
$id = '1';
$query = "SELECT * FROM topics1 WHERE id = '{$id}'"
SELECT * FROM topics WHERE id=$read
it consider it as string if you put i single quotes
I wonder why all the participants didn't read the question that clearly says that query with quotes
SELECT * FROM topics WHERE id='1'
works all right.
As for the question itself, it's likely some typo. Probably in some other code, not directly connected to $read variable
try
$query = sprintf("SELECT * FROM topics WHERE id='%s';",$read);
Also remember to escape the variable if needed.
Looks like you might have an issue with the query generation as everyone else is pointing to as well. As Akash pointed out it's always good to build your query in to a string first and then feed that string to the MySQL API. This gives you easy access to handy debugging techniques. If you are still having problems try this.
$id = 1;
$query = "SELECT * FROM `topics1` WHERE `id`={$id}";
echo ": Attempting Query -> {$query}<br />";
$res = mysql_query($query, $dblink);
if($res <= 0)
die("The query failed!<br />" . mysql_error($dblink) . "<br />");
$cnt = mysql_num_rows($res);
if($cnt <= 0)
{
$query = "SELECT `id` FROM `topics1`";
echo "No records where found? Make sure this id exists...<br />{$query}<br /><br />";
$res = mysql_query($query, $dblink);
if($res <= 0)
die("The id listing query failed!<br />" . mysql_error($dblink) . "<br />");
while($row = mysql_fetch_assoc($res))
echo "ID: " . $row['id'] . "<br />";
}
This will at least let you monitor between calls, see what your query actually looks like, what mysql says about it and if all else fails make sure that the ID you are looking for actually exists.
try with this : SELECT * FROM topics WHERE id=$read
I am trying to create a php script that selects one row from my table by using the WHERE clause. The problem is the mysql query returns no rows. I know the variable is correct (its user submitted).
$title = mysql_real_escape_string($_REQUEST["title"]);
$query = mysql_query("SELECT * FROM links WHERE title ='$title'", $con)
or die ("Error: " . mysql_error());
I'm looking for any ideas that could fix my problem. I know the mysql is working properly because other queries execute fine. The title variable is correct; it is passed from a mysql on another page.
ps - I posted a similar question earlier, but worded it poorly and got results that didn't address the problem
Try this:
$query = mysql_query("SELECT * FROM links WHERE title ='$title' limit 1")
or die ("Error: " . mysql_error());
Sorry, I'm new here and I couldn't find the button to comment on the original question.
But you mentioned the request was user submitted. Are they typing it or is it a selection like from a select box or radio button? I'm asking because does the requested title even exist in the DB?
Anyway, what is your result if you use the following?:
$query = mysql_query("SELECT * FROM links WHERE title LIKE '%".$title."%'")
or die ("Error: " . mysql_error());
If not, then there's definitely no match in the DB.
try this query
mysql_query("SELECT * FROM links WHERE title like '$title%'", $con)
Try this query:
$query = mysql_query("SELECT * FROM links WHERE title LIKE '%{$title}%'");
or maybe this to check formatting:
$sql = sprintf("SELECT * FROM links WHERE title LIKE '%%%s%%'", $title);
$query = mysql_query($sql);
In my case I had empty space before and after the variable name, like this
$query = "select * from user where user_name = ' $user_name ' ";
and this results in comparing userName with [empty_space userName empty_space ] which doesn't exist in the database.
your query should be like this
$query = "select * from user where user_name = '$user_name' ";
I don't know how to make the search through another table. how should i do that?
the table name is comments and i want to search for all the post stored in the column name kom
Another thing is that i cant get the pagination start working...
I started the pagination within an else statment because i only need it when i get more than 1 result.
I can get the page links showing and limit the search posting showing but when i click on one off the links i cant get to the next page
Heres the code
<?php
$search = $_POST["search"];
$field = $_POST["field"];
if($_POST["submit"] && $search)
{
echo "<div id='result'>";
echo "<h2>Resultat</h2>";
$search = strtoupper($search);
$search = strip_tags($search);
$search = trim($search);
$query = "SELECT * FROM blogTable WHERE title LIKE '%$search%'
UNION
SELECT * FROM blogTable WHERE post LIKE '%$search%'";
$result = mysql_query($query, $conn) or die(mysql_error());
$matches = mysql_num_rows($result);
if($matches == 0)
//code if serch didnt result any results
else if($matches == 1)
//code if the matches only 1
else
{
$per_page = 4;
$pages = ceil($matches / $per_page);
$page = (isset($_GET['page'])) ? (int)$_GET['page']: 1;
$start = ($page - 1) * $per_page;
$query2 = "SELECT * FROM blogTable WHERE title LIKE '%$search%'
UNION
SELECT * FROM blogTable WHERE post LIKE '%$search%' LIMIT $start, $per_page";
$result2 = mysql_query($query2, $conn) or die(mysql_error());
echo "<font size='-1'>Sökningen $search gav $matches resultat</font><br/>";
while ($r2 = mysql_fetch_array($result2))
{
$id = $r["id"];
$title = $r["title"];
$post = $r["post"];
$time = $r["time"];
echo "<br/><strong><a href='comment.php?id=$id'>$title</a></strong><br/>";
echo "<font size='-1'>".substr($post, 0, 60)."</font><br/>";
echo "<font size='-1'>".substr($post, 60, 70)."</font><br/>";
echo "<font size='-3'>$time</font><br/>";
}
//theese are showin but cannot click of any of them
if($pages >= 1 && $page <= $pages)
{
for($nr = 1; $nr <= $pages; $nr++)
{
if($nr == $page)
echo "<a href='?page=".$nr."' style='font-size:20px;'>$nr</a>";
else
echo "<a href='?page=".$nr."' style='font-size:15px;'>$nr</a> ";
}
}
}
}
?>
Is there a specific reason you are using a UNION?
If not, you can change:
$query = "SELECT * FROM blogTable WHERE title LIKE '%$search%'
UNION
SELECT * FROM blogTable WHERE post LIKE '%$search%'";
to:
$query = "SELECT * FROM blogTable WHERE (title LIKE '%$search%') OR (post LIKE '%$search%')";
Anyway, I would never execute the same query twice, just get the first x results if no start parameter was given (for example a page number in the query string) and calculate the start point when a start parameter was given.
And if you want the total, use a COUNT(*) query or change your query:
$query = "SELECT SQL_CALC_FOUND_ROWS * FROM blogTable WHERE (title LIKE '%$search%') OR (post LIKE '%$search%')";
One thing that catches the eye is that the code you show is vulnerable to SQL injection.
Get rid of the strip_tags() (if it's for security, in which case it's useless) and do a mysql_real_escape_string() on every value you use in the search queries, or check whether the value is actually a number when using int columns.
Another thing is that the <font> tag is outmoded. The cool CSS way of styling text is having an external CSS stylesheet, and defining in it something like
span.small { font-size: 12px; color: green }
and then using it in the HTML like so:
<span class="small">Text goes here</span>
that said, this probably belongs on CodeReview.SE....
First, I always recommend to use GET method and not POST method for searches and filters, next, maybe this pagination php class can help you.