I want to include a search by D.O.B with these fields "birth_day", "birth_month"
function search_users($term, $limit = 10, $friends = false) {
$sql = "SELECT * FROM `users` WHERE
(username LIKE '%{$term}%' OR first_name LIKE '%{$term}%' OR last_name LIKE '%{$term}%' OR email_address LIKE '%{$term}%') AND bannned='0'
";
$combined = $term;
$searchfield = explode(" ", $combined);
$sql = "SELECT * FROM `users` WHERE
(username LIKE '%{$term}%' OR first_name LIKE '%{$term}%' OR last_name LIKE '%{$term}%' OR email_address LIKE '%{$term}%' OR birth_month LIKE '%{$term}%' OR birth_day LIKE '%{$searchfield[0]}%' ) AND bannned='0'
";
Related
I try to create search system using php and sql current condition is working fine but if I want
to search for John Doe (firstname + lastname) nothing happens. I try the + between firstname and lastname but it did not work.
Condition is here:
if(isset($_POST["query"])){
$search = mysqli_real_escape_string($conn, $_POST["query"]);
$query = "
SELECT * FROM users
WHERE firstname LIKE '%".$search."%'
OR lastname LIKE '%".$search."%'
";
}
You msy try something like this (using CONCAT):
$query = "SELECT * FROM users
WHERE firstname LIKE '%".$search."%'
OR lastname LIKE '%".$search."%'
OR CONCAT(firstname,' ', lastname) LIKE '%".$search."%'";
i've tried to create a search engine with date range filter but the whenever i type on my 'search_textbox' it does not include the date it only search the fields where it much the statement 'name' like '%a%';
if($search !=''):
$added_query = "and date_created like '%".$search."%' or
name like '%".$search."%' or
alias like '%".$search."%' or
designation like '%".$search."%'
";
else:
$added_query ="";
endif;
$project_details = $this->db->query("SELECT *
FROM ".$query."_man_power
WHERE date_created BETWEEN '".$date_from."' AND '".$date_to."'
".$added_query."
order by date_created desc
");
return $project_details;
You probably are not formatting the dates in your where clause properly. See:
https://www.w3schools.com/SQl/sql_dates.asp
You want to make sure $date_from and $date_to look like the following depending on type:
$date_from = '2018-06-01 0:00:00';
$date_to = '2018-06-30 23:59:59';
You can inspect your query better to find the problem by viewing it.
$sql = "SELECT * FROM ".$query."_man_power";
$sql .= " WHERE date_created BETWEEN '".$date_from."' AND '".$date_to."'".$added_query;
$sql .= " order by date_created desc";
var_dump($sql);
$project_details = $this->db->query($sql);
When combining these conditions, it is important to use parentheses so that the database knows what order to evaluate each condition.So group the AND,OR conditions with parenthesis like : -
if($search !=''):
$added_query = "and (
date_created like '%".$search."%' or
name like '%".$search."%' or
alias like '%".$search."%' or
designation like '%".$search."%'
)";
else:
$added_query ="";
endif;
$project_details = $this->db->query("SELECT *
FROM ".$query."_man_power
WHERE date_created BETWEEN '".$date_from."' AND '"
.$date_to."'".$added_query." order by date_created desc");
return $project_details;`
try {
$keyword = trim($_GET["keyword"]);
if ($keyword <> "" ) {
$sql = "SELECT * FROM tbl_contacts WHERE 1 AND "
. " (first_name LIKE :keyword) ORDER BY first_name ";
$stmt = $DB->prepare($sql);
$stmt->bindValue(":keyword", $keyword."%");
} else {
$sql = "SELECT * FROM tbl_contacts WHERE 1 ORDER BY first_name ";
$stmt = $DB->prepare($sql);
}
i need to do multiple search, with first_name,last_name,middle_name,contact_no1 fields
If you want to do search with all fields add fields in WHERE with OR:
try {
$keyword = trim($_GET["keyword"]);
if ($keyword <> "" ) {
$sql = "SELECT * FROM tbl_contacts WHERE 1 AND "
. " (first_name LIKE :keyword OR last_name LIKE :keyword OR middle_name LIKE :keyword OR contact_no1 LIKE :keyword) ORDER BY first_name ";
$stmt = $DB->prepare($sql);
$stmt->bindValue(":keyword", $keyword."%");
} else {
$sql = "SELECT * FROM tbl_contacts WHERE 1 ORDER BY first_name ";
$stmt = $DB->prepare($sql);
}
public function search($requestArray){
$sql = "";
if( isset($requestArray['firstname']) && isset($requestArray['lastname']) ) $sql = "SELECT * FROM `tbl_contacts` WHERE AND (`first_name` LIKE '%".$requestArray['search']."%' OR `last_name` LIKE '%".$requestArray['search']."%')";
if(isset($requestArray['firstname']) && !isset($requestArray['lastname']) ) $sql = "SELECT * FROM `tbl_contacts` WHERE `first_name` LIKE '%".$requestArray['search']."%'";
if(!isset($requestArray['firstname']) && isset($requestArray['lastname']) ) $sql = "SELECT * FROM `tbl_contacts` WHERE `last_name` LIKE '%".$requestArray['search']."%'";
$STH = $this->DBH->query($sql);
$STH->setFetchMode(PDO::FETCH_OBJ);
$someData = $STH->fetchAll();
return $someData;
}
I used this method in one of my project for searching with two field hope it could help you. where $requestArray will get the data from form and 'firstname' , 'lastname' are two key of the array which you will enter your searchbox and submit to search. I just showed you here the query style and before that you have tor trim the values.
I have this code pretty much like a search engine within the database for peoples names.
if (isset($_POST['submit'])){
$keyword = $_POST['stats'];
$orderby = $_POST['orderby'];
if (!empty($_POST['stats'])) {
$getStats = $db->query("SELECT * FROM `stats` WHERE
`lastname` LIKE '%$keyword%' OR `firstname` LIKE '%$keyword%' OR
`nickname` LIKE '%$keyword%' ORDER BY `$orderby`
DESC");
This then prints the results back into a table, I thought the table code wasn't necessary and too long.
The above query works for if I search just the last name or just the first name, or nickname
but if there is for example a user in the database with the name, John Smith
so
Firstname: John
Lastname: Smith
If just searched 'John' he would be printed into the table, which is good and same if I just searched 'Smith'
But if I search 'John Smith' he would not be printed into the table.
How can I change this query so that this will happen, I have tried this:
$getStats = $db->query("SELECT * FROM `stats` WHERE
`firstname`, `lastname` = '$keyword' OR `lastname` LIKE '%$keyword%' OR `firstname` LIKE '%$keyword%' OR
`nickname` LIKE '%$keyword%' ORDER BY `$orderby`
DESC");
WHERE CONCAT(firstname, ' ', lastname) LIKE %$keyword%
Also you should be binding parameters rather than directly interpolating user input into the query string, your current code is vulnerable to SQL injection.
$keyword = str_replace(" ", "%", $keyword);
You can try REGEXP:
$keyword = $db->real_escape_string($_POST['stats']); // escape data
$orderby = $db->real_escape_string($_POST['orderby']); // escape data
$keyword = implode("|", explode(" ", $keyword));
$getStats = $db->query("SELECT * FROM stats
WHERE firstname REGEXP '$keyword'
OR lastname REGEXP '$keyword'
OR nickname REGEXP '$keyword'
ORDER BY $orderby DESC");
try this
$sql = "SELECT *
FROM stats
WHERE
firstname LIKE '%$keyword%'
OR lastname LIKE '%$keyword%'
OR CONCAT_WS(' ',firstname,lastname,) LIKE '%$keyword%'
OR CONCAT_WS(' ',lastname,firstname) LIKE '%$keyword%'
OR nickname LIKE '%$keyword%'
ORDER BY $orderby DESC";
I am trying to search the field firstname and lastname for a keyword
$q1 = strtolower($_GET["q"]);
$q=str_replace(" ","%",$q1);
$sql = "select DISTINCT users.*, user_id FROM users WHERE $email_filter
firstname LIKE '%$q%' OR lastname LIKE '%$q%' ORDER BY lastname";
$rsd = mysql_query($sql);
while($rs = mysql_fetch_array($rsd)) { echo $results }
this is what I have so far, issue is if you use John Doe as an example once you type John it finds it, doe it finds it, but john doe ... no results
I recommend that you bind the variables. You are exposed to sql injections otherwise.
$stmt = $mysqli->prepare("select * from users where firstname like ? AND lastname like ?");
$stmt->bind_param('ss', $firstname,$lastname);
Something like
SELECT * FROM users where CONCAT(firstname, ' ', lastname) like '%$q%'
Or
SELECT * FROM users where CONCAT_WS(' ', firstname, lastname) like '%$q%'
And if reversing is desirable, try this:
SELECT * FROM users where CONCAT_WS(' ', firstname, lastname) like '%$q%'
or CONCAT_WS(' ', lastname, firstname) like '%$q%'
(that is, if searching for "A B" should return "A B" as well as "B A")
you have to split your query string and search for each terms
$query_terms = explode(" ", $q1);
$conditions = ''
foreach($query_terms as $term){
$conditions = $conditions.' firstname LIKE "%'.$term.'%" OR lastname LIKE "%'.$term.'%"';
}
$sql = "select DISTINCT users.*, user_id FROM users WHERE $email_filter $conditions ORDER BY lastname";