I defined a model and tried to get data from two tables using the UNION keyword. Here I used the LIKE keyword as a constraint. When I use this query without variables (hard-coded variable values), it works. But it doesn't work with variables. Instead it gives an empty array. What's wrong with it?
function searchProf(){
//$name=$this->input->post('name');
$name='du';
$query=$this->db->query("SELECT name FROM users WHERE name like '%".$name."%' UNION SELECT name FROM children WHERE name like '%".$name."%' ");
print_r ($query->result());
}
Change '%".$name."%' to this '%$name%'.
function searchProf(){
//$name=$this->input->post('name');
$name ='du';
$query = $this->db->query("SELECT name FROM users WHERE name like '%$name%' UNION SELECT name FROM children WHERE name like '%$name%' ");
print_r ($query->result());
}
Please use active record base or SQL binding to your SQL queries. Otherwise you have to face for SQL Injections.
`
function searchProf(){
$name ='du';
$sql = "SELECT name FROM users WHERE name like ? UNION SELECT name FROM children WHERE name like ? ";
$query = $this->db->query($sql,array('%'.$name.'%','%'.$name.'%'));
print_r ($query->result());
}
Related
I tried to make a search system which uses the LIKE operator to search results based on what the user typed. I'm using it with strings. The problem is that it doesn't show any result.
I hope this also helps people with the same confusion as me...
Code:
"SELECT * FROM table WHERE name LIKE ' . $input . ';";
input is a PHP variable from what the user typed.
EDIT: Don't worry about SQL injection, it's all offline.
for the proper use of like you should use wildchar eg :
SELECT * FROM table WHERE name LIKE concat('%', ? ,'%') ;
and you should not use var inside SQL code .. you are at risk for sqlinjectiomn
for avoid this you should take a look at you db driver for prepared statement and binding param
eg for PDO
$st = $conn->prepare("SELECT * FROM table WHERE name LIKE concat('%', ? ,'%')");
$st->bindParam(1, $input, PDO::PARAM_STR, 255);
$st->execute();
Try This
$string = "input";
$sql = "select * from table where name like '%$string%'"
Create a variable and store value what you want to search
$where = "AND name like '%$string%'";
and put it after table name
$sql = "select * from table_name $where";
I have a table with many columns
( A , B , C , D , E)
I have search form and it's works
$query = $pdo->prepare("
SELECT *
FROM Database
WHERE Name LIKE '%{$search}%'
");
On B column I have Names, on A column I have numbers.
I want to search a name from column B and to display it only if A = 0.
SELECT *
FROM Database
WHERE Name LIKE '%{$search}%'
AND A = 0
The SQL query would be the following, using '?' on LIKE to use the prepared statement logic, it is replaced on the next line for the variable $search.
$query = $pdo->prepare("
SELECT *
FROM Database
WHERE B LIKE '%?%' AND A=0
");
$sth->execute(array($search));
I have this variable $search=''; which stores words typed in a search bar and an empty default value. I then execute a query like this:
$result=$conn->query("SELECT * FROM users WHERE name LIKE '%".$search."%'");
But this query returns all rows when the $search variable is empty. And I want it to show "0" row results when it is empty.
This may have no sense at all but, I can't use a method like this:
if(!empty($search)){
$result=$conn->query("SELECT * FROM users WHERE name LIKE '%".$search."%'");
}
I need a method that executes the same query whatever the value of $search is. Is there any other method?
If you change your query, it'll return 0 rows if $search is empty.
$result=$conn->query("SELECT * FROM users WHERE name LIKE '%".$search."%' AND '".$search."' != ''");
Maybe using IF in a WHERE query helps you:
$result=$conn->query("SELECT * FROM users WHERE name LIKE IF ( '%".$search."%' = '%%', '', '%".$search."%')");
in case the search string is empty this will return only the empty names from the table; assuming there are no empty names in the table this will return zero results.
Send an empty array if the search variable is empty.
if(!empty($search)){
$result=$conn->query("SELECT * FROM users WHERE name LIKE '%".$search."%'");
}
else {
$result = [];
}
Hello I have 2 textboxes and i want to give to the user the option to choose one in order to find results. The user can search through the id or the name. My problem is because i use LIKE%field% when the user chooses to search through the id the name field stays empty and returns all the table rows. I want to have results only if the user enters some value in the textbox. This is my sql query. I'm using mysql
"SELECT * FROM properties WHERE ID='$id' OR Name LIKE '%$name%'"
Thank you all
If the user has to select which field to search, you can do:
if ($_POST['search'] == 'id') {
$sql = "SELECT * FROM properties WHERE ID='$id'"
} else {
$sql = "SELECT * FROM properties WHERE Name LIKE '%$name%'"
}
You can do this in a single query (values are checked from the query itself):
"SELECT * FROM properties WHERE ('$id'='' OR ID='$id') AND ('$name' ='' OR Name LIKE '%$name%')"
Explanation:
First condition:
The query will select records with ID='$id' only when $id is not empty.
If $id is empty, query will not go for the second part ID='$id'
Second condition:
The query filters records with Name LIKE '%$name%' only when $name is not empty.
If $name is empty, query will not go for Name LIKE '%$name%'.
NB: This technique is extremely useful when you have numerous parameters to check, rather than using a bunch of if...elses at php side.
I'm tring to convert a Mysql query to using a LIKE clause and I can't make it work.
$query = "SELECT id,name FROM `hin` WHERE name = '".$q."'";
What I've tried in some variations.
$query = "SELECT id,name FROM `hin` WHERE name LIKE %'".$q."'%";
I need the query to select row only on string match. Intend is to use variable as needle.
Use:
"SELECT id,name FROM `hin` WHERE name LIKE '%". $q ."%'"
The wildcarding has to be inside the single quotes.
Ideally, you want to use:
"SELECT id,name FROM `hin` WHERE name LIKE '%". mysql_real_escape_string($q) ."%'"