I don't know PHP at all, so I am struggling through this. I need to add an or section to a MySQL query, but the values I'm searching have double quotes. I need to figure out how to add them in PHP so they are passed in to MySQL. The current query looks like:
$query = 'SELECT * FROM ' .$tableName.' WHERE allowed_countries LIKE "%'.$regionId.'%" and skurules REGEXP "i:'.$secondlastdigit.';" and status = 1 ORDER BY id DESC LIMIT 1';
But I need to add an or statement to search for string values that looks like:
$query = 'SELECT * FROM ' .$tableName.' WHERE allowed_countries LIKE "%'.$regionId.'%" and skurules REGEXP "i:'.$secondlastdigit.';" or skurules REGEXP "s:1:'.$secondlastdigit.';" and status = 1 ORDER BY id DESC LIMIT 1';
with double quotes surrounding the second instance of '.$secondlastdigit.'; when passed into MySQL.
My JSON string I'm searching looks like this:
a:12:{i:1;s:2:"15";i:2;s:2:"10";i:3;s:2:"30";i:4;s:2:"50";i:5;s:3:"120";i:6;s:3:"240";i:7;s:3:"480";i:8;s:3:"960";i:9;s:4:"3786";s:1:"A";s:3:"100";s:1:"C";s:2:"60";s:1:"B";s:5:"18930";}
First of all: DON'T.
If you still want to, then...REALLY DO NOT.
Making SQL queries on serialized arrays is just hell. You should try to avoid it at all costs.
Either:
Convert the serialized column into a standard SQL table
or select the column into a PHP variable, unserialize it and search through it.
Example:
$properPhpArray = unserialize($sqlResult['column_name']);
Agreed, searching serialized string is not the best solution and what the developer did despite having a bottle_size table available. I needed a quick fix and no time/skill to rewrite a tax calculation magento extension so I used replace in the query to solve my problem for now.
Since "s:1:X" will always be just one alpha character after the 1 and will not match anything else. I change the query to:
$query = 'SELECT * FROM ' .$tableName.' WHERE allowed_countries LIKE "%'.$regionId.'%" and skurules REGEXP "i:'.$secondlastdigit.';" or replace(skurules,char(34),0) REGEXP "s:1:0'.$secondlastdigit.'0;" and status = 1 ORDER BY id DESC LIMIT 1';
Very hackish fix but gets me out of a bind for now..
Mark
Related
I have a loop that is producing a string like $sku = MAR-9-870-2-L. I have a database that is a list of "skusearchquery" that often look like skusearchquery = MAR-9. I am trying to do a search for all rows of the database that have a skusearchquery contained inside the string $sku.
I know the code below doesn't work because MAR-9-870-20-L is NOT LIKE MAR-9-870 because MAR-9-870 doesn't contain the longer string, so I'm wondering how I can say: if the row value skusearchquery matches part of the string MAR-9-870-20-L, then select it.
$search = mysqli_query($connect, "SELECT * FROM skusearch WHERE skusearchquery LIKE '%$sku%'");
Please try the LOCATE() function:
$search=mysqli_query($connect,"SELECT * FROM skusearch WHERE LOCATE(`skusearchquery`,'$sku'");
...if this tests positively, you should take tadman's advice and protect your query.
As you said, that your searchquery field can have smaller part of sku then you can try below query to get those results as well
$search = mysqli_query($connect, "SELECT * FROM skusearch WHERE skusearchquery LIKE '%$sku%'" or '$sku' like concat('%',skusearchquery,'%');
Also make sure to protect your queries from sql injection as suggested by #tadman.
I have mysql table that has a column that stores xml as a string. I need to find all tuples where the xml column contains a given string of 6 characters. Nothing else matters--all I need to know is if this 6 character string is there or not.
So it probably doesn't matter that the text is formatted as xml.
Question: how can I search within mysql?
ie
SELECT * FROM items WHERE items.xml [contains the text '123456']
Is there a way I can use the LIKE operator to do this?
You could probably use the LIKE clause to do some simple string matching:
SELECT * FROM items WHERE items.xml LIKE '%123456%'
If you need more advanced functionality, take a look at MySQL's fulltext-search functions here: http://dev.mysql.com/doc/refman/5.1/en/fulltext-search.html
Using like might take longer time so use full_text_search:
SELECT * FROM items WHERE MATCH(items.xml) AGAINST ('your_search_word')
SELECT * FROM items WHERE `items.xml` LIKE '%123456%'
The % operator in LIKE means "anything can be here".
Why not use LIKE?
SELECT * FROM items WHERE items.xml LIKE '%123456%'
you mean:
SELECT * FROM items WHERE items.xml LIKE '%123456%'
When you are using the wordpress prepare line, the above solutions do not work. This is the solution I used:
$Table_Name = $wpdb->prefix.'tablename';
$SearchField = '%'. $YourVariable . '%';
$sql_query = $wpdb->prepare("SELECT * FROM $Table_Name WHERE ColumnName LIKE %s", $SearchField) ;
$rows = $wpdb->get_results($sql_query, ARRAY_A);
Hi There I'm trying to get some data with this SELECT statement and when I just select two items it gives me result but when I place third item it doesn't give any result.
$Query="SELECT * from tableName WHERE status='true' AND gid='".$gid."' AND section='".$cid."'";
Plz any solution.
this one works fine, but when I add third item status='true'. doesn't work.
$Query="SELECT * from tableName WHERE gid='".$gid."' AND section='".$cid."'";
First, let me say this: Double-quoted strings can parse your variables, so this line can work, too:
$Query="SELECT * from tableName WHERE gid='$gid' AND SECTION='$cid'";
Try to learn PHP basics about using single ' and double " quotes here: What is the difference between single-quoted and double-quoted strings in PHP?
Related to the database query, is status field is present in your database table? If not, it should NOT be included within the database, or it will return FALSE boolean value. Instead, use IF if you want to be 'selectively' filtering the status of the table.
if('your conditions here'){
$query = "SELECT * FROM tableName WHERE gid='$gid' AND section='$cid'";
}
I think your mistake is the status='true'
probable the database control its field with 1 or 0 value.
I have simple table of hashes with 3 columns . Id is an email address.
Now, I want to retrieve the hash given id and type.
I do this:
$select = $this->getDbTable()->select();
$select->where('id=?', $id)->where('type=?', $type);
And I get
SELECT "hashes".* FROM "hashes" WHERE (id=\'randomemail#randomurl.com\') AND (type=\'email\')
instead of
SELECT "hashes".* FROM "hashes" WHERE (id='randomemail#randomurl.com') AND (type='email')
I have played around with quote and quoteInto, but it keeps escaping the quotes. Everywhere I look, it seems this should not be happening. Where could I be going wrong?
The same query works if type and id are integers though [in which case there are no quotes required]
Thanks!
The problem with the query was with the code after the $select was created. Even though the quotes seem escaped, the select works fine when used with fetchAll or fetchRow.
The following snippet worked correctly,
$select = $this->getDbTable()->select();
$select->where('id=?', $id)->where('type=?', $type);;
$hash = $this->getDbTable()->fetchRow($select)->toArray();
even though $select->__toString() showed
SELECT "hashes".* FROM "hashes" WHERE (id=\'someemail#gmail.com\') AND (type=\'default\') LIMIT 1
Try this instead
select = $this->getDbTable()->select();
$select->where('id=?',trim($id,"'"))->where('type=?', trim($type,"'"));
I've been trying to use a PHP integer array for a MySQL query that uses the NOT IN clause, but despite no errors it seems to always return the results I want filtered out.
Example:
$IDS = $_SESSION['Posts'];
$Select = 'SELECT *
FROM status
WHERE (W_ID = '.$ID.')
AND (ID NOT IN ("'.implode(',', $IDS).'"))
ORDER BY ID DESC
LIMIT '.$Begin.', '.$Number.'';
$Select = mysql_query($Select) OR DIE(mysql_error());
I'm pretty sure this is a logical syntax error.
What I've tested for:
I've made sure that $IDS is treated as an array. Also I have tested to see whether there are values stored within the array. I have also not quoted the integer array, but then I got a mysql syntax error for not having them.
The problem is the two ” in the beginning and the end of the IN block. They cause the entire implode array to become a comma-separated string.
Your actual query will look like this:
ID NOT IN ("1,2,3,4")
"1,2,3,4" is one string, not several values. Get rid of the " quotes.
You could try to use FIND_IN_SET rather than an IN clause.
$IDS = mysql_real_escape_string(implode(',', $IDS));
$Select = "SELECT * FROM status WHERE (W_ID=$ID)
AND (NOT FIND_IN_SET(ID, '$IDS'))
ORDER BY ID DESC LIMIT $Begin, $Number";
Anyway in SQL you are required to use single quotes for strings, not double quotes. That works with MySQL, but not for all configurations. Also gets more readable if you do it the other way round. (Single quotes in PHP for performance is retarded advise!)