I would like to do search for advanced search. The Search feature has and/or for every category. User can choose any combination of and n or. Here i give the screenshot
I store the and/or into variable call $pil, $pil1,$pil2 and $pil3. And will put them in query. it's better than validate one by one every condition of and/or
So this is my query using postgresql in PHP
$query = pg_query("SELECT evaluationdate,onlinename,channel,topik,reviewername,sourceevaluation,evaluation
from AgentPerformance
where onlinename like '%".$VEOn1."%'
".$pil." reviewername like '%".$VERev1."%'
".$pil1." channel like '%".$VEChan1."%'
".$pil2."sourceevaluation like '%".$VESource1."%'
".$pil3."evaluationdate between '".$VEStart1."' and '".$VEEnd1."'");
EDIT :
The problem now, All the variables must not be empty or the query will be error. any way to trick this?
You've missed some spaces near sourceevaluation and evaluationdate
Try with this query :
$query = pg_query("SELECT evaluationdate,onlinename,channel,topik,reviewername,sourceevaluation,evaluation
from AgentPerformance
where onlinename like '%".$VEOn1."%'
".$pil." reviewername like '%".$VERev1."%'
".$pil1." channel like '%".$VEChan1."%'
".$pil2." sourceevaluation like '%".$VESource1."%'
".$pil3." evaluationdate between '".$VEStart1."' and '".$VEEnd1."'");
Simply. Use validation for each $pil whether it is empty or not. it makes me validate 4 times, but it solves the problem. The syntax error has been solved too
Related
Hi i need to build a Query with 3 likes in Yii2. it´s a formsearch.
Select vchName, vchType, vchEmail from Tours where vchName like _Post('vchname') and vchType like _Post('vchType') and vchEmail like _Post('vchEmail')
i try this, but it's wrong. pls help.
$query->where(['like','vchName',Yii::$app->request->post('vchName')])->
andWhere(['like','vchJourney',Yii::$app->request->post('vchJourney')])->
andWhere(['like','vchTypesOfTours',Yii::$app->request->post('vchTypesOfTours')]);
this is the error:
.Invalid Argument – yii\base\InvalidArgumentException
Operator 'LIKE' requires two operands.
As your error message hints, Operator 'LIKE' requires two operands.
I'm assuming that you have situations where your code is running on a non-POST request or you're simply not supplying all the POST params that you need to run the query.
I sugest using method andFilterWhere instead of andWhere.
$query
->andFilterWhere(['like','vchName',Yii::$app->request->post('vchName')])
->andFilterWhere(['like','vchJourney',Yii::$app->request->post('vchJourney')])
->andFilterWhere(['like','vchTypesOfTours',Yii::$app->request->post('vchTypesOfTours')]);
Note that if any of the params supplied are empty (like Yii::$app->request->post('vchName')), the condition itself wil be skipped.
Verify that you are using/posting those variables correclty. espacially since the default notation should be something like Yii::$app->request->post('SearchFormName')['vchName']
For my database query I have to use multiple where clause query in Codeigniter PHP. I wrote the code like this:
$this->db->and_where_in('category_name,publication_status','home_headline_sub',1);
But this query shows database query error in browser. Then I wrote this query:
$this->db->where('category_name,publication_status','home_headline_sub',1);
But it still give error. Can anyone help me to solve this? Thanks in advance.
You can chain database clauses, so you would write it as
$this->db->where('category_name','case')->where('publication_status','case')->where('home_headline_sub','case');
This would generate a query's WHERE clause as
// WHERE category_name = 'case' AND publication_status = 'case' AND home_headline_sub = 'case'
Documentation here: http://ellislab.com/codeigniter/user-guide/database/active_record.html#chaining
you to use array in it.
$this->db->where(array('category_name'=>case,'publication_status'=>case,'home_headline_sub'=>case));
but I guess you want to check your value against three columns. you can use
$this->db->or_where(array('category_name'=>1,'publication_status'=>1,'home_headline_sub'=>1));
I hope it will help you.
//The simple way
$this->db->where('foo_field', 'foo_value')
->where('bar_field', 'bar_value')
->where('more_field', 'more_value');
//using custom string
//if your sql is really a complex one you can simply write like these
$this->db->where("(foo_filed = 'foo_value') AND (bar_field = 'bar_value') AND (more_field = 'more_value')");
//or may be with something more complex like this
$this->db->where("(foo_filed = 'foo_value') AND ((bar_field = 'bar_value') OR (more_field = 'more_value'))");
//while using a custom string make sure you put them all in the "double quotation marks" and use no ,commas. It is all a single line. The braces are not necessary always but I like to use them.
Documentation
I am trying to extend the Zend library in order to get queries like this one:
SELECT * FROM item i **force index(ix)** ORDER BY date LIMIT 100;
I am working arround with this Zend forum issue solution: http://framework.zend.com/issues/browse/ZF-7570
However I have a problem. Look at the code below.
$select->forceIndex('index');
echo $select->assemble();
// I get the right SELECT query with the force index hint
$this->fecthAll($select);
// The server execute a wrong SELECT query without the force index hint
Some help?
I am not pretty sure why, but if I remove the echo clause, fetchAll executes the right query...
So that's the answer, remove echo
In my opinion, the patch you are using is broken. If you check the source, it unsets the FORCE INDEX parts when creating the query the first time.
If you check it, $select->assemble() == $select->assemble() should give false.
i have a row in my database with name "active_sizes" and i want filter my website items by size, for this, i use LIKE Condition in php :
AND active_sizes LIKE '%" . $_GET['size'] . "%'
but by using this code i have problem
for example when $_GET['size']=7.0 this code shows items that active_sizes=17.0
my active_sizes value looks like 17.0,5.0,6.5,7.5,,
thanks
Using comma-separated values in a single field in a database is indicative of bad design. You should normalize things, and have a seperate "item_sizes" table. As it stands now, you need a VERY ugly where clause to handle such sub-string mismatches:
$s = (intval)$_GET['size'];
... WHERE (active_sizes = $s) // the only value in the field
OR (active_sizes LIKE '$s%,') // at the beginning of the field
OR (active_sizes LIKE '%,$s,%') // in the middle of the field
OR (active_sizes LIKE '%,$s') // at the end of the field
Or, if you normalized things properly and had these individual values in their own child table:
WHERE (active_sizes_child.size = $s)
I know which one I'd choose to go with...
You don't state which DB you're using, but if you're in MySQL, you can temporarily accomplish the same thing with
WHERE find_in_set($s, active_sizes)
at the cost of losing portability. Relevant docs here: http://dev.mysql.com/doc/refman/5.0/en/string-functions.html#function_find-in-set
You Have % signs around your $_GET value. Combined with LIKE, this means that any string that simply contains your get value will be retuned. If you want an exact match, use the = operator instead, without the percentage signs.
This will solve your immediate issue:
AND active_sizes LIKE '" . mysql_real_escape_string($_GET['size']) . "%'
If you are using the database other than MySQL, use corresponding escape function. Never trust input data.
Besides, I'd suggest using numeric field (DECIMAL or NUMERIC) for active_sizes field. This will accelerate your queries, will let you consume less memory, create queries like active_sizes BETWEEN 16.5 AND 17.5, and generally this is more correct data type for a shoe size.
I have a function that I use called sqlf(), it emulates prepared statements. For instance I can do things like:
$sql = sqlf("SELECT * FROM Users WHERE name= :1 AND email= :2",'Big "John"','bj#example.com') ;
For various reasons, I cannot use prepared statements, but I would like to emulate them. The problem that I run into is with queries like
$sql = sqlf("SELECT * FROM Users WHERE id IN (:1)",array(1,2,3) );
My code works, but it fails with empty arrays, e.g. the following throws a mysql error:
SELECT * FROM Users WHERE id IN ();
Does anyone have any suggestions? How should I translate and empty array into sql that can be injected into an IN clause? Substituting NULL will not work.
Null is the only value that you can guarantee is not in the set. How come it is not an option? Anything else can be seen as part of the potential set, they are all values.
I would say that passing an empty array as argument for an IN() clause is an error. You have control over the syntax of the query when calling this function, so you should also be responsible for the inputs. I suggest checking for emptiness of the argument before calling the function.
Is there a possibility that you could detect empty arrays withing sqlf and change the SQL to not have the IN clause?
Alteratively, you could postprocess the SQL before passing it to the "real" SQL executor so that "IN ()" sections are removed although you'd have to do all sorts of trickery to see what other elements had to be removed so that:
SELECT * FROM Users WHERE id IN ();
SELECT * FROM Users WHERE a = 7 AND id IN ();
SELECT * FROM Users WHERE id IN () OR a = 9;
would become:
SELECT * FROM Users;
SELECT * FROM Users WHERE a = 7;
SELECT * FROM Users WHERE a = 9;
That could get tricky depending on the complexity of your SQL - you'd basically need a full SQL language interpreter.
If your prepare-like function simply replaces :1 with the equivalent argument, you might try having your query contain something like (':1'), so that if :1 is empty, it resolves to (''), which will not cause a parse error (however it may cause undesirable behavior, if that field can have blank values -- although if it's an int, this isn't a problem). It's not a very clean solution, however, and you're better off detecting whether the array is empty and simply using an alternate version of the query that lacks the "IN (:1)" component. (If that's the only logic in the WHERE clause, then presumably you don't want to select everything, so you would simply not execute the query.)
I would use zero, assuming your "id" column is a pseudokey that is assigned numbers automatically.
As far as I know, automatic key generators in most brands of database begin at 1. This is a convention, not a requirement (auto-numbered fields are not defined in standard SQL). But this convention is common enough that you can probably rely on it.
Since zero probably never appears in your "id" column, you can use this value in the IN() predicate when your input array is empty, and it'll never match.
The only way I can think to do it would be to make your sqlf() function scan to see if a particular substitution comes soon after an "IN (" and then if the passed variable is an empty array, put in something which you know for certain won't be in that column: "m,znmzcb~~1", for example. It's a hack, for sure but it would work.
If you wanted to take it even further, could you change your function so that there are different types of substitutions? It looks like your function scans for a colon followed by a number. Why not add another type, like an # followed by a number, which will be smart to empty arrays (this saves you from having to scan and guess if the variable is supposed to be an array).