this code gives no result even if the word exists in database
<?php
$query = $_GET['query'];
$min_length = 3;
if (strlen($query) >= $min_length) {
$query = htmlspecialchars($query);
$query = $DB_con->quote($query);
$raw_results = $DB_con->prepare("SELECT * FROM e3lanat
WHERE (`e_title` LIKE '%" . $query . "%') OR (`e_content` LIKE '%" . $query . "%')");
if ($raw_results->rowCount() > 0) {
while ($results = $raw_results->fetch(PDO::FETCH_OBJ)) {
echo "<p><h3>" . $results->e_title . "</h3>" . $results->e_content . "</p>";
}
} else {
echo "No results";
}
} else {
echo "No results 2";
}
?>
<form action="search.php" method="GET">
<input type="text" name="query" class="form-control" placeholder="بحث عن إعلانات " style='width:300px;'>
<button type="submit" value="Search"></button>
</form>
$raw_results = $DB_con->prepare("SELECT * FROM e3lanat
WHERE (`e_title` LIKE '%".$query."%') OR (`e_content` LIKE '%".$query."%')");
if($raw_results->rowCount() > 0){
You only prepare() the query, but not execute()-ing it.
Related
<input type="text" name="question" required class="form-control" placeholder="Question" value=<?php
$emid = $_GET['key1'];
$sql = "SELECT * FROM posses_ques WHERE id = '$emid'";
$result = mysqli_query($connection, $sql);
if (mysqli_num_rows($result) > 0){
while ($row = mysqli_fetch_assoc($result)) {
echo $row['ques'];
}
} else {
echo "No Data Available";
}
?>
>
A tidier solution and one that does not allow SQL Injection Attack might be something like this
<?php
$sql = "SELECT * FROM posses_ques WHERE id = ?";
$stmt = $connection->prepare($sql);
$stmt->bind_param('i', $_GET['key1']):
$stmt->execute();
$result = $stmt->get_result();
$x = 0;
if ( $result->num_rows > 0 ){
while ($row = $result->fetch_assoc()) {
echo '<input type="text" name="question' . $x . '" value="' . $row['ques']. ' required class="form-control" placeholder="Question" ';
$x++;
}
} else {
echo "No Data Available";
}
Note also the unique name attribute. These need to be unique or you wont see all of them in the data returned to the scripts from a form
I am trying to add a character before/after value in mysql query. but I can't make it work.
This is the part that doesn't work in my case:
$query = "select CONCAT ('.', DuRpt) as DuRpt, DaRpt from DDtb order by DATE DESC";
You can see the full code below. Any ideas why it doesn't work or can I get an alternative solution, please. thanks.
<div class="container">
<div class="left">
<?php
include ("etc/config.php");
$query = "select concat ('.', DuRpt) as DuRpt, DaRpt from DDtb order by DATE DESC";
$result = mysqli_query($link, $query);
if (!$result) {
$message = 'ERROR:' . mysqli_error($link);
return $message;
} else {
$i = 0;
echo '<form name="select" action="" method="GET">';
echo '<select name="mySelect" id="mySelect" size="44" onchange="this.form.submit()">';
while ($i < mysqli_field_count($link)) {
$meta =
mysqli_fetch_field_direct($result, $i);
echo '<option>' . $meta->name . '</option>';
$i = $i + 1;
}
echo '</select>';
echo '</form>';
}
?>
</div>
<div>
<?php
if(isset($_GET['mySelect'])) {
$myselect = $_GET['mySelect'];
$sql = "SELECT `$myselect` as mySelect from DDtb order by DATE DESC";
$result = mysqli_query($link, $sql);
if ($result->num_rows > 0) {
$table_row_counter = 3;
echo '<table>';
while($row = $result->fetch_assoc())
{
$table_row_counter++;
if ($table_row_counter % 30 == 1) {
echo '</table>';
echo '<table>';
}
echo "<tr><td>" . $row["mySelect"] . "</td></tr>";
}
}
}
echo '</table>';
mysqli_close($link);
?>
</div>
</div>
For the 2nd half of your code, you can do this:
note you won't need to concat anything in your initial query
if(isset($_GET['mySelect'])) {
// configure every option here, if there's not pre/postfix, use a blank string
$prepostfixes = [
'DuRpt' => ['.', '.'],
'DaRpt' => ['', ''],
];
$myselect = $_GET['mySelect'];
if (!isset($prepostfixes[$myselect])) {
die ('Unknown Select'); // this will prevent sql injection
}
$sql = "SELECT `$myselect` as mySelect from DDtb order by DATE DESC";
$result = mysqli_query($link, $sql);
if ($result->num_rows > 0) {
$table_row_counter = 3;
echo '<table>';
$prefix = $prepostfixes[$myselect][0];
$postfix = $prepostfixes[$myselect][1];
while($row = $result->fetch_assoc())
{
$table_row_counter++;
if ($table_row_counter % 30 == 1) {
echo '</table>';
echo '<table>';
}
echo "<tr><td>" . $prefix . $row["mySelect"] . $postfix . "</td></tr>";
}
}
}
Just update your code and remove the duplicate of DuRpt from it.
$query = "select concat ('.', DuRpt) as DuRpt from DDtb order by DATE DESC";
So I have search bar that I'm hoping searches records in a mysql database and show them on a webpage. It should allow the user to choose the field they are searching under but it is is not showing the records the other end. Any ideas?
html:
<form action='recordresult.php' method='POST' name='form_filter' class="form-style-1" >
<b>Search</b><br>
<select name="selectVal">
<option value="category" >Select a category</option>
<option value="first_name">First Name</option>
<option value="surname">Surname</option>
<option value="address">Address</option>
<option value="phonenumber">Telephone</option>
</select>
<input type='text' name='search' placeholder='Enter text here...'><br>
<input type='submit' value='Send'>
</form>
PHP
<?php
include("config.php");
$link = mysqli_connect($server, $db_user, $db_pass)
or die ("Could not connect to mysql because ".mysqli_error($link));
// select the database
mysqli_select_db($link, $database)
or die ("Could not select database because ".mysqli_error($link));
$search = isset($_POST['search']) ? htmlspecialchars(trim($_POST['search'])) : null;
$catLocation = isset($_POST['selectVal']) ? htmlspecialchars(trim($_POST['selectVal'])) : null;
$query = "SELECT * FROM $table WHERE ";
//YOU INDICATED YOU'D NEED TO RUN THE SEARCH-QUERY IF THE SEARCH-TERM AND SEARCH-SCOPE ARE DEFINED IE: NOT NULL; HOWEVER IF THE SEARCH TERM IS NOT GIVEN, YOU SELECT EVERYTHING IN THAT TABLE... (BAD PRACTICE, THOUGH)
if($catLocation){
if($search){
if($catLocation == "category"){
$query .= " category LIKE '%" . $search . "%'";
}
else if($catLocation == "first_name"){
$query .= "first_name LIKE '%" . $search . "%'";
}
else if($catLocation == "surname"){
$query .= "surname LIKE '%" . $search . "%'";
}
else if($catLocation == "address"){
$query .= "address LIKE '%" . $search . "%'";
}
else if($catLocation == "phonenumber"){
$query .= "phonenumber LIKE '%" . $search . "%'";
}
}
else{
$query .= "1";
}
$sql = mysqli_query($query);
//HERE AGAIN WAS AN ERROR... YOU PASSED mysql_fetch_array A STRING $query INSTEAD OF A RESOURCE: $sql
while ($row = mysqli_fetch_array($sql)){
$firstname = $row["first_name"];
$surname = $row["surname"];
$address = $row["address"];
$phonenumber = $row['phonenumber'];
echo "First Name : $firstname<br>";
echo "Surname : $surname<br>";
echo "Address : $address<br>";
echo "Phone Number: $phonenumber<br>";
}
}
?>
The code doesn't provide any errors just a blank area where it should be. Also wondering if anyone know if it's possible to have first_name and surname as fields and search say "Emma Watson" and to be able to return results from both fields if one of the words are in there?
Thanks for all your help!
Please check below updated code
include("config.php");
$link = mysqli_connect($server, $db_user, $db_pass) or die ("Could not connect to mysql because ".mysqli_error($link));
// select the database
mysqli_select_db($link, $database)
or die ("Could not select database because ".mysqli_error($link));
$search = isset($_POST['search']) ? htmlspecialchars(trim($_POST['search'])) : null;
$catLocation = isset($_POST['selectVal']) ? htmlspecialchars(trim($_POST['selectVal'])) : null;
$query = "SELECT * FROM $table WHERE ";
//**If you want to merge for first name and surname then you need to merge both query with OR condition as below**
if($catLocation){
if($search){
if($catLocation == "category"){
$query .= " category LIKE '%" . $search . "%'";
}
else if($catLocation == "name"){
$query .= " ( first_name LIKE '%" . $search . "%' OR surname LIKE '%" . $search . "%' ) ";
}
else if($catLocation == "address"){
$query .= "address LIKE '%" . $search . "%'";
}
else if($catLocation == "phonenumber"){
$query .= "phonenumber LIKE '%" . $search . "%'";
}
}
else{
$query .= "1";
}
$sql = mysqli_query($link, $query); // **Adding reference connection variable**
while ($row = mysqli_fetch_array($sql)){
$firstname = $row["first_name"];
$surname = $row["surname"];
$address = $row["address"];
$phonenumber = $row['phonenumber'];
echo "First Name : $firstname<br>";
echo "Surname : $surname<br>";
echo "Address : $address<br>";
echo "Phone Number: $phonenumber<br>";
}
}
Merge 2 fields (Firstname and surname) in single (name) for search in both fields
<form action='recordresult.php' method='POST' name='form_filter' class="form-style-1" >
<b>Search</b><br>
<select name="selectVal">
<option value="category" >Select a category</option>
<option value="name">name</option>
<option value="address">Address</option>
<option value="phonenumber">Telephone</option>
</select>
<input type='text' name='search' placeholder='Enter text here...'><br>
<input type='submit' value='Send'>
</form>
Here is the code :-
<?php
include 'include/header.php';
include 'include/connect.php';
mysql_select_db("search_db") or die("Couldn't select database.");
$output = '';
//collect
if(isset($_POST['search']) && $_POST['search'] != "") {
$searchq = $_POST['search'];
$searchq = preg_replace("#[^0-9a-z]#i","",$searchq);
$query = mysql_query("SELECT * FROM people WHERE name LIKE '%".
$searchq . "%' OR id LIKE '" . $searchq . "';");
$count = mysql_num_rows($query);
if($count == 0) {
$output = 'There was no search results!';
} else {
while ($row = mysql_fetch_array($query)) {
$fname = $row ['name'];
$id = $row ['id'];
$output .= '<div>'.$name.' '.$id.'</div>';
}
}
}
?>
<!--html-->
<form action="search.php" method="post">
<input type="text" name="search" placeholder="Search..">
<input type="submit"value="search">
I am trying to set up search in my website using php and mysql I am getting an error like this " An error has occurred - could not connect to the database."
Let me know search result code like name , user photo, description, type box anyone can help us appreciated
Created an sql search query with having multiple fields I created using if else condition it is working fine but if 1 and 2nd field is emty and 3rd field is not then it dies not work just because of OR keyword please advise how I would be able to correct this
<form method="POST" action="search.php?action=go">
<li>
<h3>Player</h3>
<input type="text" class="form-control" placeholder="Dylan Scout" name="playername" value="<?php if(isset($_POST["playername"])) {echo $_POST["playername"];} ?>">
</li>
<li>
<h3>Age</h3>
<input type="text" class="form-control" placeholder="25" name="age" value="<?php if(isset($_POST["age"])) {echo $_POST["age"];} ?>">
</li>
<li>
<h3>Country</h3>
<input type="text" class="form-control" placeholder="Wallabies" name="country" value="<?php if(isset($_POST["country"])) {echo $_POST["country"];} ?>">
</li>
<li>
<h3>Club</h3>
<input type="text" class="form-control" placeholder="Eagle" name="club" value="<?php if(isset($_POST["club"])) {echo $_POST["club"];} ?>">
</li>
<li>
<button type="submit" name="search">Search</button>
</li>
</form>
And here is my sql php query
<?php
if(isset($_GET["action"]) == 'go') {
$stmt = "SELECT * FROM users WHERE";
if($_POST["playername"]) {
$stmt .= " OR fname LIKE '%".$_POST["playername"]."%' OR lname LIKE '%".$_POST["playername"]."%'";
}
if($_POST["age"]) {
$stmt .= " OR age LIKE '%".$_POST["age"]."%' ";
}
if($_POST["country"]) {
$stmt .= " OR country LIKE '%".$_POST["country"]."%' ";
}
if($_POST["club"]) {
$stmt .= " OR club LIKE '%".$_POST["club"]."%' ";
}
} else {
$stmt = "SELECT * FROM users ";
}
echo $stmt . "<br />";
$sql = mysqli_query($connection, $stmt);
?>
Please let me know how would I be able to make it work properly as if i write on 3rd fields and leave other fields empty then it will become asWHERE OR which will become obviously wrong query and won't work
Thank You
The function implode will help you.
Add them into an array and connect them after.
<?php
$array = array();
if (isset($_POST["playername"]))
$array[] = "fname LIKE '%".$_POST["playername"]."%' OR lname LIKE '%".$_POST["playername"]."%";
if (isset($_POST["age"]))
...
$stmt = "SELECT * FROM users";
if (count($array) > 0)
$stmt .= " WHERE " . implode(" OR ",$array);
$sql = mysqli_query($connection, $stmt);
?>
Try this. Using implode() you can achieve this.
<?php
if(isset($_GET["action"]) == 'go') {
$where = array();
if($_POST["playername"]) {
$where[] = " OR fname LIKE '%".$_POST["playername"]."%' OR lname LIKE '%".$_POST["playername"]."%'";
}
if($_POST["age"]) {
$where[] = " OR age LIKE '%".$_POST["age"]."%' ";
}
if($_POST["country"]) {
$where[] = " OR country LIKE '%".$_POST["country"]."%' ";
}
if($_POST["club"]) {
$where[] = " OR club LIKE '%".$_POST["club"]."%' ";
}
if(!empty($where))
{
$stmt = "SELECT * FROM users WHERE " . implode(" AND ", $where) ." ";
}
else
{
$stmt = "SELECT * FROM users ";
}
} else {
$stmt = "SELECT * FROM users ";
}
echo $stmt . "<br />";
$sql = mysqli_query($connection, $stmt);
?>
add where condition to an array, and next use implode function, for example:
<?php
if(isset($_GET["action"]) == 'go') {
$stmt = "SELECT * FROM users";
if($_POST["playername"]) {
$where[] = "fname LIKE '%".$_POST["playername"]."%' OR lname LIKE '%".$_POST["playername"]."%'";
}
if($_POST["age"]) {
$where[] = "age LIKE '%".$_POST["age"]."%' ";
}
if($_POST["country"]) {
$where[] = "country LIKE '%".$_POST["country"]."%' ";
}
if($_POST["club"]) {
$where[] = "club LIKE '%".$_POST["club"]."%' ";
}
if(count($where))
$stmt .= " WHERE " . implode(" OR ", $where);
echo $stmt . "<br />";
$sql = mysqli_query($connection, $stmt);
?>