I have the following code when I search for Juan Pedro Cruz nothing appears. But if I search only for juan, it does appear.
<?php
if(isset($_POST["btnssrch1"])){
$cno1 = $_POST["ssrch1"];
$p = mysqli_query($link,"select * from patient
where PatientId like '%$cno1%'
or FirstName like '%$cno1%'
or MiddleName like '%$cno1%'
or LastName like '%$cno1%'");
}
A few pointers for you:
Try to sanitize the inputs.
$cno1 = mysqli_real_escape_string($link, $_POST["ssrch1"]);
Since you are using multiple columns, your SQL should be like:
WHERE CONCAT(`FirstName`, ' ', `MiddleName`, ' ', `LastName`) LIKE '%{$cno1}%'
Change your query to something like below, which concentrates the full name and then compare the same with like, assuming PatientId is numerical,
$p = mysqli_query($link,"select * from patient where CONCAT(FirstName,' ',MiddleName,' ',LastName) like '%{$cno1}%'");
This won't create any problem if you are just learning in local machine, but in production, always sanitize user inputted data and never trust user data.
Related
Currently I have a query that searchs for sentences/words, it works almost as expected,
I have a regex expresion that searches for names in a table, expample:
function getNames($str){
$stmt = "SELECT * FROM users WHERE name = :name
OR name REGEXP :reg1
OR name REGEXP :reg2
OR name LIKE :lik1";
$query = self::$connection->prepare($stmt);
$query->execute(array(":name"=>$str,
":reg1"=>"^$str" . "[a-zA-Z\s]*$",
":reg2"=>"^[a-zA-Z]*[\s]*[$str][a-zA-Z]"
":lik1"=>"%" . $str . "%"
));
return $query->fetchAll(PDO::FETCH_ASSOC);
}
Let's suppose my table contains the following values
Bob
Peter
Mark
David
John
If I run my query with Bob as $name value it gets it but I would like to be able to find Bob when I run the query using BobsomeLettersExtra or Bob something as $name value
Is there a way to do this using REGEXP or LIKE ?
SELECT * FROM users WHERE name LIKE '%".$name."%'
above query should be enough to get the result. You should validate data before you enter data to the table if not please use the regex as well
"SELECT * FROM users WHERE name LIKE '%".$name."%' AND REGEXP ^".$name."[a-zA-Z]*$"
UPDATE
sorry if i have misunderstand the question please try this
"Select * from users WHERE '".$name."' LIKE CONCAT(name , '%')"
You may try below Query with where Clause for LIKE :
"SELECT * FROM users WHERE name = ".$name." OR name LIKE '%".$name."%' OR name REGEXP ^".$name."[a-zA-Z]*$"
A previous variable from a query gave me a value $name. I need to find the user id associated with that name, however in my users table I have two fields, firstName and lastName.
I cannot explode $name as I have both cases of double names (e.g. John Eric Smith) and last names (e.g. Jan van der Worde), so my attempt was to find a way to match firstName + lastName with $name.
My attempt was this:
$drid = "SELECT id FROM users WHERE CONCAT(firstName,' ',lastName)='$name'";
$rest = mysql_query($drid);
while ($row = mysql_fetch_row($rest)) {
$driver_id = $row[0];
}
Unfortunately, nothing comes out as a result for $driver_id (whereas $name returns a result).
Thank you for your help!
Are you looking for something like this:
<?php
$drid = "SELECT id FROM users WHERE CONCAT(firstName, ' ', lastName) LIKE '%".$name."%'";
$rest = mysql_query($drid);
while ($row = mysql_fetch_row($rest)) {
$driver_id = $row[0];
}
?>
I would suggest adding a new fullname field or using a temp table rather than using the concat, for performance reasons.
https://stackoverflow.com/a/29285246/3923450 should work though if you are looking for a temp solution
I'm working with an existing database that has first name and last name seperated in the database. I need to create a function that will take one search input and return results. say my database has a structure like....
nameFirst nameLast
Joe Smith
Joe Jones
Joe Brown
How could I, using MySql, take a search input that is say 'Joe Smith' and just get his row? But if I put just 'Joe' in the search field, return them all? Will I need to explode the string with a space? thanks!
SELECT *
FROM table
WHERE CONCAT( nameFirst, ' ', nameLast ) LIKE '%Joe%'
Be sure to sanitize any user submitted parameters such as "Joe"
SELECT * FROM table WHERE CONCAT(nameFirst, ' ', nameLast) LIKE 'Joe%';
I suggest to use this if you are sure that your search input start with "Joe" to filter more.
In my humble opinion in a lot of cases we don't know if the search input is the name or the surname so I suggest to use this:
SELECT * FROM table WHERE CONCAT(nameFirst, ' ', nameLast) LIKE 'SEARCH_INPUT%' OR CONCAT(nameLast, ' ', nameFirst) LIKE 'SEARCH_INPUT%';
$sql = "SELECT * from add_contact WHERE ( CONCAT(first_name, ' ',last_name) LIKE '%$search%' OR first_name LIKE '%$search%' OR last_name LIKE '%$search%' OR company LIKE '%$search%') AND (archives='$archives') ORDER BY UNIX_TIMESTAMP(sort_date) DESC";
My users can search for an order by an address right now. What I would like to do is let them be able to search with multiple criteria. Let them search by address, city, state, etc etc.
I have tried using the following code, but it doesn't seem to work.
$sql = ("SELECT order_number, sitestreet FROM `PropertyInfo` WHERE `sitestreet` LIKE '%$street%' OR `sitecity` LIKE '%$city%' AND `user` LIKE '$user'");
$result = mysql_query($sql);
I don't think it's reading the value in $user cause it displays all orders for all users.
How can I make it possible to search for an order using multiple serach values?
Thank you!
Wrap your OR statements in parenthesis so it forms one top-level condition, the user is the other top-level condition:
$sql = '
SELECT
`order_number`,
`sitestreet`
FROM
`PropertyInfo`
WHERE
(
`sitestreet` LIKE "%'.$street.'%" OR
`sitecity` LIKE "%'.$city.'%"
) AND
`user` = '.$user;
Also note, you want a direct match to the user column, use = instead of LIKE. I am assuming that $user is a numeric ID...
How about trying like
$sql = ("SELECT order_number, sitestreet FROM PropertyInfo WHERE (sitestreet LIKE
'%$street%' OR sitecity LIKE '%$city%') AND user LIKE '$user'");
AND has a higher order of precedence than OR (see http://dev.mysql.com/doc/refman/5.0/en/operator-precedence.html for details). You need to wrap your OR statement in parentheses so it get evaluated as one statement, before the AND statement.
SELECT order_number, sitestreet
FROM `PropertyInfo`
WHERE (`sitestreet` LIKE '%$street%' OR `sitecity` LIKE '%$city%')
AND `user` LIKE '$user'
Try:
$sql = ("
SELECT order_number, sitestreet
FROM `PropertyInfo`
WHERE (`sitestreet` LIKE '%$street%'
OR `sitecity` LIKE '%$city%')
AND `user` LIKE '$user'");
You should group the ORs together. The way it is written I believe it is reading it as 'if Street matches, ignore any other conditions (OR), otherwise both city and user must match.
Also G molvi's point is good, unless you're looking for a pattern match, go with =
HTH
I've got a table of first names and last names.
I'm trying to make a jQuery instant search on an input, in order to find very quickly and precisely a person in a huge list of people.
When the first word is entered in the input, it might be the first name or the last name.
I do this : SELECT * FROM myTable WHERE firstName LIKE %content% OR lastName LIKE %content%
When two words are entered, it might be:
* the full firstname and a bit of the lastname
* the full lastname and a bit of the firstame
So I tried this query : SELECT * FROM myTable WHERE (firstName = content1 AND lastName LIKE %content2%) OR ( lastName = content1 AND firstName LIKE %content2%)
Unfortunately parenthesis seems to do nothing, and the query is not interpreted this way, I've got a lot of results, basically produced by the two LIKE %% condition
Anyone had deal with this before and could give me a hand?
Thanx
If one of the words is going to be the full first name of the full last name, while the other word is a partial of the other, why don't you split up the words first? Then you'd pass in two paramaters and have:
SELECT
*
FROM
myTable
WHERE
(
firstName = %content1%
AND lastName LIKE %content2%
) OR (
lastName = %content1%
AND firstName LIKE %content2%
)
I believe you are going to need to split the two words entered and use them indepenently in your query.
It would probably work this way (assuming that the two words are in the content variable):
SELECT ... WHERE
CONCAT(firstName, " ", lastName) LIKE content%
OR CONCAT(lastName, " ", firstName) LIKE content%
however this approach would not be very efficient (no index usage). I would split the two words into two variables (word1, word2) and make it something like:
SELECT ... WHERE
(firstName = word1 AND lastName LIKE word2%)
OR (lastName = word1 AND firstName LIKE word2%)
SELECT * FROM myTable WHERE
(firstName = 'content1' AND lastName LIKE content2%)
OR
(lastName = 'content1' AND firstName LIKE content2%)
When two words are entered, it might
be: * the full firstname and a bit of
the lastname * the full lastname and a
bit of the firstame
If it is ALL of (exact match) the first or last name, then the = test seems correct. Just in case it is an error in the PHP part, this is how it should look like.
$qry = '
SELECT * FROM myTable
WHERE (firstName = content1 AND lastName LIKE '%".mysql_real_escape_string(content2)."%')
OR ( lastName = content1 AND firstName LIKE '%".mysql_real_escape_string(content2)."%')';
If it is a bit of both, then you need the wildcard twice
$qry = '
SELECT * FROM myTable
WHERE (firstName LIKE '%".mysql_real_escape_string(content1)."%' AND lastName LIKE '%".mysql_real_escape_string(content2)."%')
OR ( lastName LIKE '%".mysql_real_escape_string(content1)."%' AND firstName LIKE '%".mysql_real_escape_string(content2)."%')';