We Keep Coding

Search using REPLACE in a SELECT with PDO and .MDB ACCESS, with PHP

I'm trying to write a mysql query that will match names from a table and the name in the database can contain dots or no dots. So, for example I would like my query string fast to match all of these: fast, f.ast, f.a.s.t etc.
I use PHP, with PDO connecting to a .MDB database.
I tried what I found here, with no success (I get error):
SELECT * FROM table WHERE replace(col_name, '.', '') LIKE "%fast%"
I think PDO for MDB databases is missing some functions :(
Any solution?

Thanks to Doug, I solved with:
$variable = implode("[.]", str_split($variable)) . "[.]";
and:
SELECT * FROM table
WHERE
col_name LIKE "%" . $variable ."%";

You cannot run the replace() function unless you are running the query through Access itself. You do however have a possible alternative, try the following:
SELECT * FROM table
WHERE
col_name LIKE "%fast%"
OR col_name LIKE "%f[.]a[.]s[.]t%";
The square brackets define an optional .
Or alternatively do it at PHP level with:
str_replace('.','',$var);

Query with quotes not working

I am sending a Query string like:-
String query = "select * from table where id = 12345 or id like '___1435'";
in php code:-
$phone = $_REQUEST['data1'];
$result = mysql_query($phone);
return $result;
through android but it is not working.
But a query like:-
String query = "select * from table where id = 12345 or id = 21435";
is working.
I also tried:-
$phone = mysql_real_escape_string($_REQUEST['data1']);
$result = mysql_query($phone);
return $result;
What could be the problem.
Most probably it is related to the quotes I am using in String.
How can I overcome this ?
Thank You!

A LIKE query needs percentage signs to signify a wild card, which I assume you are trying:
id like '%___1435%'
If you don't want this wildcard behaviour then you could just remove the like
id = '___1435'

I think the problem is that you're attempting to perform a string comparison on an integer field. Try casting your ID field as a CHAR first, like this:
select * from table where id = 12345 or CAST(id as CHAR) like '___1435'
Edit: It's going to be a guessing game unless you can a) post some error logs or b) post your MySQL query log (to see the actual query executing), which you can enable by turning on the General Query Log for your installation. Since it looks like you're accepting your query string via POST, if the string has been encoded in any way (ie url encoding), it'll affect your query if not properly decoded first.
A better and more secure approach would be to create a specific web service that accepts the ID to query, which you can pass into a prepared statement server side. It's better practice anyway so your system isn't vulnerable to wide open queries from a client.

PHP MYSQL returning string field as numeric

I have a MYSQL database that has a table with a column (field1) of type TINYTEXT. The column contains values such as 010101 and 01010" etc… which are actually filenames.
When I query this table using PHP it seems to be deciding that this field is numeric and it thus strips off the leading zero. When I try to use this value as a filename of course it doesn't work.
I am extracting the data like this:
$sSQL = "SELECT * FROM images;";
$rsImageList = RunQuery($sSQL);
$iLoop = 0;
while (($iLoop <= 80) && ($aRow = mysql_fetch_array($rsImageList))) {
extract($aRow);
echo $field1;
$iLoop++;
}
How can I typecast the variable as a string type?
Mea culpa! I had managed to get duplicate data in my table, some entries with the leading zero missing already (thanks to Excel which I used to import the data) and some without. I was looking at the correct data but extracting the incorrect data. Moral of the story - test with only a couple of lines of data not 60!
Sorry for wasting everyone's time.

you can force by casting it to a string:
$var = "" . $aRow["column"];

You can use CAST() function to change it into string
$sSQL = "SELECT CAST(field1 AS CHAR) FROM images;";
Give it a try, I dont think its MySQL fault as you have defined it as TINYTEXT maybe its because extract() method.

Using a string constant as a mysql query (with some steroids)

Well there's a challenge for PHP gurus:
I'm developing an application that use a huge number of MySql queries distributed in a great bunch of files and functions. Those queries uses, obviously, some parameters derived from the functions that contains them.
My goal is: group all those queries on a single constants file, but maintain the functionality. There's an example:
This is an example function:
public function doQuery ($aParameter) {
.
.
.
$sqlQuery = mysql_query("SELECT * FROM Table WHERE id = '".$aParameter."'");
.
.
.
}
And this is what I want to do, using constants:
public function doQuery ($aParameter) {
.
.
.
$sqlQuery = mysql_query(THE_QUERY);
.
.
.
}
As you can see, the problem is that if I use a defined constant as the query, it loses the parameter that I need to use to get the correct data from database.
So the final question is: There's a way to define a constant than can contain a variable to be determined when the constant is used? Something like:
define("THE_QUERY", "SELECT * FROM Table WHERE id = '".$aParameter."'");

Yes, with a parameterized query:
define("Q_QUERY1", "SELECT * FROM Table WHERE id = :1");
$cn = new PDO();
/* more code ... */
$arr = array();
$arr[":1"] = $parameterValue;
$s = $cn->prepare(Q_QUERY1);
$s->execute($arr);
The main idea is to have constants or even files to store queries (for example so you can have a query for sqlserver and another for mysql...) with the parameters declared inside with some kind of custom recognizable notation (:1, :PARAM1, etc.) that you have to match within an associative array such as $arr[":1"] in this case.
The ->execute method will match the parameters to the values for you, protecting your query against sql injections and adding the quotes around the parameters when necessary.
If you need specific data types you would need to use the ->bindParam method instead to specify a PDO::PARAM_XXX parameter of your choice.
The php documentation is pretty helpful if you need further details: http://php.net/manual/en/pdo.constants.php

Sql: search column that starts with digits

I'm having trouble with the sql below. Basically I have rows that contains strings according to the format: 129&c=cars. I only want the digits part, e.g. 129. The sql query is:
$result = mysql_query("SELECT * FROM " . $db_table . " WHERE id LIKE '" . $id . "%'");
Why doesn't % work? I can't use %...% because it catches too much.

I would actually recommend using regular expressions fo the matching, but unfortunately, there is no way to capture the matching part with mysql. You will have to do the extraction in php. If you have an array containing all the results called $array:
$array = preg_replace('/^(\d+).*/', '$1', $array);

You can use the MySQL 'regexp' stuff in the WHERE clause to reduce the amount of data retrieved to just the rows you want. The basic for of your query would look like:
SELECT * FROM table WHERE field REGEXP '^$id&'
where $id is inserted by PHP and the data you want is always at the start of the field and followed by a &. If not, adjust the regex to suit, of course.
MySQL's regex engine can't do capturing, unfortunately, so you'll still have to do some parsing in PHP as soulmerge showed above, but with the 'where regexp' stuff in MySQL, you'll only have to deal with rows you know contain the data you want, not the entire table.

Using a query like this:
SELECT *
FROM mytable
WHERE id >= '0' COLLATE UTF8_BIN
AND id < ':' COLLATE UTF8_BIN
will return all strings that start with a digit and make your expression sargable, i. e. and index on id can be used.
This will make your query run faster.