I have written an sqlite full text search which i am doing something wrong. If i type in my search "Puma Adidas" i want to search both words in the column MAKE.
At the moment it will only display one word if it exactly matches the search word. I just cannot figure out what i have missed, could i have some assistance please?
Thanks
HTML:
<form action="search.php" method="get">
Search: <input type="text" name="SEARCH">
<input type="submit" class="btn btn-default">
</form>
PHP:
$search_string = $_GET['SEARCH'];
$result = $db->query("SELECT * FROM PRODUCTS WHERE MAKE IN('$search_string') AND VISIBLE='YES' ORDER BY DATE DESC");
I did change the PHP code to this:
$result = $db->query("SELECT * FROM PRODUCTS WHERE MAKE LIKE ('%$search_string%') AND VISIBLE='YES' ORDER BY DATE DESC");
But it still does not work unfortunately, same issue.
Try using LIKE, not IN. IN is used for a different purpose.
$search_string = $_GET['SEARCH'];
$result = $db->query("SELECT * FROM PRODUCTS WHERE MAKE LIKE '$search_string') AND VISIBLE='YES' ORDER BY DATE DESC");
Check the syntax for the LIKE statement; you'll need to surround your search string with percent signs if you want to search the entire field for the search term.
Related
I'm trying to create a search bar on my website. If the searchbar is not set/NULL/empty the site should display all the records (so without the WHERE clause), if it's filled in, it should display the same records but with the WHERE clause (filtering it).
So, I thought since there 2 different searches (one with and one without WHERE), I should also create 2 different queries.
Problem I have is: if I test it and put a dump of both queries, both the variables are filled with the same query.
<?php
require_once 'somefile.php';
$user = new user();
if(isset($_POST['btnSearch'])){
$searchTerm = $_POST['txtSearch'];
$items2 = DB::getInstance()->get('items', array('Name', 'LIKE', '%['.$searchTerm.']%'));
//should be: "SELECT * FROM items WHERE Name LIKE '%[my_search_term]%'
//is: "SELECT * FROM items WHERE Id > 0"; --> not correct
$items = DB::getInstance()->get('items', array('id', '>', '0'));
//is: "SELECT * FROM items WHERE id > 0" --> correct
}
?>
html:
<form method="POST" action="#" class="ftco-section">
<div class="row">
<input type="text" name="txtSearch" id="txtSearch" placeholder="Search..." />
<button type="submit" name="btnSearch"><img name="imgSearch" id="imgSearch"
src="images/search.png" /></button>
</div>
</form>
...table to display the results
Any idea how this could come?
Edit: Found what was wrong, the 2nd query was in the wrong place, it was before the first one, so the 1st one always overwrote the 2nd one. Changed the place and now it works as it should.
So first off, I know this isn't the best method to try and randomize Mysql Rows, but it works for now.
My only issue is that it displays like this:
{"0":"random1","quote":"random1"}
when I want it to display like this
random1
My Code:
`
<?php
$quotes = $DBcon->query(
'SELECT quote FROM quotes ORDER BY RAND() LIMIT 1;');
$result = $quotes->fetch_array();
?> <strong>Daily Quote</strong> - <?php echo json_encode($result); ?>
<input type="submit" class="btn btn-primary" value="Get Quote" />
</div>`
*No that is not my only PHP code, but that's the only section for this issue. Also, if I did something wrong, please correct me as I'm still learning.
*
change the fetch array return two array one with numeric index and other with string index so use fetch_assoc()
$result = $quotes->fetch_array();
to
$result = $quotes->fetch_assoc();
to display result
$result['quote']
How do I modify my $select function to allow searching with a database when the customer types in the search text and clicks "Search"? I'd also like to be able to type in the form field, and PHP automatically updates the page with the form data dynamically and to be able to define the field to search upon in the database!
This is letting me view my customers table:
$select = $db->query("SELECT * FROM customers ORDER BY id DESC");
<?php
if (!$select->num_rows) {
echo '<p>', 'No records', '</p>';
}else{
?>
<table border="1" width="100%">
<thead>
<tr>
<th>First Name</th>
<th>Last Name</th>
</tr>
</thead>
<tbody>
<?php
while ($row = $select->fetch_object()) {
?>
<tr>
<td><?php echo $row->FName;?></td>
<td><?php echo $row->LName;?></td>
First of all, you might try putting your opening <?php before rather than after the first line of code... :-)
Then you simply modify your code to get the values from your HTML form - I will assume that your search term is named q kind of like this:
Search: <input type="text" name="q" /> <input type="submit" name="search" />
Then your PHP script doing the searching will change the query to something like this:
$select = $db->query("SELECT * FROM customers WHERE FName LIKE '%$_REQUEST[q]%' OR LName LIKE '%$_REQUEST[q]%' ORDER BY id DESC");
If you are entered "Sam" that will end up with a query that looks like this:
$select = $db->query("SELECT * FROM customers WHERE FName LIKE '%Sam%' OR LName LIKE '%Sam%' ORDER BY id DESC");
Do note that I am showing you the simplest version by simply constructing the query. In fact you should NEVER do this with user-supplied data. Instead, you should prepare and then bind and then execute your statement. This is not just filler at the end of the answer - it's really important. But while you are testing you may want to see how it works just be forming a string as above.
To answer your "BONUS POINTS" - you can update the current page by simply including your search form on the same page as the PHP script which displays the results. Then you only process your PHP code if the submit button has been pressed. Your whole script (in a very simple form) might look like this:
Search: <input type="text" name="q" /> <input type="submit" name="search" />
<?php
if (isset($_REQUEST['search'])) {
# do your query
# loop through the results, printing them off in appropriate HTML
}
To answer your "BONUS BONUS" points, you would probably set up a pull-down ("select" in HTML) where the values of the options were the actual field names and the display was a human-readable form of that. If your select had the name "field_name" then you would modify your query like this:
$select = $db->query("SELECT * FROM customers WHERE $_REQUEST[field_name] LIKE '%$_REQUEST[q]%' ORDER BY id DESC");
Do note that you cannot prepare/bind to a column name, so you will just have to be very careful to validate that field very exactly (probably checking that it exists in a list of acceptable values).
I'm using fulltext in my search bar on my website. The code looks like this,
search.php
<form method="post" action="search.php">
<input type="text" name="search" />
<input type="submit" />
</form>
<?php
include("config.php");
$search = mysql_real_escape_string($_POST['search']);
echo $search;
$data = mysql_query("SELECT * FROM shop
WHERE MATCH (name,description,keywords) AGAINST ('$search' IN BOOLEAN MODE);") or die(mysql_error());
while ($info = mysql_fetch_assoc($data)) {
$name = stripslashes($info['name']);
$desc = stripslashes($info['description']);
Print "<h3>".$name.": <font color=\"#cd0000\">".$desc."</font></h3><br>";
}
?>
And this works completely fine...for the most part. In my database, one of the rows under the description column reads: "1. Never run mysqld as root"
When I search "Never" or "Never run" into the search bar (without quotes obviously) This result does not show up. However, if I search "Never run mysqld" or just "mysqld" then this result shows up. Any idea why not all the words trigger the result?
'never' is in the fulltext stopword list
'run' is less then the default ft_min_word_len=4 characters
I really would like some help on this as I'm pulling hair out!!!
I have two fields, one being an input box & the other being a drop down list which search the database and display the results, however I cannot seem to figure it out...here is what I have so far...
This is the actual search form:
<form id="myform" name="myform" action="<?php echo $_SERVER['PHP_SELF']?>" method="get"><br />
<div class="T1"><br /><p></div> <input name="term" type="text" value="<? php echo $_GET['searched']; ?>" size="10" maxlength="4" placeholder="e.g. BS1"/>
<select>
<option value="">I feel like...</option>
<option value="">Anything</option>
<option value="Indian">Indian</option>
<option value="Chinese">Chinese</option>
<option value="Thai">Thai</option>
</select>
<input type="submit" name="submit" value="Go"/>
</form>
And this is the PHP code:
<?php
if (isset($_GET['submit'])){
mysql_connect ("host", "user","password") or die (mysql_error());
mysql_select_db ("database");
$term = $_GET['term'];
$term = $_GET['option value'];
}
else
$sql = mysql_query("select pagetitle from Restaurant where extra like '%$term%' and showing like '1'");
$sql = mysql_query("select cuisine from Restaurant where cuisine like 'option value' and showing like '1'");
echo Restaurants in $term and Cuisine $option value:";
}
while ($row = #mysql_fetch_array($sql)){
echo ''.$row['pagetitle'];
echo '<br/>';
}
}
?>
The database has a table called Restaurant with two coloumns, one called 'Extra' which contains the postcode & the other called 'Cuisine' which containts the cuisine.
I would like it to return a list of restaurants that match both 'Extra' and 'Cuisine'
Any help will be greatly appretiated.
Echoing $_SERVER['PHP_SELF'] or $_GET['searched'] anywhere in your script (even in the form action) will open your site up to XSS attacks. Do not do this unless you sanitize them first.
For all new projects, it is recommended to use prepared statements for mysql queries. You can do this with either mysqli or PDO. Your code is just asking for SQL injection by the looks of what you are trying to do.
You are missing a bracket in your code and you have some extra ones at the end. Also after echo you're missing a quotation mark. I'm not sure what's going on there. Try to get those fixed.
What is with the # before mysql_fetch_array() ? There are really very few cases where # should ever be used in PHP. It is usually an indicator that there is some sort of error somewhere in your code that should be fixed instead of suppressed.
Your needs a name attribute if you want to be able to use it in PHP.
In your SQL query, you should not be using LIKE when you should be using equals. Also, you should not quote integers.
Why are you echoing an empty string like echo ''.$somevar; ? Just echo the variable.
I'm not sure what "showing" is for but I assume is a record that can be displayed. The first thing to do is update your query:
$sql = mysql_query("select pagetitle, cuisine from Restaurant where (extra like '%$term%') and (showing like '1') and (cuisine like 'option value')");
You also need to check if the user did not enter an option or selected 'anything' in which case the query needs to be changed a little:
$sql = mysql_query("select pagetitle, cuisine from Restaurant where (extra like '%$term%') and (showing like '1') and (cuisine like 'option value' or 'option value' = '')");