All I want to do, user inputs full or partial Membership Number, and query the SQLite database.
The query will work if you use LIKE %21%, just can't use a variable.
$name=$_POST['mem_num'];
$db = new MyDB();
$result = $db->query('SELECT * FROM details WHERE MEM_NUMBER LIKE '%$name%' ');
while ($row = $result->fetchArray()) {
print $row["MEM_NUMBER"] . "\n";
}
I can do this is MySQL in seconds, but not in SQLite!
$result = $db->query("SELECT * FROM details WHERE MEM_NUMBER LIKE '%" . $name . "%'");
How about this?
To use variables in PHP string, you need to enclose it in double quotes "SELECT ... LIKE '%$name%'"
$result = $db->query('SELECT * FROM details WHERE MEM_NUMBER LIKE "%'.$name.'%" ');
You need to concatenate your query and your variable using dots and to put the percent signs as a part of the strings.
Related
SO i get data from a form using this
$LoadId=implode(',',array_filter($_POST["load"]));
I then would like to submit this to a MSSQL query with an "in" statement
where myLoadId in $LoadId
but the $LoadID looks like 7209,7210 and I need it to look like
('7209','7210')
Seems your LoadId column contains interger value so why you need single quotes ' around it? Simply use-
$LoadId=implode(',',array_filter($_POST["load"]));
$query = "SELECT * FROM your_table WHERE myLoadId IN ($LoadId)";
echo $query;
If you still need quotes around it then you can do it this way-
$LoadId = "'".implode("','", array_filter($_POST["load"]))."'";
$query = "SELECT * FROM your_table WHERE myLoadId IN ($LoadId)";
echo $query;
WORKING DEMO: https://3v4l.org/2XEjJ
Put simple quotes around the implode() and change it's glue from , to ',' :
$LoadId = "'".implode("','", array_filter($_POST["load"]))."'";
I have this function:
function word($arg){
echo ''.$arg.'';
//echoes test
require ('config.php');
$requestSQL = mysql_query("SELECT * FROM db where eng LIKE '%$arg%' order by id ASC LIMIT 10", $connection);
while ($row = mysql_fetch_array($requestSQL))
{
echo ''.$row['id'].': '.$row['eng'].'<br>';
}
}
Gets triggered by:
$number = $explode[1];
word($number);
But doesn't echo values from the database, nothing at all.
If I echo $arg (in the function), it shows the value. If I replace in my sql query: '%$arg%' with '%test%', it echoes the correct value.
Is the '%$arg%' syntax wrong?
You should use a proper concat
"SELECT * FROM db where eng LIKE concat('%', '$arg', '%') order by id ASC LIMIT 10"
It's pretty simple, all you do is: LIKE %{$arg}%. Because I am assuming that $arg is a text value. If a variable is a text value then you must do this to keep it working. You wrap text variables in {}.
Also, never . . . EVER use mysql_*, you should move to mysqli_* or PDO/OOP. It's just good practice.
Update
You can't use variables within mysql_query("", $connection) quotes. Instead, do this:
$query = "SELECT * FROM db WHERE eng LIKE '%{$arg}%' ORDER BY id ASC LIMIT 10";
// then use this variable as a replacement for the quotes in the mysql_query().
$set = mysql_query($query, $connection); // like so . . .
// mysql_fetch_assoc() is the same as mysql_fetch_array().
while($row = mysql_fetch_assoc($set)) {
echo "".$row['id'].": ".$row['eng']."<br>";
}
I'm so stupid, actually $explode[1]; was returning the correct value but had a blank line in the source code. So I had to use trim and now it works.
I am moving a PHP page to my Joomla website and I was advised that I "should use Joomla's coding standards and methods for everything, this includes database queries"
My question is:
How should I transform my old PHP code regarding Joomla standards:
$query = "SELECT * FROM `TABLE 2` WHERE Power=".$input->get('Power', '', 'RAW')." AND Poles=".$input->get('Poles', '', 'RAW')."";
$results = mysql_query($query)
or die(mysql_error());
while ($row = mysql_fetch_array($results))
{
extract($row);
}
?>
This is the TABLE 2 contents. I use the values of each row as a variables on my page.
Most importantly make sure to filter the input to disallow sql injections. Seems both your inputs are numbers (Power is a float and Poles possibly an int?). Also use the #__ - in table names, it will be replaced by the table prefex when you use it in joomla functions. Simplest way to transform your code would be something like:
$app = JFactory::getApplication();
$power = $app->input->getFloat('Power'); // use the correct function
$poles = $app->input->getInt('Poles'); // for the datatype you want
see here for JInput docs
$db = $app->getDbo();
//short variant
$sql = "SELECT * from `#__table 2` WHERE power = "
. $db->quote($power) . " AND poles = " . $db->quote($poles);
$db->setQuery($sql);
$result = $db->loadRowList();
foreach($result as $array){
print_r($array);
}
It should be noted that there are more useful methods for retrieving the data, loadAssoc/loadAssocList for associative arrays, loadObject/loadObjectList for objects. Check the docs for JDatabaseDriver
Alternatively you could transform the query to a "Joomla query" like:
$q = $db->getQuery();
$q->select("*")->from($q->quoteName("#__Table 2"));
$q->where("Power = " . $db->quote($power));
$q->where("Poles = " . $db->quote($poles));
$db->setQuery($q);
...
Docs to JDatabaseQuery
I have many conditions in PHP function which every of them produces a mysql query.All conditions work correctly except one query which ends with AND operator.Before returning the query result I need to check if query ends with AND it should remove AND and then returnes the query.
This is the sample of query:
$query="select * from case where case_name='name' AND case_status='102' AND";
If this kind of query is produced I need to do:
1-If it ends with AND
2-remove AND
3-return the query without last AND
The result should be like this:
$query="select * from case where case_name='name' AND case_status='102' ";
I do not have much experience to work with PHP functions.How can I do this?
Thnaks for your help.
Try this,
$query="select * from case where case_name='name' AND case_status='102' AND"
$query = trim($query,'AND');
quick fix:
$query = preg_replace( "/AND$/", "", $query);
You should fix the logic of condition though.
like
$cond[] = "....";
$cond[] = "...."
....
then
$query = $query_first_half + implode ( " AND " , $cond );
Ultimately please use sql library like PDO
http://fi1.php.net/manual/en/class.pdo.php
explode the string and pop the last element .
$arr = explode(" ", $query);
$last = array_pop($arr);
if($last != "and")
{
array_push($arr,$last);
}
$query = implode(" ",$arr);
Run the $query them it should work
First your table name CASE is mysql reserved keyword you should rename your table to something else or escpae it by backticks `
you could use query without AND , and when you add other query just start by AND .
like that :
$query="select * from `case` where case_name='name' AND case_status='102'";
$query .= " AND .........";
so like that , your condition is not true then just first query will work , if condition is true then second query will work and it start by AND. You dont need to remove the AND.
I am getting values from mysql data base using get method i am passing survey_id and question_id from the url
like below
http://myserver.com/emrapp/surveyAnswersScreenOne.php?survey_id=1,question_id=1
but it is giving error
my php code is given below for fetching
$query = mysql_query("SELECT * from survey_Answers where survey_Id='".$survey_id."' AND question_Id='".$question_id"' ");
$rows = array();
while($row = mysql_fetch_assoc($query)) {
$rows[] = $row;
}
echo json_encode($rows);
This line is having error,this:
$question_id"' "
should be
$question_id . "'"
You should be separating get variables with & not , in the url.
That's because you should use & instead of , between url parameters
http://myserver.com/emrapp/surveyAnswersScreenOne.php?survey_id=1&question_id=1
$survey_id = mysql_real_escape_string($_GET['survey_id']);
$question_id = mysql_real_escape_string($_GET['question_id']);
GET params are normally separated with & not ,. So your link should look more like this:
http://myserver.com/emrapp/surveyAnswersScreenOne.php?survey_id=1&question_id=1
Also, please note that GET variables are not automatically translated to PHP variables. You need to pull them from $_GET array:
$survey_id = $_GET['survey_id']
You does not pass value comma separated in url.You have use & in url like
http://myserver.com/emrapp/surveyAnswersScreenOne.php?survey_id=1&question_id=1
$query = mysql_query("SELECT * from survey_Answers where survey_Id='".$survey_id."' AND question_Id='".$question_id."' ");
A dot is missing!
URL and QUERY BOTH ARE WRONG
http://myserver.com/emrapp/surveyAnswersScreenOne.php?survey_id=1&question_id=1
AND
$question_id . "' "
$query = mysql_query("SELECT * from survey_Answers where survey_Id='".$survey_id."' AND question_Id='".$question_id"'");
you forgot the point for concatenating the string after $question_id -> this should fix your issue:
$query = mysql_query("SELECT * from survey_Answers where survey_Id='".$survey_id."' AND question_Id='".$question_id."'");
anyway,also consider sanitizing your url-inputs -> http://xkcd.com/327/