I am trying to add another field 'field2' that can also be searched and returned in the search results.
$extraSQL .= ' AND a.'.$db->nameQuote('field1').' LIKE ' . $db->Quote( '%' . $search . '%' ) . ' ';
If I change 'field1' in above code to 'field2' then field2 does work but I am having trouble adding both to the above code.
Sure its something very simple that I am missing but any help would be appreciated.
Thanks.
Judging from your code I'd say something like:
$extraSQL .= ' AND (a.' . $db->nameQuote('field1') . ' LIKE ' . $db->Quote( '%' . $search . '%' ) . ' OR a.'.$db->nameQuote('field2').' LIKE ' . $db->Quote( '%' . $search . '%) ) ';
If you want either of the fields to match, or change OR to AND if you want both fields to match.
Related
I'm trying to update the code for some very old plugins for a very old blog. I've fixed almost everything except this.
I get an error message that I must replace preg_replace with preg_replace_callback.
This is the code:
$source_content = preg_replace($search.'e', "'"
. $this->_quote_replace($this->left_delimiter) . 'php'
. "' . str_repeat(\"\n\", substr_count('\\0', \"\n\")) .'"
. $this->_quote_replace($this->right_delimiter)
. "'"
, $source_content);
If I simply substitute preg_replace_callback for the preg_replace I get this error:
preg_replace_callback(): Requires argument 2, ''{{php' . str_repeat(" ", substr_count('\0', " ")) .'}}'', to be a valid callback in
I'm neither a perl nor a php person. Any help would be much appreciated!
Upgrading your smarty library to the latest smarty2 would solve your problem fix was there over 5 years now.
But This might help you :
$source_content = preg_replace_callback($search . 'e',
function ($matches) {
return "'"
. $this->_quote_replace($this->left_delimiter) . 'php'
. "' . str_repeat(\"\n\", substr_count('$matches[0]', \"\n\")) .'"
. $this->_quote_replace($this->right_delimiter) . "'";
},
$source_content
);
Here is the explanition and more examples :
https://www.php.net/manual/en/function.preg-replace-callback.php
Hi straight forward question really. I have a search function in php that prints out the required information from a data base. But it prints it out as one word. I don't want a line break...just a space between words. I've googled and checked this forum for answers but can't seem to find any.
The code works and does as it is required but it doesn't look neat.
Instead of: ID Job Title Job Description Job location Job Category
it looks like this:
IDJobTitleJobDescriptionJoblocationJobCategory
This is part of my php code.
// $results = mysql_fetch_array($raw_results) puts data from database into array, while it's valid it does the loop
echo
'<p>'
. $results['id']
. $results['job_title']
. $results['job_description']
. $results['job_location']
. $results['job_category']
. '</p>';
Please note I want it in one line, not line breaks. Thanks.
You have to echo the space like this .' '.
Or in your Case just replace your code with this.
echo
'<p>'
. $results['id']
.' '. $results['job_title']
.' '. $results['job_description']
.' '. $results['job_location']
.' '. $results['job_category']
.' '. '</p>
echo '<p>'
.$results['id'] . ' '
. $results['job_title'] . ' '
. $results['job_description'] . ' '
. $results['job_location'] . ' '
. $results['job_category'] . ' '
. '</p>';
I want to allow a user to search a table by selecting a field name from a dropdown list, then entering the term to search for in that field. The problem I'm having is that some fields are strings and some are numbers. When I construct the WHERE clause from the $_GET variables, I don't know how to delimit the search term because I can't come up with a good way to determine if the field selected by the user is numeric or string.
This is the search form:
<form action="<?php $_SERVER['PHP_SELF'] ?>">
<label for="search_field">Search:</label>
<select name="search_field">
<?php
$fields = $res->fetch_fields();
foreach($fields AS $f) {
echo '<option value="' . $f->name . '">' . $f->name . '</option>\n';
}
?>
</select>
<label for="search_for">For:</label>
<input type="text" name="search_for" />
<input type="submit" value="Search" />
</form>
The php file processes the search variables like this:
if(isset($_GET['search_field']) and isset($_GET['search_for'])) {
$sql_where = "AND " . $_GET['search_field'] . ' = ' . $_GET['search_for'] . ' ';
}
$sql = $sql . $sql_where;
The query works fine for numeric fields, but not string fields. I could put quotes around the search_for term, but then numeric fields wouldn't work. There has got to be a way to do this. Any ideas? Thanks.
Just use is_numeric function to determine if its an number or string:
if(isset($_GET['search_field']) and isset($_GET['search_for'])) {
if(is_numeric($_GET['search_for']))
$sql_where = 'AND ' . $_GET['search_field'] . ' = . $_GET['search_for'] . ';
else{
$sql_where = 'AND ' . $_GET['search_field'] . ' = ' . '.$_GET['search_for'] . ' ';
}
}
You can check if $_GET['search_for'] is numeric in php using is_numeric
if(isset($_GET['search_field']) and isset($_GET['search_for'])) {
$sql_where = "AND " . $_GET['search_field'] . ' = ' .
(is_numeric($_GET['search_for']) ? $_GET['search_for'] : '"' .
$_GET['search_for'] . '"' ) . ' ';
}
Also if you always delimit the search_for with quotes it will work with numeric values you can try it. I just wanted to show you the is_numeric function as well
You know your code has security problems, don't you?
But to solve your problem just do
$search_for = is_numeric($_GET['search_for'])?$_GET['search_for']:"'".addslashes($_GET['search_for'])."'";
$sql_where = 'AND `' . $_GET['search_field'] . '` = ' . $search_for . ' ';
So I'm working on an editor for a friend of mine, and I'm getting a strange Syntax error. It's strange because I'm currently creating an NPC editor using the shell of the Item editor I made a while back. That's saying I literally just changed the variables and changed everything that said 'item' to 'npc'. However, I'm getting a syntax error at a random column and I can't find out what the error is. It's in the editing section of the editor(lol). The delete and create parts of the editor work fine.
}else if($state == "edit")
{
$editsql = "UPDATE npcs SET name='" . $name . "', description='" . $description . "', gender=" . $gender . ", size=" . $size . ", dialog='" . $dialog . "', hair_style=" . $hair_style . ", hat=" . $hat . ", top=" . $top . ", bottom=" . $bottom . ", movement_pattern=" . $movement_pattern . ", behavior=" . $behavior . ", range=" . $range . ", uses_special_pokemon=" . $uses_special_pokemon . ", pokemon_1=" . $pokemon_1 . ", pokemon_2=" . $pokemon_2 . ", pokemon_3=" . $pokemon_3 . ", pokemon_4=" . $pokemon_4 . ", pokemon_5=" . $pokemon_5 . ", pokemon_6=" . $pokemon_6 . " WHERE id=" . $id;
this is the error:
Could not edit npc ID 3 : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'range=0, uses_special_pokemon=0, pokemon_1=1, pokemon_2=1, pokemon_3=1, pokemon_' at line 1
I can't quite figure out what it's calling out near 'range' and range itself looks fine to me, so I don't see an error at all. It's most likely something completely obvious that I'm just overlooking as usual, but I'm stumped.
You'll want to rename range to range_, because Range is a SQL reserved word. You could enclose it in backticks, which are different than single quotes. ` VS ' ...
If you seperate the query into multiple lines your error message will tell you where it failed closer to where the actual error was. It's a one-liner, so it tells you error exists on line 1. Typically, seperate clauses, i.e.
select xxxx
from yyyy
where xxxx = zzzz
then you'll know it's an error in syntax and in what clause.
can someone help me on how to remove spaces in my sql.
for exmaple
let say i type in "I am a good boy"... i want it to save in my mysql table column as "iamagoodboy" removing all spaces of anything i send.. where in this code below can i do this, thanks very much
$sql = 'INSERT INTO messages (username,usernameto, message_content, message_time) VALUES ("' . $username . '", "' . $messageTo . '", "' . $message . '", ' . $time . ')';
$result = mysql_query($sql, $cn) or
die(mysql_error($cn));
str_replace(' ', '', $message);
Should work fine for you in PHP. As a general rule, don't put that sort of functionality on the Database, no reason to put the load on that server - do it on the web server instead.
So your code would look like this (assuming you are taking the spaces out of $message):
$sql = 'INSERT INTO messages (username,usernameto, message_content, message_time) VALUES ("' . $username . '", "' . $messageTo . '", "' . str_replace(' ', '', $message) . '", ' . $time . ')';
A better solution, though, might be to use preg_replace('/\s+/', '', $string); which will strip all whitespace (tabs, linebreaks, etc). Depends on what exactly you want to accomplish.
Use str_replace:
$string = str_replace(' ', '', $string);
or remove all whitespace
$string = preg_replace('/\s+/', '', $string);
source: How to strip all spaces out of a string in php?
You can replace characters using SQL ->
SELECT REPLACE(caption,'\"','\'') FROM ...
u can try this
'".str_replace(' ', '', $messageTo)."'
and same for other
$sql = 'INSERT INTO messages " .
. "(username,usernameto,message_content,message_time) " .
. "VALUES ("'.$username.'","'.$messageTo.'",REPLACE("'.$message.','' '','''')",'.$time .')';
$result = mysql_query($sql, $cn) or die(mysql_error($cn));