We Keep Coding

Getting JSON error after filtering data but Page loads fine without filtering

I have a grid that loads fine until I try to apply a filter then i get the following error.
Fatal error: Uncaught Error: Call to a member function fetch_assoc() on bool in
// build the query.
$result = $conn->query($query) or die("SQL Error 1: " . mysqli_error());
$sql = "SELECT FOUND_ROWS() AS `found_rows`;";
$rows = $conn->query($sql);
$rows = mysqli_fetch_assoc($rows);
$total_rows = $rows['found_rows'];
$query = "SELECT SQL_CALC_FOUND_ROWS profile_pic_url, username, full_name, biography, edge_followed_by, edge_follow FROM owner ORDER BY edge_followed_by DESC LIMIT $start, $total_rows".$where." ";
}
}
$result = $conn->query($query) ;
$sql = "SELECT FOUND_ROWS() AS `found_rows`;";
$rows = $conn->query($sql);
$rows = mysqli_fetch_assoc($rows);
$total_rows = $rows['found_rows'];
$orders = null;
// get data and store in a json array
while($row = $result->fetch_assoc()) {

#kryptur - this is where $where is defined
// filter data.
if (isset($_GET['filterscount']))
{
$filterscount = $_GET['filterscount'];
if ($filterscount > 0)
{
$where = " WHERE (";
$tmpdatafield = "";
$tmpfilteroperator = "";
for ($i=0; $i < $filterscount; $i++)
{
// get the filter's value.
$filtervalue = $_GET["filtervalue" . $i];
// get the filter's condition.
$filtercondition = $_GET["filtercondition" . $i];
// get the filter's column.
$filterdatafield = $_GET["filterdatafield" . $i];
// get the filter's operator.
$filteroperator = $_GET["filteroperator" . $i];
if ($tmpdatafield == "")
{
$tmpdatafield = $filterdatafield;
}
else if ($tmpdatafield <> $filterdatafield)
{
$where .= ")AND(";
}
else if ($tmpdatafield == $filterdatafield)
{
if ($tmpfilteroperator == 0)
{
$where .= " AND ";
}
else $where .= " OR ";
}
// build the "WHERE" clause depending on the filter's condition, value and datafield.
switch($filtercondition)
{
case "CONTAINS":
$where .= " " . $filterdatafield . " LIKE '%" . $filtervalue ."%'";
break;
case "DOES_NOT_CONTAIN":
$where .= " " . $filterdatafield . " NOT LIKE '%" . $filtervalue ."%'";
break;
case "GREATER_THAN":
$where .= " " . $filterdatafield . " > '" . $filtervalue ."'";
break;
case "LESS_THAN":
$where .= " " . $filterdatafield . " < '" . $filtervalue ."'";
break;
case "GREATER_THAN_OR_EQUAL":
$where .= " " . $filterdatafield . " >= '" . $filtervalue ."'";
break;
case "LESS_THAN_OR_EQUAL":
$where .= " " . $filterdatafield . " <= '" . $filtervalue ."'";
break;
}
if ($i == $filterscount - 1)
{
$where .= ")";
}
$tmpfilteroperator = $filteroperator;
$tmpdatafield = $filterdatafield;
}

PHP SQL: Order search query results by user input order

I've tried to look for a solution but can't seem to grasp the issue I have.
I have a search query with a "where clause" stating if a user inputs multiple words return the result.
I need the result returned in the same order searched.
Even if i just add the addition "ORDER BY DESC" an error is thrown "Trying to get property of non-object".
Here is my code:
$word = $_GET['word'];
$word3 = $_GET['word'];
$word = explode(";", $word);
$noOfWords = count($word);
$word2 = $word3;
if ($noOfWords == 1) {
$searchString = " word_eng LIKE '" . $conn->escape_string($word3)
"%'";
} else {
$searchString = $whereClause = "";
foreach ($word as $entry) {
$searchString .= " OR word_eng LIKE '" . $conn->escape_string($entry) . "' ORDER BY '" . $word2 . "' ";
}
}
$whereClause = ($searchString != "") ? " WHERE " . preg_replace('/OR/',
'', $searchString, 1) : $whereClause;
$sql = "SELECT word_eng FROM words " . $whereClause . " LIMIT 17";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
$row1 = $row["word_eng"];
echo $row1;
}

There are a couple of problems with the way your trying to use ORDER BY. There should be only 1 order by clause in any SQL, you are adding it in for each word your adding. The second part is that it's expecting to order by a column name and your ordering it by the words your searching for.
With wanting to maintain the order of the terms and the order of the results, it would be necessary to use an order by clause with something like a case (Can you add an if statement in ORDER BY? may help explain this).
$orderBy = "";
if ($noOfWords == 1) {
$searchString = " word_eng LIKE '" . $conn->escape_string($word3) ."%'";
} else {
$searchString = $whereClause = "";
$orderBy = " order by case `word_eng` ";
foreach ($word as $order=>$entry) {
$searchString .= " OR word_eng LIKE '" . $conn->escape_string($entry) . "'";
$orderBy .= " when '$entry' then $order ";
}
$orderBy .= " end ";
}
$whereClause = ($searchString != "") ? " WHERE " . preg_replace('/OR/',
'', $searchString, 1) : $whereClause;
$sql = "SELECT word_eng FROM words " . $whereClause . " " .$orderBy." LIMIT 17";

if ($noOfWords == 1) {
$searchString = " word_eng LIKE '" . $conn->escape_string($word3)
"%'";
} else {
$searchString = $whereClause = "";
foreach ($word as $entry) {
$searchString .= " OR word_eng LIKE '" . $conn->escape_string($entry);
}
$searchString .= "' ORDER BY '" . $word2 . "' ";
}

I think you messed up with MySQL Query string in bellow line code.
$searchString .= " OR word_eng LIKE '" . $conn->escape_string($entry) . "' ORDER BY '" . $word2 . "' ";
Your Query is generating Something like
ORDER BY DESC
And OrderBy Query should be something like this
ORDER BY expression [ ASC | DESC ];
So you are missing the expression in query.

Check for spelling mistakes in where clause SQL PHP

I have an sql search query that returns the matched values within a where clause. I need to update this - so for example, if someone searches "elephhant" it will return the result "elephant". How do I go about doing this? Thanks
$the_word = GET['word_eng'];
$split = substr($the_word, 0, 3);
if ($noOfWords == 1) {
$searchString = " word_eng LIKE '" . $the_word ."%'";
}
else {
$searchString = $whereClause = "";
$orderBy = " order by case `word_eng` ";
foreach ($word as $order=>$entry) {
$searchString .= " OR word_eng LIKE '" . $entry . "'";
$orderBy .= " when '$entry' then $order ";
}
$orderBy .= " end ";
}
$whereClause = ($searchString != "") ? " WHERE " . preg_replace('/OR/',
'', $searchString, 1) : $whereClause;
$sql = "SELECT word_eng FROM words " . $whereClause . " OR word_eng LIKE '" .$split "%' " .$orderBy." LIMIT 50";
$result = $conn->query($sql);

PHP Dynamic Count Function

I am trying to make ONE dynamic function for count in mysql:
functions.php:
function countEntries($table, $where = '', $what = '')
{
if (!empty($where) && isset($what)) {
$q = "SELECT COUNT(*) FROM " . $table . " WHERE " . $where . " = '" . $what . "' LIMIT 1";
} else{
$q = "SELECT COUNT(*) FROM " . $table . " LIMIT 1";
}
$record = query($q);
$total = fetchrow($record);
return $total[0];
}
HTML Code:
<?php echo countEntries("news", "category", "1"); ?>
<?php echo countEntries("post", "type", "Sports"); ?>
But still got blank page without any error!!!

You can try this out.
function countEntries($table, $where = '', $what = '')
{
if (!empty($where) && isset($what)) {
$q = "SELECT COUNT(*) AS count FROM " . $table . " WHERE " . $where . " = '" . $what . "' LIMIT 1";
} else{
$q = "SELECT COUNT(*) AS count FROM " . $table . " LIMIT 1";
}
$record = query($q);
$total = fetchrow($record);
return $total['count'];
}
Here you give an alias to the count(*) and use that to access the returned result as $total['count'].
Hope it helps.

First things you forgot to close else past,second just add this line "ini_set("display_errors", 1);" at the top of your php.this will shows the error in your php.
Your code:
function countEntries($table, $where = '', $what = '')
{
if (!empty($where) && isset($what)) {
$q = "SELECT COUNT(*) FROM " . $table . " WHERE " . $where . " = '" . $what . "' LIMIT 1";
} else
$q = "SELECT COUNT(*) FROM " . $table . " LIMIT 1";
}
$record = query($q);
$total = fetchrow($record);
return $total[0];
}
my code:
function countEntries($table, $where = '', $what = '')
{
if (!empty($where) && isset($what)) {
$q = "SELECT COUNT(*) AS count FROM " . $table . " WHERE " . $where . " = '" . $what . "' LIMIT 1";
} else{
$q = "SELECT COUNT(*) AS count FROM " . $table . " LIMIT 1";
}
$record = query($q);
$total = fetchrow($record);
return $total['count'];
}

Thanks guys, Its working well now:
function countEntries($table, $where, $what)
{
if (!empty($where) && isset($what)) {
$q = "SELECT COUNT(*) FROM " . $table . " WHERE " . $where . " = '" . $what . "' LIMIT 1";
} else
$q = "SELECT COUNT(*) FROM " . $table . " LIMIT 1";
$record = mysql_query($q);
$total = mysql_fetch_array($record);
return $total[0];
}
echo countEntries('news', "type", "sport");

Mutliple querystring parameters to mysql query

I originally had this working:
url: http://server/blah.php?FacilityCode=FT
$facilitycode = mysql_real_escape_string($_GET["FacilityCode"]);
$sql = "SELECT ..." .
"FROM ..." .
"WHERE ..." .
"AND ('" . $facilitycode . "' = '' OR Facility.FacilityCode = '". $facilitycode . "')";
$result = mysql_query($sql);
But I want to change this so that people can submit multiple values in the query strying somehow, ie: http://server/blah.php?FacilityCode=FT,CC,DD,EE
I tried changing the query to an "IN" clause instead of an "equals" but I'm not sure how to get the ' marks around each element.

Use implode() function for IN (...).
$a = array('AB', 'CD', 'EF', 'ZE');
echo "field IN ('" . implode("', '", $a) . "')";
... will output:
field IN ('AB', 'CD', 'EF', 'ZE')
+escape every option you get.

$facilitycode = mysql_real_escape_string($_GET["FacilityCode"]);
$array=explode(',',$facilitycode);
foreach ($array as $a){$output.="'$a',";}
$clause=substr($output,0,-1);

If your trying to create a string which looks like this: 'AB', 'CD', 'EF', 'ZE'
Try this before its placed inside the query:
$facilitycode = preg_replace('/([^,]+)/', '\'$1\'', $facilitycode);

I wrote this based on your query, but still I dont get this part of query "AND ('" . $facilitycode . "' = ''", anyway you need to check if $_GET data have "," and if does explode that variable by "," so that you can add an OR clausule for everything that was separated by "," in $_GET data.
After that just form your query by doing a foreach for every element in exploded array like I done below:
<?php
$facilitycode = $_GET["FacilityCode"];
$facility_number_chk = strpos($facilitycode, ",");
if ($facility_number_chk > -1) {
$facilitycode = explode(",", $facilitycode);
$sql = "SELECT ..." .
"FROM ..." .
"WHERE ..." .
"AND ('" . $facilitycode . "' = ''";
foreach($facilitycode as $facode) {
$facode = mysql_real_escape_string($facode);
$sql .= " OR Facility.FacilityCode = '". $facode . "'";
}
$sql .= "')";
}
else {
$facilitycode = mysql_real_escape_string($facilitycode);
$sql = "SELECT ..." .
"FROM ..." .
"WHERE ..." .
"AND ('" . $facilitycode . "' = '' OR Facility.FacilityCode = '". $facilitycode . "')";
}
$result = mysql_query($sql);
And if there is only one element in $_GET data just do an else like I done with your regular query.

I ended up using a combination of a few of the answers. Basically I exploded on the ",", then did a foreach to add the ' marks and call escape_string, and then imploded it back.
$facilitycodes = $_GET["FacilityCode"];
if ($facilitycodes == '') {
$additionalfilter = '';
}
else {
$facilitycodearray = explode(",", $facilitycodes);
foreach($facilitycodearray as &$facilitycode) {
$facilitycode = "'" . mysql_real_escape_string($facilitycode) . "'";
}
$facilitycodesformatted = implode(",", $facilitycodearray);
$additionalfilter = " AND Facility.FacilityCode IN (" . $facilitycodesformatted . ")";
}
$sql = "SELECT ..." .
"FROM ..." .
"WHERE ..." .
$additionalfilter;