I am trying to make a code to search for data in more than one column , the code works only if I search in one column. when I tried to search in two columns it says that nothing is found in the database.
<form action="" method="post">
<input type="text" name="param" >
<input type="submit" name="submit" value="search">
</form>
if (isset($_POST['param'])) {
$param= trim ($_POST['param']);
$result = "SELECT * FROM table WHERE student_Name LIKE '%$param%' AND course_name LIKE '%$param%'";
I think you should use OR unless you want to check the 2 columns with the same parameter.
$result = "SELECT * FROM thecars WHERE student_Name LIKE '%$param%' OR course_name LIKE '%$param%'";
Also, this is very open to SQL injection. Sanitize your input before you pass it to the query.
You could do a concat and search via that.
$result = "SELECT * FROM thecars WHERE CONCAT(`student_Name`, `course_name`) AS `search`LIKE '%$param%'";
Your using the same $param variable to search on both columns. If your searching for 2 separate values provide a form that supports inputting 2 values. And then handle such input properly in your query formation.
<form action="" method="post">
<input type="text" name="param1" >
<input type="text" name="param2" >
<input type="submit" name="submit" value="search">
</form>
if (isset($_POST['param1']) || isset($_POST['param2'])) {
$param1 = trim ($_POST['param1']);
$param2 = trim ($_POST['param2']);
$result = "SELECT * FROM thecars WHERE student_Name LIKE '%$param1%' AND course_name LIKE '%$param2%'";
Also change your column aggregation in where clause to OR as suggested by others if your searching for similar outcome.
Related
I'm finding it very hard to return database results with php pdo pagination in wordpress. I have a form on another page that sends the search data to search4.php where I want to display matching rows and have previous|next links. I get no results, and If I echo $search, it just says 'search'
Here is the relevant code so far:
//html form on another page
<form method="POST" action="<?www.example.com/search4 ?>">
Search:
<input type="text" name="search"
<input type="submit" name="search" value="search" /></form>
//search4.php relevant code
if(isset($_REQUEST["search"]) && $_REQUEST["search"] != "")
{
$search = htmlspecialchars($_REQUEST["search"]);
$pagination->param = "&search=$search";
echo $search;
$pagination->rowCount("SELECT * FROM stories WHERE stories.category LIKE
'%$search%' OR stories.genre = LIKE '%$search%'");
$pagination->config(3, 8);
$sql = "SELECT * FROM stories WHERE stories.category LIKE '%$search%' OR
stories.genre = LIKE '%$search%' ORDER BY SID ASC LIMIT $pagination-
>start_row, $pagination->max_rows";
$query = $connection->prepare($sql);
$query->execute();
$model = array();
while($rows = $query->fetch())
{
...etc
You <input type=text> and your <input type=submit> has the same name... So button value is overriding your text value... that why is always "search".
change it to:
<input type="text" name="search_text"/>
<input type="submit" name="search_button" value="search" />
Now, on your search4.php you can access your search text using $_REQUEST["search_text"]
PD: You can remove the name attribute on the submit button too.
My situation:
I have two different forms. One common search form where users can search for products by their name/description, and another form that lets users search for products by their location (postcode and city).
This is the html for my search form:
<form name="searchform" method="post" action="index.php?go" class="searchform">
<input type="text" name="search" value="" placeholder="Suchen..." class="field_search" id="tags">
</form>
and this is the html for my location-search form:
<form class="location" method="post" action="index.php?go_location">
<input type="image" src="img/location/location.png" width="30" height="30" id="location_image" title="Ortung aktivieren"/>
<input type="text" size="18" placeholder="PLZ, Ort" name="location" id="location" title="Standort angeben"/>
<input type="image" name="" value="" src="img/location/go.png" width="30" height="30" id="location_submit"/>
</form>
and the corresponding php:
if(isset($_POST['search'])){
if(isset($_GET['go'])){
if(preg_match("/[A-Z | a-z]+/", $_POST['search'])){
$input=$_POST['search'];
$currently_searching = true;
//connect to db
$sql="SELECT * FROM table WHERE Name LIKE '%".$input."%' OR Description LIKE '%".$input."%'";
//echo results
}}}}
elseif(isset($_POST['location'])){
if(isset($_GET['go_location'])){
$input_location=$_POST['location'];
$currently_locationing = true;
$sql="SELECT * FROM table WHERE Postcode LIKE '%".$input_location."%' OR City LIKE '%".$input_location."%' OR Combined LIKE '%".$input_location."%' OR Combined2 LIKE '%".$input_location."%'";
//echo results
}}}
Now, individually, they work fine.
What I would like to achieve is connecting these two forms in a way that lets users who are already searching for a certain string (via the common search form) use the location - search form to narrow the results down to those corresponding with the given postcode...
I hope this is clear. I thought something like: If a user uses the common search form, the
$currently_searching
variable becomes "true", so if this variable is true and the user is using the location - search form, then connect them... so I tried adding something like this to the php-statement:
elseif(isset($_POST['location']) && $currently_searching == true){
if(isset($_GET['go_location']) && $currently_searching == true){
if($currently_searching == true){
$input_location=$_POST['location'];
$currently_locationing = true;
//connect to db
$sql="SELECT * FROM table WHERE (Name LIKE '%".$input."%' OR Description LIKE '%".$input."%') AND (Postcode LIKE '%".$input_location."%' OR City LIKE '%".$input_location."%' OR Combined LIKE '%".$input_location."%' OR Combined2 LIKE '%".$input_location."%')";
//echo results
}}}}
It doesn't work though. I'd appreciate some help guys! Thanks in advance.
Here is a little trick. Add the id locationForm to your location form and searchForm to your search form, so it looks like this:
<form id="locationForm" class="location" method="post" action="index.php?go">
<input type="image" src="img/location/location.png" width="30" height="30" id="location_image" title="Ortung aktivieren"/>
<input type="text" size="18" placeholder="PLZ, Ort" name="location" id="location" title="Standort angeben"/>
<input type="image" name="" value="" src="img/location/go.png" width="30" height="30" id="location_submit"/>
</form>
<form id="searchForm" name="searchform" method="post" action="index.php?go" class="searchform">
<input type="text" name="search" value="" placeholder="Suchen..." class="field_search" id="tags">
</form>
Then add this javascript:
<script src="http://code.jquery.com/jquery-1.11.1.min.js"></script>
<script>
$(document).on('submit', '#locationForm, #searchForm',function(e){
var locationInput = $('#locationForm input[name="location"]').clone();
locationInput.attr('type','hidden');
var searchInput = $('#searchForm input[name="search"]').clone();
searchInput.attr('type','hidden');
$('#locationForm').prepend(searchInput);
$('#searchForm').prepend(locationInput);
});
</script>
The javascript will add the search field to the location form and visa versa before submitting. So whenever you submit one of the forms, you will always have both values.
EDIT
In your corresponding.php you could use something like this if there are two seperate queries needed.
if(isset($_POST['search']))
{
$sql="SELECT * FROM table WHERE Name LIKE '%".$input."%' OR Description LIKE '%".$input."%'";
//Execute query
//Fetch results
}
if(isset($_POST['location']))
{
$sql="SELECT * FROM table WHERE Postcode LIKE '%".$input_location."%' OR City LIKE '%".$input_location."%' OR Combined LIKE '%".$input_location."%' OR Combined2 LIKE '%".$input_location."%'";
//Execute query
//Fetch results
}
//Combine results of search and location query
//echo results
Or if it's possible to execute one query you can use this:
if(isset($_POST['search']) && isset($_POST['location']))
{
$sql="HERE YOUR QUERY WHERE YOU CAN USE $_POST['search'] AND $_POST['location']";
//Execute query
//Fetch results
}
//Combine results of search and location query
//echo results
This is my query:
SELECT * FROM learning_assessment.tbl_qna order by rand() limit 10;
tbl_qna is my table for questions. What I wanted to happen is to substitute the limit value "10" to a number coming from an input of the admin.
<html>
<head></head>
<body>
<form action="#" method="post">
Number of questions: <br>
<input type="text" name="numQ"></input>
<input type="submit" value="Number of Questions to Generate" name="save"></input>
</form>
Is it possible to get the input value from
<input type="text" name="numQ"></input>
and substitute it to my query limit value (10) , so that the user could generate his desired number or questions like 50 or 100.
Yes you can use a parameter
$sth = $dbh->prepare("SELECT * FROM learning_assessment.tbl_qna order by rand() limit :limit;")
$sth->bindParam(":limit",$_POST['numQ'],PDO:PARAM_INT);
$result = $sth->execute();
I'm most comfortable with PDO, but you can do the same with MySQLi
So far i have created a search box, which searches the primary key of my database.
How can i modify my php query to search multiple values in my database.
eg: If i search the name of the car instead of the VIN (primary key) it will show all the results matching the search value.
This
$query = ("SELECT * FROM cars
WHERE VIN='$VIN'");
This is my form :
<form name="search" action="http://www.deakin.edu.au/~sjrem/SIT104_3/cars.php" method="post">
<h2> Search for a car of your choice </h2>
<table border="0">
<tr>
<td><input type="text" name="VIN" /> </td>
</tr>
</table>
<p>
<input type="submit" name="action" value="search" />
</FORM>
Have you tried something like $query = ("SELECT * FROM cars WHERE VIN='$VIN' OR name LIKE '%$VIN%'");?
"LIKE" uses % as wildcard, so it will find all cars that have $VIN in their name.
But anyway make sure to mysql_real_escape_string() your parameter $VIN first, to prevent SQL injections!
Use the following query:
$query = ("SELECT * FROM cars WHERE Name LIKE '%$txtName%'");
NOTE:: Wildcard % is been used at the beginning and end to return all names having your search word anywhere in the field.
something like this might work for you
$query = ("SELECT * FROM cars WHERE VIN='$VIN' OR CARS='$VIN'");
I wrote this statements but it is not work :(
... can you tell me why?
HTML:
<form action="join.php" method="post">
<label name="RoomName">Room1</label>
</form>
PHP:
$roomName = $_POST['RoomName'];
$roomID = "SELECT RoomID FROM rooms WHERE RoomName = $roomName";
EDIT:
thanks but in my work the user does not have the ability to edit the room name
so i need to display the room name in a label (on any thing else) instead of text box
You need an <input> element as well.
<input type="text" name="RoomName">
This way the value is available by $_POST['RoomName']. You likely also need a submit button:
<input type="submit" value="Submit">
The label just associates the label with an input element, usually with the for attribute pointing to the input element's id:
<label for="RoomName">Room1</label>
<input type="text" id="RoomName" name="RoomName">
The benefit of this is mainly in accessibility (screen readers, clicking label, etc).
To learn more about HTML forms, go through this quick guide: http://www.w3schools.com/html/html_forms.asp
As to the SQL query, read the comments others posted to your question. You need to quote strings and escape the values from SQL injections as well.
Update: as per your edit, just set the readonly attribute to avoid the field being edited:
<input type="text" id="RoomName" name="RoomName" value="somevalue" readonly>
or make use of a hidden input element:
<input type="hidden" name="RoomName" value="somevalue">
Your code should look like this instead:
<form action="join.php" method="post">
<label name="RoomName">Room Name:</label>
<input type="text" name="RoomName" value="Room 1" />
<input type="submit" value="Submit Room" />
</form>
Also, you can't just set the value to the SQL query. You need to use the mysql_fetch_assoc() function. So it would be more like:
$sqlQuery = "SELECT RoomID FROM rooms WHERE RoomName = '".mysql_real_escape_string($roomName)."'";
$result = mysql_query($sqlQuery);
while ($row == mysql_fetch_assoc($result)) {
$roomID = $row['rooms'];
//do stuff with the current roomID
}
RoomName = $roomName"
to
RoomName = '$roomName'"
In SQL, strings must be quoted. Also, be safe by doing mysql_real_escape_string() on $roomName.