I have this code pretty much like a search engine within the database for peoples names.
if (isset($_POST['submit'])){
$keyword = $_POST['stats'];
$orderby = $_POST['orderby'];
if (!empty($_POST['stats'])) {
$getStats = $db->query("SELECT * FROM `stats` WHERE
`lastname` LIKE '%$keyword%' OR `firstname` LIKE '%$keyword%' OR
`nickname` LIKE '%$keyword%' ORDER BY `$orderby`
DESC");
This then prints the results back into a table, I thought the table code wasn't necessary and too long.
The above query works for if I search just the last name or just the first name, or nickname
but if there is for example a user in the database with the name, John Smith
so
Firstname: John
Lastname: Smith
If just searched 'John' he would be printed into the table, which is good and same if I just searched 'Smith'
But if I search 'John Smith' he would not be printed into the table.
How can I change this query so that this will happen, I have tried this:
$getStats = $db->query("SELECT * FROM `stats` WHERE
`firstname`, `lastname` = '$keyword' OR `lastname` LIKE '%$keyword%' OR `firstname` LIKE '%$keyword%' OR
`nickname` LIKE '%$keyword%' ORDER BY `$orderby`
DESC");
WHERE CONCAT(firstname, ' ', lastname) LIKE %$keyword%
Also you should be binding parameters rather than directly interpolating user input into the query string, your current code is vulnerable to SQL injection.
$keyword = str_replace(" ", "%", $keyword);
You can try REGEXP:
$keyword = $db->real_escape_string($_POST['stats']); // escape data
$orderby = $db->real_escape_string($_POST['orderby']); // escape data
$keyword = implode("|", explode(" ", $keyword));
$getStats = $db->query("SELECT * FROM stats
WHERE firstname REGEXP '$keyword'
OR lastname REGEXP '$keyword'
OR nickname REGEXP '$keyword'
ORDER BY $orderby DESC");
try this
$sql = "SELECT *
FROM stats
WHERE
firstname LIKE '%$keyword%'
OR lastname LIKE '%$keyword%'
OR CONCAT_WS(' ',firstname,lastname,) LIKE '%$keyword%'
OR CONCAT_WS(' ',lastname,firstname) LIKE '%$keyword%'
OR nickname LIKE '%$keyword%'
ORDER BY $orderby DESC";
Related
I try to create search system using php and sql current condition is working fine but if I want
to search for John Doe (firstname + lastname) nothing happens. I try the + between firstname and lastname but it did not work.
Condition is here:
if(isset($_POST["query"])){
$search = mysqli_real_escape_string($conn, $_POST["query"]);
$query = "
SELECT * FROM users
WHERE firstname LIKE '%".$search."%'
OR lastname LIKE '%".$search."%'
";
}
You msy try something like this (using CONCAT):
$query = "SELECT * FROM users
WHERE firstname LIKE '%".$search."%'
OR lastname LIKE '%".$search."%'
OR CONCAT(firstname,' ', lastname) LIKE '%".$search."%'";
i've tried to create a search engine with date range filter but the whenever i type on my 'search_textbox' it does not include the date it only search the fields where it much the statement 'name' like '%a%';
if($search !=''):
$added_query = "and date_created like '%".$search."%' or
name like '%".$search."%' or
alias like '%".$search."%' or
designation like '%".$search."%'
";
else:
$added_query ="";
endif;
$project_details = $this->db->query("SELECT *
FROM ".$query."_man_power
WHERE date_created BETWEEN '".$date_from."' AND '".$date_to."'
".$added_query."
order by date_created desc
");
return $project_details;
You probably are not formatting the dates in your where clause properly. See:
https://www.w3schools.com/SQl/sql_dates.asp
You want to make sure $date_from and $date_to look like the following depending on type:
$date_from = '2018-06-01 0:00:00';
$date_to = '2018-06-30 23:59:59';
You can inspect your query better to find the problem by viewing it.
$sql = "SELECT * FROM ".$query."_man_power";
$sql .= " WHERE date_created BETWEEN '".$date_from."' AND '".$date_to."'".$added_query;
$sql .= " order by date_created desc";
var_dump($sql);
$project_details = $this->db->query($sql);
When combining these conditions, it is important to use parentheses so that the database knows what order to evaluate each condition.So group the AND,OR conditions with parenthesis like : -
if($search !=''):
$added_query = "and (
date_created like '%".$search."%' or
name like '%".$search."%' or
alias like '%".$search."%' or
designation like '%".$search."%'
)";
else:
$added_query ="";
endif;
$project_details = $this->db->query("SELECT *
FROM ".$query."_man_power
WHERE date_created BETWEEN '".$date_from."' AND '"
.$date_to."'".$added_query." order by date_created desc");
return $project_details;`
Hello i have a simple search query, what i'm facing is when someone writes the only first name of the user that he wants to search, my query finds it, also when someone only writes the last name in the input and posts it, it also shows that too, but when user writes first name and last name together in the input, it can't find the user even he/she exists. The last part of $q query where i wrote first name and last name like part doesnt work i know there my logic is bad, but how can i fix that
try {
$q = "SELECT * FROM `members` WHERE `first_name` LIKE :search_string OR `last_name` LIKE :search_string OR `first_name` AND `last_name` LIKE :search_string";
$q_do = $db->prepare($q);
$q_do->execute( array("search_string"=>'%'.$query.'%') );
$number = $db->query("SELECT FOUND_ROWS()")->fetchColumn();
} catch(PDOException $e) {
$log->logError($e." - ".basename(__FILE__));
}
Thank you
Try using concat:
$q = "SELECT * FROM `members` WHERE `first_name` LIKE :search_string
OR `last_name` LIKE :search_string
OR concat(`first_name` , ' ', `last_name`) LIKE :search_string";
SELECT *
FROM `members`
WHERE `first_name` LIKE :search_string
OR `last_name` LIKE :search_string
OR `first_name` AND `last_name` LIKE :search_string;
ANDis an operator not a concatenator.
SELECT *
FROM `members`
WHERE `first_name` LIKE :search_string
OR `last_name` LIKE :search_string
OR CONCAT(`first_name`,' ', `last_name`) LIKE :search_string;
So what you do no is:
User enters 'First Last'
You search :
First like '%First Last%' or Last like '%First Last%' ...
You need to use full text search index.
http://dev.mysql.com/doc/refman/5.5/en/fulltext-search.html
or something like
http://sphinxsearch.com/
Try this:
$query = explode(" ", $query);
if(count($query)>1){
$fname = $query[0];
$lname = end($query);
}else{
$fname = $query[0];
$lname = $query[0];
}
$q = "SELECT * FROM `members` WHERE `first_name` LIKE :fname OR `last_name` LIKE :lname";
$q_do = $db->prepare($q);
$q_do->execute( array('fname' => "%$fname%", 'lname' => "%$lname%") );
The simplest Search Query for you.. Try this its working man.
SELECT * FROM TableName WHERE title like '%Your Search Text%'
i have mysql table, users: (id, first_name, last_name, ....)
i'd like to do something like this pseudo query
SELECT * FROM users WHERE first_name.' '.last_name = 'john doe' LIMIT 10")
I Want to do this cause i have lots of trouble spliting the string (then i don't know in what order is user typing'
This is my current, not working very good
$phrase = explode(' ',$term);
$last_name = '';
if($phrase[1] != '')
$last_name= " OR last_name LIKE '%".$phrase[1]."%'";
$qstring = "SELECT usuarios.first_name,usuarios.last_name,
usuarios.id as id
FROM usuarios
WHERE first_name LIKE '%".$phrase[0]."%' OR last_name LIKE '%".$phrase[0]."%' $last_name LIMIT 5";
Any suggestion to achieve this (by concatenating at query or spliting at php) would be very apreciated
You can concatenate in a MySQL query using CONCAT:
SELECT * FROM users WHERE CONCAT(first_name,' ',last_name) = 'john doe' LIMIT 10
In your code this would become:
SELECT * FROM usuarios WHERE CONCAT(first_name,' ',last_name) LIKE '%{$phrase[0]}%' LIMIT 5
Something like this?
SELECT first_name, last_name, id
FROM usuarios
WHERE CONCAT(first_name, last_name) LIKE '%$phrase[0]%' LIMIT 5
I am trying to search the field firstname and lastname for a keyword
$q1 = strtolower($_GET["q"]);
$q=str_replace(" ","%",$q1);
$sql = "select DISTINCT users.*, user_id FROM users WHERE $email_filter
firstname LIKE '%$q%' OR lastname LIKE '%$q%' ORDER BY lastname";
$rsd = mysql_query($sql);
while($rs = mysql_fetch_array($rsd)) { echo $results }
this is what I have so far, issue is if you use John Doe as an example once you type John it finds it, doe it finds it, but john doe ... no results
I recommend that you bind the variables. You are exposed to sql injections otherwise.
$stmt = $mysqli->prepare("select * from users where firstname like ? AND lastname like ?");
$stmt->bind_param('ss', $firstname,$lastname);
Something like
SELECT * FROM users where CONCAT(firstname, ' ', lastname) like '%$q%'
Or
SELECT * FROM users where CONCAT_WS(' ', firstname, lastname) like '%$q%'
And if reversing is desirable, try this:
SELECT * FROM users where CONCAT_WS(' ', firstname, lastname) like '%$q%'
or CONCAT_WS(' ', lastname, firstname) like '%$q%'
(that is, if searching for "A B" should return "A B" as well as "B A")
you have to split your query string and search for each terms
$query_terms = explode(" ", $q1);
$conditions = ''
foreach($query_terms as $term){
$conditions = $conditions.' firstname LIKE "%'.$term.'%" OR lastname LIKE "%'.$term.'%"';
}
$sql = "select DISTINCT users.*, user_id FROM users WHERE $email_filter $conditions ORDER BY lastname";