Hello can u help me with a script that i have trouble with ;\ i want to create a search script from different columns and price range: so the search.php is that:
<?php
/* connect to the database*/
$db = new mysqli("localhost", "root", "", "movie");
/* check connection */
if ($db->connect_errno) {
echo "Connection failed: " . $db->connect_error;
exit();
}
$query="SELECT * FROM `filmi`
WHERE (`nomer` rlike '%$search%' OR
`rezume` rlike '%$search%' OR
`kategoriq` rlike '%$search%') AND
`seriq` BETWEEN '%$pricemin%' AND '$pricemax'
ORDER BY seriq ASC";
/* create a prepared statement */
if ($stmt = $db->prepare($query)) {
/* bind parameters for markers */
$stmt->bind_param("sssdd", $search, $search, $search, $pricemin, $pricemax);
/* execute query */
$stmt->execute();
/* get result */
$result = $stmt->get_result();
if ($result) {
/* now you can fetch the results into an assoc array */
while ($row = $result->fetch_assoc()) {
echo $row['nomer']. ", " .$row['rezume']. ", " .$row['kategoriq']. ", " .$row['seriq']. "<br>";
}
}
/* close statement */
$stmt->close();
}
/* close db connection */
$db->close();
?>
What shoud be the "<form method=?>" form fill the $search and $pricemin / $pricemax fields ?
Check whether $search exists or not. Means, does there is some value in $search or not.
if(isset($search) && $search!=''){
case 1
}
else{
case 2
}
Case 1:
If there is value in $search then include it in where clause.
below query is an example to explain my idea.
$query="SELECT * FROM `filmi`
WHERE (`nomer` rlike '%$search%' OR
`rezume` rlike '%$search%' OR
`kategoriq` rlike '%$search%') AND
`seriq` BETWEEN '%$pricemin%' AND '$pricemax'
ORDER BY seriq ASC";
Case 2:
If there is no value in $search then does not include it in where clause.
check below query
$query="SELECT * FROM `filmi`
WHERE `seriq` BETWEEN '%$pricemin%' AND '$pricemax'
ORDER BY seriq ASC";
You can use either GET or POST method in your <form> tagg
and
in your PHP script you can use $form_var_name = $_REQUEST['form_var_name'] to access the data dispatched by form. To be more specific as follows
$search = $_REQUEST['search'];
$pricemin = $_REQUEST['pricemin'];
$pricemax = $_REQUEST['pricemax'];
Related
Pagination works fine when I don't use the WHERE statement in my SELECT statement. For some reason as soon as I add additional requests in the SELECT statement, only the 1st pagination page works. So it seems like the variable data is lost after the first page is displayed. Below is some of the code:-
<?php
include 'database.php';
include 'paginator.php';
$pdo = Database::connect();
$paginator = new Paginator();
$sql = "SELECT count(*) FROM customer_crm ";
$paginator->paginate($pdo->query($sql)->fetchColumn());
$query = $_GET["query"];
if (isset($query)) {
($_GET['query'])?('%'.$_GET['query'].'%'):'%';
$sql = "SELECT * FROM customer_crm WHERE firstname LIKE :query OR email LIKE :query OR telephone LIKE :query ";
}
else {
$start = (($paginator->getCurrentPage()-1)*$paginator->itemsPerPage);
$length = ($paginator->itemsPerPage);
//$sql = "SELECT * FROM customer_crm WHERE customer_group_id = $input OR date_followup= CURDATE() ORDER BY customer_group_id DESC limit $start, $length ";
$sql = "SELECT * FROM customer_crm ORDER BY date_followup DESC limit $start, $length ";
//$sql = "SELECT * FROM customer_crm WHERE customer_group_id = $input ORDER BY date_followup DESC limit $start, $length ";
}
$sth = $pdo->prepare($sql);
$sth->bindParam(':start',$start,PDO::PARAM_INT);
$sth->bindParam(':length',$length,PDO::PARAM_INT);
$sth->bindParam(':query',$query,PDO::PARAM_STR);
$sth->execute();
foreach ($sth->fetchAll(PDO::FETCH_ASSOC) as $row) {
Without knowing which Paginator are we talking about, I could only advise you to do something like
include 'database.php';
include 'paginator.php';
$pdo = Database::connect();
$paginator = new Paginator();
$query = (isset($_GET["query"]) && strlen($_GET["query"])>1)? '%'.$_GET["query"].'%':'%';
$countsql = "SELECT * FROM customer_crm WHERE firstname LIKE :query OR email LIKE :query OR telephone LIKE :query ";
$sthcount = $pdo->prepare($countsql);
$sthcount->bindParam(':query',$query,PDO::PARAM_STR);
$sthcount->execute();
$count=$sthcount->fetchColumn();
$paginator->paginate($count);
$start = (($paginator->getCurrentPage()-1)*$paginator->itemsPerPage);
$length = ($paginator->itemsPerPage);
$sql = $countsql . ' ORDER BY date_followup DESC limit :start, :length ';
$sth = $pdo->prepare($sql);
$sth->bindParam(':start',$start,PDO::PARAM_INT);
$sth->bindParam(':length',$length,PDO::PARAM_INT);
$sth->bindParam(':query',$query,PDO::PARAM_STR);
$sth->execute();
See, you where making two mistakes here:
getting your count value without considering the query. You should set the value of $query regardless of the existance of $_GET['query'], and use it in your count query as well as your results query.
binding parameters whose placeholders and values do not exist in the query you're executing. Make sure your results query contains :query, :start and :length or you will be binding more parameters than the query has.
You should also have wrapped your statements in try/catch blocks so you could debug what was happening.
try {
$sth = $pdo->prepare($sql);
$sth->bindParam(':start',$start,PDO::PARAM_INT);
$sth->bindParam(':length',$length,PDO::PARAM_INT);
$sth->bindParam(':query',$query,PDO::PARAM_STR);
$sth->execute();
} catch(\PDOException $e) {
die('Error in query: '. $e->getMessage());
}
That way you would have known that the query was failing because of
Invalid parameter number: parameter was not defined
NOTE I have no clue about how your paginator will know about the current page, nor can I see where are you setting the itemsPerPage value.
$query = "SELECT * FROM tbl_country WHERE language='$lang' AND country_name LIKE '%".$_POST["query"]."%' OR country_second LIKE '%".$_POST["query"]."%'";
The above will not work. I want it to search in 2 fields (works) but based of the language I've set. But it simply skips the lang part
Try this
$search = $_POST["query"];
if(empty($search))
{
echo "Search filed is empty";
}
elseif (empty($lang)) {
echo "Lang filed is empty";
}
else
{
$query = "SELECT * FROM tbl_country WHERE language='$lang' AND
(country_name LIKE '%$search%' OR country_second LIKE '%$search%') ";
}
Wrap with ()
How should i write my PDO Prepare and bindValue/param statement for this type of query where i check whether the value is not null then only add it to the query string.....
$query = "SELECT * FROM cabs WHERE DATE='$date' ";
if ($mode!=='' || $mode!=="")
$query .="AND MODE='$mode' ";
if ($tfno!=='')
$query .="AND TFNO='$tfno' ";
$query .="ORDER BY TIME";
Quick answer, without testing:
<?php
$params = array(':date' => $date);
$query = "SELECT * FROM cabs WHERE DATE=':date' ";
if ($mode!=='' || $mode!=="") {
$query .="AND MODE=':mode' ";
$params[':mode'] = $mode;
}
if ($tfno!=='') {
$query .="AND TFNO=':tfno' ";
$params[':tfno'] = $tfno;
}
$query .="ORDER BY TIME";
$req = $dbh->prepare($query);
$req->execute($params);
Just push in the param array each time your query gets more filters, and using a name should be easier, I'm not sure that array_push would preserve the order, so ..
Hello guys can u point me my mistake :( i want to make multi-column search for my page:
So my script its this:
<?
$search=$_GET['s'];
$query="SELECT * FROM `filmi` WHERE `nomer` rlike '$search' or `rezume` rlike '$search' or `kategoriq` rlike '$search' or ' order by seriq asc ";
?>
want to make to search by price-range so i create this:
<?
$search=$_GET['s'];
$pricemin=$_GET['min'];
$pricemax=$_GET['max'];
$query="SELECT * FROM `filmi` WHERE `nomer` rlike '$search' or `rezume` rlike '$search' or `kategoriq` rlike '$search' or 'seriq' BETWEEN '$pricemin' and '$pricemax' order by seriq asc ";
?>
how to replace between it this case ? i watch some others people code for search engines and they use (SELECT * FROM table WHERE Table1 LIKE '%$table1%' AND Table2 LIKE '%$table2%' AND Price BETWEEN '%$min%','%$max%'");
but its doesnt work with mine ;( pls help
Use BETWEEN to filter your result set by the price range like this
$query="SELECT * FROM `filmi`
WHERE (`nomer` RLIKE '$search' OR
`rezume` RLIKE '$search' OR
`kategoriq` RLIKE '$search') AND
`seriq` BETWEEN '$pricemin' AND '$pricemax'
ORDER BY seriq";
Here is sqlfiddle
And as #cryptic suggested consider using prepared statements either with mysqli_* or PDO.
UPDATE3: And this is how you can use prepared statement in your case with mysqli and make it possible to search by keyword only, by keyword and price range or only by price range:
$stype = 0;
if (isset($_GET['s']) && $_GET['s']){
$search=$_GET['s'];
$stype += 1;
}
if (isset($_GET['min']) && $_GET['min'] &&
isset($_GET['max']) && $_GET['max']){
$pricemin=$_GET['min'];
$pricemax=$_GET['max'];
$stype +=2;
}
if (!$stype) {
echo "Required parameter(s) missing.";
exit;
}
/* connect to the database*/
$db = new mysqli("localhost", "user", "password", "dbname");
/* check connection */
if ($db->connect_errno) {
echo "Connection failed: " . $db->connect_error;
exit();
}
$query="SELECT * FROM `filmi` WHERE ";
if ($stype == 1) {
$query .= " (`nomer` rlike ? OR `rezume` rlike ? OR `kategoriq` rlike ?) ";
} elseif ($stype == 2) {
$query .= " `seriq` BETWEEN ? AND ? ";
} elseif ($stype == 3) {
$query .= " (`nomer` rlike ? OR `rezume` rlike ? OR `kategoriq` rlike ?) AND `seriq` BETWEEN ? AND ?";
}
$query .= " ORDER BY seriq";
/* create a prepared statement */
if (!$stmt = $db->prepare($query)) {
//handle error here;
echo "Error preparing statement.";
exit;
}
/* bind parameters for markers */
if ($stype == 1) {
$stmt->bind_param("sss", $search, $search, $search);
} elseif ($stype == 2) {
$stmt->bind_param("dd", $pricemin, $pricemax);
} elseif ($stype == 3) {
$stmt->bind_param("sssdd", $search, $search, $search, $pricemin, $pricemax);
}
/* execute query */
$stmt->execute();
/* get result */
$result = $stmt->get_result();
if ($result) {
/* now you can fetch the results into an assoc array */
while ($row = $result->fetch_assoc()) {
echo $row['nomer']. ", " .$row['rezume']. ", " .$row['kategoriq']. ", " .$row['seriq']. "<br>";
}
}
/* close statement */
$stmt->close();
/* close db connection */
$db->close();
The query (disregarding SQL injection):
SELECT * FROM table
WHERE field1 LIKE '%$table1%'
AND field2 LIKE '%$table2%'
AND Price BETWEEN 'val3' AND 'val2'
You cannot use BETWEEN to do like comparison.
I do following:
$query .=" SELECT * , COUNT(PRESENT) FROM seventh_a";
$query .=" WHERE class ='0' AND NAME ='Alexander Kirkby Scherer'";
$query .=" AND PRESENT = 'TS' GROUP BY lesson";
$query = " SELECT * , COUNT(lesson) FROM seventh_a";
$query .=" WHERE class ='0' AND NAME ='Alexander Kirkby Scherer'";
$query .=" GROUP BY lesson";
After that I can echo out $row['COUNT(PRESENT)'] but not $row['COUNT(lesson)'].
Can anybody tell me what to do to get both values, so that i am able to work with them?
According to the man page, if you're using mysqli_multi_query, you can access results from the different queries like so:
To retrieve the resultset from the first query you can use mysqli_use_result() or
mysqli_store_result(). All subsequent query results can be processed using
mysqli_more_results() and mysqli_next_result().
They give some sample code:
$query = "SELECT CURRENT_USER();";
$query .= "SELECT Name FROM City ORDER BY ID LIMIT 20, 5";
/* execute multi query */
if ($mysqli->multi_query($query)) {
do {
/* store first result set */
if ($result = $mysqli->store_result()) {
while ($row = $result->fetch_row()) {
printf("%s\n", $row[0]);
}
$result->free();
}
/* print divider */
if ($mysqli->more_results()) {
printf("-----------------\n");
}
} while ($mysqli->next_result());
}
You can't use 2 query . Use combine query like this
$query .=" SELECT * , COUNT(PRESENT),COUNT(lesson) FROM seventh_a";
$query .=" WHERE class ='0' AND NAME ='Alexander Kirkby Scherer'";
$query .=" AND PRESENT = 'TS' GROUP BY lesson";
you will get your result $row['COUNT(PRESENT)'] and $row['COUNT(lesson)']
OR use mysqli's multi_query function for this add ; between queries like this
$query .=" SELECT * , COUNT(PRESENT) FROM seventh_a";
$query .=" WHERE class ='0' AND NAME ='Alexander Kirkby Scherer'";
$query .=" AND PRESENT = 'TS' GROUP BY lesson;"; // semicolon here
$query .= " SELECT * , COUNT(lesson) FROM seventh_a";
$query .=" WHERE class ='0' AND NAME ='Alexander Kirkby Scherer'";
$query .=" GROUP BY lesson";