Need assistance with WHERE rlike and between for search code

Need assistance with WHERE rlike and between for search code - php

Hello guys can u point me my mistake :( i want to make multi-column search for my page:
So my script its this:
<?
$search=$_GET['s'];
$query="SELECT * FROM `filmi` WHERE `nomer` rlike '$search' or `rezume` rlike '$search' or `kategoriq` rlike '$search' or ' order by seriq asc ";
?>
want to make to search by price-range so i create this:
<?
$search=$_GET['s'];
$pricemin=$_GET['min'];
$pricemax=$_GET['max'];
$query="SELECT * FROM `filmi` WHERE `nomer` rlike '$search' or `rezume` rlike '$search' or `kategoriq` rlike '$search' or 'seriq' BETWEEN '$pricemin' and '$pricemax' order by seriq asc ";
?>
how to replace between it this case ? i watch some others people code for search engines and they use (SELECT * FROM table WHERE Table1 LIKE '%$table1%' AND Table2 LIKE '%$table2%' AND Price BETWEEN '%$min%','%$max%'");
but its doesnt work with mine ;( pls help

Use BETWEEN to filter your result set by the price range like this
$query="SELECT * FROM `filmi`
WHERE (`nomer` RLIKE '$search' OR
`rezume` RLIKE '$search' OR
`kategoriq` RLIKE '$search') AND
`seriq` BETWEEN '$pricemin' AND '$pricemax'
ORDER BY seriq";
Here is sqlfiddle
And as #cryptic suggested consider using prepared statements either with mysqli_* or PDO.
UPDATE3: And this is how you can use prepared statement in your case with mysqli and make it possible to search by keyword only, by keyword and price range or only by price range:
$stype = 0;
if (isset($_GET['s']) && $_GET['s']){
$search=$_GET['s'];
$stype += 1;
}
if (isset($_GET['min']) && $_GET['min'] &&
isset($_GET['max']) && $_GET['max']){
$pricemin=$_GET['min'];
$pricemax=$_GET['max'];
$stype +=2;
}
if (!$stype) {
echo "Required parameter(s) missing.";
exit;
}
/* connect to the database*/
$db = new mysqli("localhost", "user", "password", "dbname");
/* check connection */
if ($db->connect_errno) {
echo "Connection failed: " . $db->connect_error;
exit();
}
$query="SELECT * FROM `filmi` WHERE ";
if ($stype == 1) {
$query .= " (`nomer` rlike ? OR `rezume` rlike ? OR `kategoriq` rlike ?) ";
} elseif ($stype == 2) {
$query .= " `seriq` BETWEEN ? AND ? ";
} elseif ($stype == 3) {
$query .= " (`nomer` rlike ? OR `rezume` rlike ? OR `kategoriq` rlike ?) AND `seriq` BETWEEN ? AND ?";
}
$query .= " ORDER BY seriq";
/* create a prepared statement */
if (!$stmt = $db->prepare($query)) {
//handle error here;
echo "Error preparing statement.";
exit;
}
/* bind parameters for markers */
if ($stype == 1) {
$stmt->bind_param("sss", $search, $search, $search);
} elseif ($stype == 2) {
$stmt->bind_param("dd", $pricemin, $pricemax);
} elseif ($stype == 3) {
$stmt->bind_param("sssdd", $search, $search, $search, $pricemin, $pricemax);
}
/* execute query */
$stmt->execute();
/* get result */
$result = $stmt->get_result();
if ($result) {
/* now you can fetch the results into an assoc array */
while ($row = $result->fetch_assoc()) {
echo $row['nomer']. ", " .$row['rezume']. ", " .$row['kategoriq']. ", " .$row['seriq']. "<br>";
}
}
/* close statement */
$stmt->close();
/* close db connection */
$db->close();

The query (disregarding SQL injection):
SELECT * FROM table
WHERE field1 LIKE '%$table1%'
AND field2 LIKE '%$table2%'
AND Price BETWEEN 'val3' AND 'val2'
You cannot use BETWEEN to do like comparison.

Related

Connecting SQL Statements by If statement in PHP

The third query doesn't work but the first two query in the if statement doesn't have any problem. I'm trying to create an advanced search in PHP with date and filters. Is there a limit in using "AND" in sql?
Any tips to help me get a better sql statement than this?
$sql2 = "SELECT * FROM `work` WHERE `remarks` = 'PENDING' AND `College` IN($college12)";
if (!empty($search) && !empty($criteria)) {
$sql2 .= "AND `$criteria` LIKE '%$search%' LIMIT $start,$limit";
}
if (!empty($dateFrom) && !empty($dateTo)) {
$sql2 .= "AND Date_App >= '$dateFrom' AND Date_App <= '$dateTo' LIMIT $start,$limit";
}
if (!empty($dateFrom) && !empty($dateTo) && !empty($search) && !empty($criteria)) {
$sql2 .= "AND Date_App >= '$dateFrom' AND Date_App <= '$dateTo' AND `$criteria` LIKE '%$search%' LIMIT $start,$limit";
}

PHP mysql query 2 OR and 1 AND

$query = "SELECT * FROM tbl_country WHERE language='$lang' AND country_name LIKE '%".$_POST["query"]."%' OR country_second LIKE '%".$_POST["query"]."%'";
The above will not work. I want it to search in 2 fields (works) but based of the language I've set. But it simply skips the lang part

Try this
$search = $_POST["query"];
if(empty($search))
{
echo "Search filed is empty";
}
elseif (empty($lang)) {
echo "Lang filed is empty";
}
else
{
$query = "SELECT * FROM tbl_country WHERE language='$lang' AND
(country_name LIKE '%$search%' OR country_second LIKE '%$search%') ";
}
Wrap with ()

How to convert this mySql query to PDO format...?

How should i write my PDO Prepare and bindValue/param statement for this type of query where i check whether the value is not null then only add it to the query string.....
$query = "SELECT * FROM cabs WHERE DATE='$date' ";
if ($mode!=='' || $mode!=="")
$query .="AND MODE='$mode' ";
if ($tfno!=='')
$query .="AND TFNO='$tfno' ";
$query .="ORDER BY TIME";

Quick answer, without testing:
<?php
$params = array(':date' => $date);
$query = "SELECT * FROM cabs WHERE DATE=':date' ";
if ($mode!=='' || $mode!=="") {
$query .="AND MODE=':mode' ";
$params[':mode'] = $mode;
}
if ($tfno!=='') {
$query .="AND TFNO=':tfno' ";
$params[':tfno'] = $tfno;
}
$query .="ORDER BY TIME";
$req = $dbh->prepare($query);
$req->execute($params);
Just push in the param array each time your query gets more filters, and using a name should be easier, I'm not sure that array_push would preserve the order, so ..

How to create <form> for search with assoc array

Hello can u help me with a script that i have trouble with ;\ i want to create a search script from different columns and price range: so the search.php is that:
<?php
/* connect to the database*/
$db = new mysqli("localhost", "root", "", "movie");
/* check connection */
if ($db->connect_errno) {
echo "Connection failed: " . $db->connect_error;
exit();
}
$query="SELECT * FROM `filmi`
WHERE (`nomer` rlike '%$search%' OR
`rezume` rlike '%$search%' OR
`kategoriq` rlike '%$search%') AND
`seriq` BETWEEN '%$pricemin%' AND '$pricemax'
ORDER BY seriq ASC";
/* create a prepared statement */
if ($stmt = $db->prepare($query)) {
/* bind parameters for markers */
$stmt->bind_param("sssdd", $search, $search, $search, $pricemin, $pricemax);
/* execute query */
$stmt->execute();
/* get result */
$result = $stmt->get_result();
if ($result) {
/* now you can fetch the results into an assoc array */
while ($row = $result->fetch_assoc()) {
echo $row['nomer']. ", " .$row['rezume']. ", " .$row['kategoriq']. ", " .$row['seriq']. "<br>";
}
}
/* close statement */
$stmt->close();
}
/* close db connection */
$db->close();
?>
What shoud be the "<form method=?>" form fill the $search and $pricemin / $pricemax fields ?

Check whether $search exists or not. Means, does there is some value in $search or not.
if(isset($search) && $search!=''){
case 1
}
else{
case 2
}
Case 1:
If there is value in $search then include it in where clause.
below query is an example to explain my idea.
$query="SELECT * FROM `filmi`
WHERE (`nomer` rlike '%$search%' OR
`rezume` rlike '%$search%' OR
`kategoriq` rlike '%$search%') AND
`seriq` BETWEEN '%$pricemin%' AND '$pricemax'
ORDER BY seriq ASC";
Case 2:
If there is no value in $search then does not include it in where clause.
check below query
$query="SELECT * FROM `filmi`
WHERE `seriq` BETWEEN '%$pricemin%' AND '$pricemax'
ORDER BY seriq ASC";

You can use either GET or POST method in your <form> tagg
and
in your PHP script you can use $form_var_name = $_REQUEST['form_var_name'] to access the data dispatched by form. To be more specific as follows
$search = $_REQUEST['search'];
$pricemin = $_REQUEST['pricemin'];
$pricemax = $_REQUEST['pricemax'];

MySQL: Combining two repetitive queries to make WHERE clause dynamic

How can I combine these two queries into one so I don't have to repeat the same lines again and again?
if(empty($cat_id))
{
$sql = "
SELECT *
FROM root_category_contacts
ORDER by cat_order ASC
";
$items_category = $connection->fetch_all($sql);
}
else
{
$sql = "
SELECT *
FROM root_category_contacts
WHERE root_category_contacts.cat_id != ?
ORDER by cat_order ASC
";
$items_category = $connection->fetch_all($sql,array($cat_id));
}
I don't need WHERE clause when I don't have the cat_id.
Is it feasible?

Test if ? is null or equals cat_id. Something like this:
Edit based on xdazz's comment. And assuming that cat_id > 0
$sql = "
SELECT *
FROM root_category_contacts
WHERE root_category_contacts.cat_id != ?
ORDER by cat_order ASC"
if(empty($cat_id)) {
$cat_id = 0;
}
$items_category = $connection->fetch_all($sql,array($cat_id));

if(empty($cat_id)) $where = "";
else $where = "WHERE root_category_contacts.cat_id != '$cat_id'"
$sql = "
SELECT *
FROM root_category_contacts
$where
ORDER by cat_order ASC
";
$items_category = $connection->fetch_all($sql);

We Keep Coding

PHP, A popular general-purpose scripting language that is especially suited to web development.

Need assistance with WHERE rlike and between for search code - php

The query (disregarding SQL injection): SELECT * FROM table WHERE field1 LIKE '%$table1%' AND field2 LIKE '%$table2%' AND Price BETWEEN 'val3' AND 'val2' You cannot use BETWEEN to do like comparison.

Related

Connecting SQL Statements by If statement in PHP

PHP mysql query 2 OR and 1 AND

How to convert this mySql query to PDO format...?

How to create <form> for search with assoc array

MySQL: Combining two repetitive queries to make WHERE clause dynamic

Categories

Resources