I have a weird problem please take a look at this query:
select * from myfriend where name like "%n%";
when execute this query on phpMyAdmin the query returned correct results, but when execute it using php no result returned.
please note this query executed in drupal 6.
what is the problem with char "n" and PHP?
Percent signs are used as placeholders in Drupal 6 queries, so you need to escape them:
$query = db_query('select * from myfriend where name like "%%n%%"');
$searchChar = "n";
$query = "SELECT * FROM `myfriend` WHERE `name` LIKE '%" . $searchChar . "%'";
Then use the $query variable in your statement.
Eg:
$mysql->query($query);
mysql_query($query);
Your query is perfect. Give some brief on it. You can check if your connection of database from php to mysql is correct. You can echo that query from php file and run into phpmyadmin if that gives correct output then surely database connectivity problem will be there.
There is absolutely no issues with any character in php.
Related
This is my MySQL statement, I want to search record by status or description.. this statement works fine in phpMyAdmin, but it is not working in php script.. Any Suggestions Please..
$result = mysqli_query($mysqli,
"SELECT * FROM `statuses`
where statuses.`status` LIKE '%$search%' OR
statuses.`description` LIKE '%$search%'");
I hope you write everything correct but there may be error in how you fetching data. Here are the things you need to check.
check your connection string
If you are retrieving data then use something like below
while($row = $result->fetch_array())
{
echo $row['example_col_name'];
}
You can do one more thing if everything alright store your query to a variable and echo out that one then you will see what query is passing .
I'm trying to create a restaurant search that will find the restaurant in the database even when the user only inputs part of the whole name.
Here is the code:
First I take the input, sanitize it and then add the % signs to the left and right.
$restaurantNameTest = InputCleaner($_GET["restaurantName"]);
$restaurantName = ('%' . $restaurantNameTest . '%');
Then I run the query:
$result = mysqli_query($conn,
"SELECT restaurantID,restaurant_name, cusine, wait_time
FROM Restaurant
WHERE restaurant_name = '$restaurantName'");
For some reason this isn't working and no results are found unless I type in the name perfectly. Am I doing it wrong?
Use Like instead
$result = mysqli_query($conn,
"SELECT restaurantID,restaurant_name, cusine, wait_time
FROM Restaurant
WHERE restaurant_name LIKE '$restaurantName'");
This is more of an SQL question than a PHP question, but what I believe you need is the LIKE comparison of the WHERE clause.
So change your query to read: ...WHERE restaurant_name LIKE '$restaurantName'");
LIKE will match partial strings, based on the placement of the wildcard (%) character(s).
So a few things to note, first of all to echo what others have said -- you should be using LIKE in your query. On top of that you should really be using MySQLi's prepared statements
So you will want a your code to look something like this:
$sql = "SELECT restaurantID,
restaurant_name,
cusine,
wait_time
FROM Restaurant
WHERE restaurant_name LIKE '%?%'";
$query = $connection->prepare($sql);
$query->bind_param('s'. $restaurantName);
$query->execute();
I'm primarily a PDO user so you may want to double check the above syntax, but it should work.
To re-iterate on your question specifically:
Use LIKE with your wildcards to get the result you're after and not =.
I'm trying to run the following query:
SELECT * FROM `mytable` WHERE `mycolumn`='stringa /stringb'
This query works if run directly through PHPMyAdmin or in PHP as follows:
$query = "SELECT * FROM `eztrack` WHERE `visible`='1' AND `OrderHed_PONum`='stringa /stringb'";
$DB->query($query); // $DB is a mysqli object
However, when getting a search keyword from $_GET or $_POST, it returns an empty result:
$query = "SELECT * FROM `eztrack` WHERE `visible`='1' AND `OrderHed_PONum`='" . $DB->real_escape_string($_POST['q']) . "'";
$result = $DB->query($query); // $result->num_rows is 0
Do forward slashes need to be escaped? If so how? And why does it work when the search keyword is pasted directly into the file? Any help would be appreciated!
-- Edit: Solved --
The issue was not with PHP or mysqli. It had to do with copying data from Chrome. Please see my comment below.
I have this database I created with a phpMyAdmin client. Specific queries like SELECT * FROM TagData LIMIT 0,10 in my php code runs perfect. But when I add a wildcard to the query like SELECT * FROM TagData WHERE Device_Name LIKE 'Valve%' LIMIT 0,10 it doesn't work. The strange thing is that the exact same SQL works perfect in the phpMyAdmin tool.
This is how I run my query in php:
$query="SELECT * FROM TagData WHERE Device_Name LIKE 'Valve%' LIMIT 0,10";
$tmpResult=mysql_query(sprintf($query));
I have a strong feeling that the quote characters in the $query string are the problem. Can someone please explain me what I am doing wrong and why I am doing this wrong.
The result mysql_error() gives is:
Query was empty
You dont need sprintf when you dont insert any custom parameters.
Just leave it raw.
Your query was emtpy because the string you gave to sprintf was malformed and sprintf returned null/ an empty string.
You need parameters to place in sprintf otherwise this has no use. And % is a control character for sprintf, to escape this you would have to place %% instead of % but my advice here ins aslong as you do not have any parameters, just dont use it!
To make your query work just fire it raw
$query= "SELECT * FROM TagData WHERE Device_Name LIKE 'Valve%' LIMIT 0,10";
$tmpResult = mysql_query($query);
And now, please have a look what sprintf actually does:
http://php.net/manual/en/function.sprintf.php
However please consider upgrading to MySQLi or PHP/PDO extension because MySQL class is outdated, deprecated, unsave, slow and will be removed from PHP in the future.
http://php.net/manual/en/book.mysqli.php
http://php.net/manual/en/book.pdo.php
i want to recober all the users with "blo" in their full name, for example: "Pablo"
I pass the "blo" parameter with user PHP parameter:
$q=mysql_query("select * From user Where fullName Like '%'".$_REQUEST['user']."'%'",$link );
something is wrong in the php SQL sentence, because when i try the sentence with the argument "blo" on my SQL database, i see that the SQL sentence is correct, because it returns me correct result, this is the sentence with the argument "blo" on it: select * From user Where fullName Like "%blo%"
i'm sure that the PHP is receiven the "blo" parameter correctly, then, it have to be a sintax error of the SQL sentence on the PHP.... but i can't find it
EDIT : OK!! the last sentence is solved, but now i have this new sentence with the same problem, it have a error but i dont know where
$query = sprintf("SELECT u.*
FROM USER u
WHERE u.fullName LIKE '%%%s%%' AND email NOT IN (select pp.fk_email2 from permission pp where pp.fk_email1='".mysql_escape($_REQUEST['mymail'])."') AND email NOT LIKE '".mysql_escape($_REQUEST['mymail'])."' ",
mysql_real_escape_string($_REQUEST['user']));
SQL requires single quotes to indicate a string for comparison, and the wildcard character (%) must be included inside of those single quotes. Double quotes are used for column and table aliasing only, if at all.
$query = sprintf("SELECT u.*
FROM USER u
WHERE u.fullName LIKE '%%%s%%'",
mysql_real_escape_string($_REQUEST['user']));
$q = mysql_query($query, $link);
Secondly, you're leaving yourself open to a SQL injection attack by not sanitizing the user request variable. Always use mysql_real_escape_string when dealing with strings being submitted to a MySQL database.
You have the quotes messed up. use this:
$q=mysql_query('SELECT *
FROM user
WHERE fullName LIKE "%' . $_REQUEST['user'] . '%"',$link );
BTW, this is bad practice. You are using un-escaped input in your query and are open to SQL injection.
It looks like your quotes are off.. try something like...
$q=mysql_query("select * From user Where fullName Like '%".$_REQUEST['user']."%'",$link);
Also, you will want to make sure that the incoming param is sql-escaped to prevent sql injection. I don't know php, but it's probably something similar to...
$q=mysql_query("select * From user Where fullName Like '%".mysql_escape($_REQUEST['user'])."%'",$link);
I think it must be ... Where fullname like '%" . $_REQUEST['user']."%'"...
with the % symbol inside the simple quotes.
#AndroidUser99: Change the query to --
$q = mysql_query("select * from user Where fullName like '%" . $_REQUEST['user'] . "%'", $link);
Update
I think we may need more code since none of the answers seem to be 'working'. Is the database link even being instantiated in $link? If there are errors what are they?