I have a php form that searches a SQL database. There are say eight form fields each of which are optional. If everything is left blank, the query will return the entire database. If one field is filled out it will filter by one field, two it will filter by two, etc. I haven't had any issues until I wanted the ability to search for null entries. So for example I want to search where the customers has a last name but DOES NOT have a primary phone number. I've been working for a couple hours and can't think of a simple way to implement something like this. I envision it as you type a keyword into the search field to search where the item is null on top of everything else. So if I put "Smith" into last name and "NULL" into phone number it would work with my above example. Below is my current code.
$query = "SELECT *
FROM customer_search_view
WHERE COALESCE(customer_search_view.first_name,'') LIKE $firstName AND
COALESCE(customer_search_view.last_name,'') LIKE $lastName AND
COALESCE(customer_search_view.customer_id,'') LIKE $customerId AND
COALESCE(customer_search_view.primary_phone,'') LIKE $primaryPhone AND
COALESCE(customer_search_view.email,'') LIKE $email AND
COALESCE(customer_search_view.store,'') LIKE $store AND
COALESCE(customer_search_view.sales_associate,'') LIKE $salesAssociate AND
COALESCE(customer_search_view.bdr_associate,'') LIKE $bdrAssociate AND
COALESCE(customer_search_view.status,'') LIKE $status AND
COALESCE(customer_search_view.lead_category,'') LIKE $leadCategory
ORDER BY created_on DESC LIMIT 0,100";
If there is anyway to search where something is LIKE NULL it would be a quick fix as well.
the only way to find NULL is to use COALESCE(customer_search_view.primary_phone,'') IS NULL so you would need to extend your variables to be like
COALESCE(customer_search_view.primary_phone,'') $primaryPhoneOperator $primaryPhone
If you can't change your front end you could loop through values before your query such as
if(empty($primaryPhone)) { $primaryPhoneOperator = "IS NULL"; } else { $primaryPhoneOperator = "LIKE"; }
Related
I have a table filter feature in PHP club membership webpage. I made it so the user can filter the table and choose which members to display in a table. For example, he can choose the country or state where the member is from then hit display. I am using a prepared statement.
The problem is, I need to use wildcards to make the coding easier. How do I use a wildcard in PHP MySQL query? I will use wildcards for example if the user does NOT want specific country but instead he wants to display all members from all countries.
I know not specifying the WHERE country= will automatically select any countries but I already constructed it so each controls like the SELECT control for country already has a value like "CA" or "NY" and "*" if the user leaves that control under "All Countries". This value when submitted is then added to the query like:
$SelectedCountry = $_POST["country"];
sql .= " WHERE country=" . $SelectedCountry;
But the problem is using WHERE country=* doesn't seem to work. No errors, just doesn't work. Is "*" the wildcard in PHP MySQL?
The * is not a wildcard in SQL when comparing with the = operator. You can use the like operator and pass a % to allow for anything.
When doing this the % should be the only thing going to the bind. $Bind_country = "'%'"; is incorrect because the driver is already going to quote the value and escape the quotes. So your query would come out as:
WHERE country ='\'%\''
The = also needs to be a like. So you want
$bind_country = '%';
and then the query should be:
$sql = 'select * from table where country like ?';
If this were my application I would build the where part dynamically.
Using * in WHERE clause is not right. You can only give legit value. For example:
// looking for an exact value
SELECT * FROM table WHERE column = 'value'
// you can also do this when looking for an exact value
// it works even if your $_POST[] has no value
SELECT * FROM table WHERE column = 'value' OR '$_POST["country"]' = ''
// looking for a specific or not exact value
// you can place % anywhere in value's place
// % denotes the unknown characters of the value
// it works also even if your $_POST[] has no value
// results will not be the same when you're using AND or OR clause
SELECT * FROM table WHERE column LIKE '%val%'
I think below link can solve your problem.
Just have a look and choose what you need.
Thanks.
http://www.w3schools.com/sql/sql_wildcards.asp
I am using php and mySQL. I have a select query that is not working. My code is:
$bookquery = "SELECT * FROM my_books WHERE book_title = '$book' OR book_title_short = '$book' OR book_title_long = '$book' OR book_id = '$book'";
The code searches several title types and returns the desired reference most of the time, except when the name of the book starts with a numeral. Though rare, some of my book titles are in the form "2 Book". In such cases, the query only looks at the "2", assumes it is a "book_id" and returns the second entry in the database, instead of the entry for "2 Book". Something like "3 Book" returns the third entry and so forth. I am confused why the select is acting this way, but more importantly, I do not know how to fix it.
If you have a column in your table with a numeric data type (INT, maybe), then your search strategy is going to work strangely for values of $book that start with numbers. You have discovered this.
The following expression always returns true in SQL. It's not intuitive, but it's true.
99 = '99 Luftballon'
That's because, when you compare an integer to a string, MySQL implicitly does this:
CAST(stringvalue AS INT)
And, a cast of a string beginning with the text of an integer always returns the value of the integer. For example, the value of
CAST('99 Luftballon' AS INT)
is 99. So you'll get book id 99 if you look for that search term.
It's pointless to try to compare an INT column to a text string that doesn't start with an integer, because CAST('blah blah blah' AS INT) always returns zero. To make your search strategy work better, you should consider omitting OR book_id = '$book' from your search query unless you know that the entirety of $book is a number.
As others mention, my PHP allowed both numerical enties and text entries from the browser. My query was then having a hard time with this, interpreting some of my text entries as numbers by truncating the end. Thus, my "2 Book" was being interpreted as the number "2" and then being queried to find the second book in the database. To fix this I just created a simple if statement in PHP so that my queries only looked for text or numbers. Thus, in my case, my solution was:
if(is_numeric($book)){
$bookquery = "SELECT * FROM books WHERE book_id = '$book'";
}else{
$bookquery = "SELECT * FROM books WHERE book_title = '$book' OR book_title_short = '$book' OR book_title_long = '$book'";
}
This is working great and I am on my way coding happily again. Thanks #OllieJones and others for your questions and ideas which helped me see I needed to approach the problem differently.
Not sure if this is the correct answer for you but it seems like you are searching for only exact values in your select. Have you thought of trying a more generic search for your criteria? Such as...
$bookquery = "SELECT * FROM my_books WHERE book_title LIKE '".$book."' OR book_title_short LIKE '".$book."' OR book_title_long LIKE '".$book."' OR book_id LIKE '".$book."'"
If you are doing some kind of searching you might even want to ensure the characters before the search key are found as well like so....
$bookquery = "SELECT * FROM my_books WHERE book_title LIKE '%".$book."' OR book_title_short LIKE '%".$book."' OR book_title_long LIKE '%".$book."' OR book_id LIKE '%".$book."'"
The % is a special char that looks for allows you to search for the chars you want to search for PLUS any characters before this that aren't in the search criteri... for example $book = "any" with a % before hand in the query like so, '%".$book."'"`` would return bothcompanyand also the wordany` by itself.
If you need to you can add a % to the end also like so, `'%".$book."%'"`` and it would do the same for the beginning and end of the search key
I currently have this table.
Names
Two fields, ID and Names. Example data would be 1 | Harry.
Now what i am planning on doing is that if someone enters in something like Henry in my form, it will search my database for a result that begins with "H" Then if their are multiple results, it will see if there are any results that are "He" if their isn't it will fallback to the previous result from "H".
The only thing i can think of doing is this,
$inputted_name = "Henry";
$query = mysql_query("SELECT `name` FROM `names`");
while($row = mysql_fetch_array($query)){
$stored_name = $row['name'];
if($stored_name[0] == $inputted_name[0]){
if($stored_name[1] == $inputted_name[1]){
$result = $stored_name;
break;
} else {
// continue looking but then return the first result that matched one letter?
}
}
}
Now i am sure this can't be the best way to do it. Would it be possible in a query? I'm just really not sure where to look for a sensible answer for this one.
change
mysql_query("SELECT name FROM names");
to
mysql_query("SELECT name FROM names WHERE NAME='".$inputted_name."'");
and check you have more than one answer.
Note this is a bad way to do it if your name comes from a non controlled source, such as a web page, as it would allow a SQL injection, and then you would need parameters, but for your example it would work.
Edit: Now I read your question again, yes, you would need parameters or escaping such as:
$name = mysql_real_escape_string($inputted_name);
mysql_query("SELECT `name` FROM `names` WHERE NAME='".$=name."'");
Also, don't try and do in code what the database can do easily (like search for characters). Your code is almost always going to be worse than the database for doing a search, leave it to the database.
I have a table, with not many rows, and neither many columns. I am doing a Full text search on 3 columns.
My code is
$search_input = trim($_GET['s']);
$search = mysql_real_escape_string($search_input);
$search = '+'.str_replace(' ', '* +', $search).'*';
$sql = "SELECT * FROM table WHERE
MATCH(def, pqr, xyz) AGAINST ('$search' IN BOOLEAN MODE)";
$result = mysql_query($sql);
I can correctly search for terms like abcdefgh, which are present as ... abcdefgh ....
But I am receiving empty set with search terms like abc, where in table entry is present something like abc-123, and also terms like abcdefghs. (notice this is plural of above)
Clearly I need to implement partial search, or something like that.
But how do I implement such a search? Any better way to do a entire table search on user input?
Do mention anything I am doing incorrectly.
EDIT : By adding * after each word, now I am able to also search for abcde, but above problems remains.
Do you mean you don't get results for 3 letter combinations? If so, you might be hitting the mysql index length (which is usually set to 3)
More info here - http://dev.mysql.com/doc/refman/5.1/en/fulltext-fine-tuning.html
I am trying to have PHP search based on letters entered into a text box. I want it to match a pattern and find the relevant results from the database.
So if I typed in
"Jo Smi"
It would find results
Jo Smith, Pojo Smithson, Ojo Smith
How would one achieve this. I know how to get information from the database but not parts of various fields.
The objective is to search through users searching in fields user_firstname, user_lastname and user_email
Any ideas?
You should be able to do that directly from your query.
get the text box results and escape them then do
SELECT * FROM `database` WHERE `name` REGEXP '{INPUT TEXT HERE}';
That should work I think.
You can do simplistic searching on fields in a database using the LIKE clause:
$query = "SELECT Fields FROM Table WHERE TestField LIKE '%".$escapedTextString."%'";
Do a LIKE search against an upper-cased version of your search terms. Don't forget to mysql_real_escape_string().
$searchpattern = mysql_real_escape_string(strtoupper("Jo Smi"));
mysql_query("SELECT * FROM table WHERE UPPER(column) LIKE '%$searchpattern%';");
Hello Man previous answer is good
but you want to know this info
get the variable => $name =
$_GET['name'];
if you want to make it upper case
use strtoupper();
if you want to
make it Lower case use
strtolower();
if you want to
search you should replace = with
where like where name = $name to
where name like $name
this info
abc% => variable start with abc and finish with any thing
%abc% => variable start any thing , contain abc , finish with any thing
%abc => variable start any thing ,finish with abc