I am getting the following strange issue in mysqli prepared statement
This is my sample query and params
SELECT * from ecf_request WHERE id > ? OR id < ?
...
$stmt->bind_param("ii", $id, $id1); //5, 10
When i use just = conditions it's working fine but for > and < conditions it's not working.
I am getting "Number of variables doesn't match number of parameters in prepared statement" error
Is it possible to use greater than and less than symbols in prepared statements ?
I need to implement it for date filter condition. records between two dates.
Thanks in advance
one id cannot be greater and smaller to itself at the same time.
you are giving a condition like id >10 and id <10 at the same time.
If you want both id1 and id2 to be selected use SELECT * from ecf_request WHERE id IN(?,?) instead of AND and if you want to select everything in between then use SELECT * from ecf_request WHERE id BETWEEN ? AND ?
You can use the BETWEEN statement. Here's an example:
SELECT * FROM `ecf_request` WHERE `id` BETWEEN ? AND ?
Related
I have a table name voice with tele_no, date_time and appointment as records. I am trying filter with various combination. If i use OR then it include all fields, If i use AND then all fields must be entered. How to use combination, mean if i type single field or combination of multiple fields. It should return query
$result =mysqli_query($hello,"
SELECT voice.*
, record.*
FROM voice (voice.tele_no = '$tele' AND voice.tele_no<>'')
OR (voice.date_time between '$date_fm' and '$date_to' AND voice.date_time<>'')
OR (voice.appointment= '$tele' AND voice.appointment<>'')
I would use a flexible prepared statement here, something like:
SELECT *
FROM voice
WHERE
(tele_no = ? OR tele_no IS NULL) AND
(date_time BETWEEN ? AND ? OR date_time IS NULL) AND
(appointment = ? OR appointment IS NULL);
Should any of the three columns appearing in the WHERE clause be NULL, then that particular condition would effectively no-op and logically drop out of the query. Note that to implement this from PHP, you would need to use one of several PHP's prepared statement libraries.
I have the following query in SQL
$querycountry = mysql_query("SELECT
`country_iso2`
FROM
`ban_country_ip`
WHERE `ip_from` <= INET_ATON('$ip')
AND ip_to >= INET_ATON('$ip')
AND checkbox = 1
ORDER BY NAME ");
Is it a valid query if i added the second AND.
Any suggestions on how to overcome this.
Is it a valid query if i added the second AND.
Yes it is. You can use multiple conditions for a single query and AND or OR is used to add more than one conditions.
From http://www.tutorialspoint.com/mysql/mysql-where-clause.htm
You can specify more than one conditions using AND or OR operators.
I have two issues, the first as the title states is that I need to have dynamic query with AND/OR in it. I fully understand the AND part (I've done a bunch of these) however, the OR part is very confusing to me because looking at this following sql :
$sql = SELECT * FROM table WHERE 1
then if you add an OR statement if a condition is met :
if(isset($_POST['OR'])){
$sql. = " OR peaches = :good";
}
then the query will return WHERE 1 OR peaches = :good
Again I understand the part with the AND, but I do not understand how to set up the OR part.
This is how I have set up the AND / OR selection (and this works)
The second issue I am facing is this code snippet from the same script (please read code comments) :
$sql .= " GROUP BY anum"; // I always group BY anum no matter what
if ($count !== "") { // if COUNT is not ""
$sql .= " HAVING COUNT(session.anum) :count"; // Then I want the user to be able to choose the operator (> < => =< =) and the dynamic number for it to use
$placeholder[':count'] = $count; // Then add the key :count to an array with the value of $count
}
$dynamic = $this->db->conn_id->prepare($sql);
$dynamic->execute($placeholder);
So as you notice I give the named parameter (:count) the value of $count, however this does "not work".
Is it possible to do what I am trying to do ($sql .= " HAVING COUNT(session.anum) :count";)
If not then I could just do : $sql .= " HAVING COUNT(session.anum) $count";
but that would defeat the purpose of PDO.
Any help would be great
Problem 1:
The reason that some developers use WHERE 1 when they have optional search terms is that an expression like TRUE AND <condition> is always equal to <condition>. This is basic boolean algebra.
But this is not the case for OR expressions. TRUE OR <condition> is always simply TRUE. You could modify your base query to use WHERE 0 so that when you append an OR term it comes out as WHERE 0 OR <condition>. Any expression like FALSE OR <condition> is always equal to the <condition>.
If you need to support both AND and OR in the same SQL query, you need to start putting parentheses around terms so they evaluate in the way you intend. I'm not going to explain boolean algebra and MySQL's operator precedence in this StackOverflow answer. But suffice to say that simply appending terms with .= isn't going to work when you have a mix of AND and OR terms.
Problem 2:
Parameters are very useful, but they don't solve every case of dynamic SQL. You can use an SQL parameter in place of a single literal value, but nothing else.
Not table names
Not column names
Not lists of values (like an IN( ) predicate)
Not SQL keywords
Not expressions
Not operators
You have to use string interpolation to include a user-chosen operator in your HAVING clause.
It's recommended to use whitelisting to avoid risk of SQL injection when you need to interpolate dynamic content and can't use a parameter.
For the first issue, what is the problem exactly?
For the second, MySQL manual says that you can't use functions on having clauses.
You can do like this:
SELECT *, COUNT(session.anum) AS total GROUP BY session.anum HAVING total > :count
I have a table image_tb, which has 3 fields, id,images,link (id is auto auto_increment), this is my insert code:
mysql_query("
insert into image_tb
(images,link)
select
'".(max(id)+1).".jpeg','".$link."'
from image_tb
");
it return:
Warning: max(): When only one parameter is given, it must be an array
how to modify? thanks.
its better you define a function , get the last id by query like this:
"select id from image_tb order by id desc limit 0,1"
then increase it , its realibe .
I think you don't mean to close the string:
select '" ...
should be
select MAX(id) + 1
Otherwise you are using the php function max, and I don't think you intend to do that at all.
By the way, you shouldn't be using mysql_*. Use PDO or mysqli.
do it inside the query,
mysql_query("
insert into image_tb (images,link)
select CONCAT(COALESCE((SELECT MAX(ID) + 1 FROM image_tb),1), '.jpeg'),'".$link."'
from image_tb
");
your query is vulnerable with SQL Injection, please read the article below to protect from it
How can I prevent SQL injection in PHP?
Have you considered something like this?
Insert data with empty filename
Update table where filename is empty, set filename to CONCAT(id, ".jpeg") or something (CONCAT is function used to "add" strings).
I have the following query to fetch rows from wpr_subscribers provided that the conditions in the query.
SELECT subscribers.* FROM wpr_subscribers subscribers, wpr_followup_subscriptions subscriptions WHERE
subscribers.id=subscriptions.sid AND
subscribers.active=1 AND
subscribers.confirmed=1 AND
subscriptions.type='autoresponder' AND
subscriptions.eid=$autoresponder_id AND
subscriptions.sequence = -2 OR
CEIL((subscriptions.last_date-subscriptions.doc)/86400) >= $message_index
The query returns two of every row. How do I solve this issue?
SELECT DISTINCT subscribers.* FROM wpr_subscribers subscribers, wpr_followup_subscriptions
subscriptions WHERE
subscribers.id=subscriptions.sid AND
subscribers.active=1 AND
subscribers.confirmed=1 AND
subscriptions.type='autoresponder' AND
subscriptions.eid=$autoresponder_id AND
subscriptions.sequence = -2 OR
CEIL((subscriptions.last_date-subscriptions.doc)/86400) >= $message_index
DISTINCT keyword would help you in returning only the unique(distinct) rows in the table. Are you sure on the logic of AND and OR in the query and the unique data that you will now receive is indeed correct. Just for the info, AND operator has precedence over OR however you can override that by using parenthesis.
It is probably your OR statement
subscriptions.sequence = -2 OR
CEIL((subscriptions.last_date-subscriptions.doc)/86400) >= $message_index
You should enclose this in parenthesis for whatever the scope of the OR is