I have PHP code to do a simple MySQL database search with only two columns of data. I suspect I am probably already going the long way around when I could simply do it a different way.
I have a form that you can put in a name or an IP address and it will search for either of them in the database, and output the results. Each name can only have one IP address (the last one they used) (full unique names will only have 1 result, or multiple results if partial names match multiple accounts), but an IP address can have multiple names (people who use multiple accounts on the same IP).
What I want to do is have it so if you search for a name, it will do the regular single result (if the full unique name was typed), but then under it, do a secondary search for the IP if only the NAME was searched for in the form.
"You search for NAME has returned these results: {results}. We also
found these accounts who have used the same IP address: {results
matching the same IP from the first result of the Name search}".
Here is the code I have so far:
(Some cleanup since I am using GET)
$iplookup = strtolower($_GET['iplookup']);
$iplookup = stripslashes($iplookup);
$iplookup = strip_tags($iplookup);
$iplookup = preg_replace('/[^A-Za-z0-9\._]/','',$iplookup);
$sql = mysql_query("select
* from banlistip where name like '%$iplookup%' OR lastip like '%$iplookup%'
");
if (empty($iplookup)) {
echo '<br><b>You left the search form empty.</b>';
} else {
while ($row = mysql_fetch_array($sql)) {
echo '<br/> Name: '.$row['name'];
echo '<br/> Player IP: '.$row['lastip'];
echo '<br/><br/>';
}
}
And then right here it would get that $row['lastip'] variable and then do a search for that, which would be the equivalent of just searching an ip address in the first place.
The whole purpose of this is to eliminate a couple of steps and see all of the desired results at once. Usually, in order to do an IP search, I have to search the name, highlight + copy the ip, go back to the form, and then search the IP.
The table with two columns named "name" and "lastip" respectively have data like this:
player1 111.111.111.111
player2 222.222.222.222
player3 111.000.111.000
player4 222.000.222.000
altaccount1 111.000.111.000
altaccount2 222.222.222.222
(If you searched for Player2, you would get one result, since it is a unique name. If you searched for the IP of Player2, you would get two results [player2 + altaccount2], since there is an alternate account that uses the same IP address.)
(Please excuse this very long post. I just want to provide as much details as I can, I have tried to research this, but having a block right now. Thanks so much, and again, sorry for making you read all of this.)
SELECT * FROM banlistip
WHERE lastip = (SELECT DISTINCT lastip FROM banlistip WHERE name LIKE '%$iplookup%' OR lastip LIKE '%$iplookup%')
I think what you're trying to do needs 2 seperate SQL strings, and call whichever is required for the data provided.
So if $iplookup is clearly an IP (use regex check), then:
$sql = "SELECT * FROM banlistip WHERE lastip LIKE '%$iplookup%'";
else you will use:
$sql = "SELECT * FROM banlistip WHERE name LIKE '%$iplookup%'";
A Regex you can use to check this with preg_match(), curtousy of regular-expressions.info:
$regex = '/(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)/';
if (preg_match($regex, $iplookup)) {
// Call IP SQL
} else {
// Call Name SQL
}
Related
I wonder if it is possible to search a value in columns using in clause having column names as in elements.
for instance :
$username_or_mail = 'value';
select * from users where $username_or_mail in(username,email);
where username and email are column names in table users.
I tried this and seems that it is working but i want to be sure if i'm right.
Would I be right in assuming you're using this for a "Enter your username or e-mail address and password to login" login form?
If so, then your SQL code is correct, but hints at a possible design flaw: what happens if someone has a username that is also the email address of another user? This could be used as a malicious attack (i.e. hijack another user's account by making your username equal to the victim's email address).
There is a solution/workaround: simply check for the '#' character and ensure that email addresses contain # and similarly ensure that no username contains # either.
...and if you're going to do that logic, then you might as well optimize the SQL and skip having to check multiple columns (psuedocode):
if( $usernameOrEmail contains '#' ) {
registerParameter("#email", $usernameOrEmail);
$sql = "SELECT ... WHERE EmailAddress = #email"; // note that "#email" is the syntax for query parameters in MySQL.
} else {
registerParameter("#userName", $usernameOrEmail);
$sql = "SELECT ... WHERE UserName = #userName";
}
I have a MySQL table containing columns for user IP (IP) and their name (Name). I want to compare the user's browser IP to the IP column the SQL table, and save their name to a PHP variable $name should an IP match be found.
I'm using $ip = $_SERVER['REMOTE_ADDR'] to save the browser's IP. How would I go about comparing this variable to the IP addresses in the SQL database? I tried $getname = mysql_query("SELECT Name FROM MyTable WHERE IP=$ip"); but this seems to return a Resource ID.
My apologizes if the question seems awfully elementary; I'm rather new to SQL (and PHP, for that matter). Also, I'm not in need for a secure way of authenticating for this one.
Use below code, after firing the query you have to iterate the result to get the output.
$getname = mysql_query("SELECT Name FROM MyTable WHERE IP='$ip'");
if(mysql_num_rows($getname)>0)
{
while($row = mysql_fetch_array($getname))
{
echo $row['Name'];
}
}
wrap the value of IP with single quote.
mysql_query("SELECT Name FROM MyTable WHERE IP='$ip'");
I am trying to construct an sql query to search my database for users. It is supposed to help users to find other users on my website to find friends.
I did some research because I knew I did not want:
$query = "SELECT userName, userID FROM user WHERE userID = $userName ";
Because it would not be an effective search if they had to type the users exact name in to find them.
After doing some research I decided to try the like term with % symbols in front and back so it could be the name with lets say numbers before or after and it would show up.
The example I found online formatted it like this:
$query = "SELECT userName, userID FROM user WHERE userID Like '%{$userName}%' ";
but when I executed this query while implemented on m y website, I ran into problems of it returning to many results. It returned results that did not include anything within my search term.
I also tried the above search query with out the brackets since I did not understand why I needed them but I got the same results.
Any suggestions on how to make the search a little stricter using the above command query?
Or any other suggestions for how I should search my database for a user to friend?
The % sign is for wildcards. So if $userName = 'apple' your query would match apple, applepie, and crabapple but not appl.
If you want an exact match remove the %s or the LIKE altogether.
Please try this. also why are you using braces..
$query = "SELECT userName, userID FROM user WHERE username Like '%$userName%' ";
Consider the strings
Apple
iApple
Apple Product
If you type Apple
Like '%{$userName}%' "
Returns: Will return you Apple, iApple , Apple Product
Reason: The % on both side indicates it will accept any text before and after your search term
Like '{$userName}%' "
Returns: Will return you Apple and Apple Product
Reason: The % on right side indicates it will accept any text after your search term
Like '%{$userName}' "
Returns: Will return you Apple and iApple
Reason: The % on left side indicates it will accept any text before your search term
Like '{$userName}' "
Returns: Will return you Apple
Reason: No % will restrict the search to the search term
Further More
I believe your query should be
$username = mysqli_real_escape_string($userName);
$query = "SELECT userName, userID FROM user WHERE userName Like '%{$username}%'";
I have a table, with not many rows, and neither many columns. I am doing a Full text search on 3 columns.
My code is
$search_input = trim($_GET['s']);
$search = mysql_real_escape_string($search_input);
$search = '+'.str_replace(' ', '* +', $search).'*';
$sql = "SELECT * FROM table WHERE
MATCH(def, pqr, xyz) AGAINST ('$search' IN BOOLEAN MODE)";
$result = mysql_query($sql);
I can correctly search for terms like abcdefgh, which are present as ... abcdefgh ....
But I am receiving empty set with search terms like abc, where in table entry is present something like abc-123, and also terms like abcdefghs. (notice this is plural of above)
Clearly I need to implement partial search, or something like that.
But how do I implement such a search? Any better way to do a entire table search on user input?
Do mention anything I am doing incorrectly.
EDIT : By adding * after each word, now I am able to also search for abcde, but above problems remains.
Do you mean you don't get results for 3 letter combinations? If so, you might be hitting the mysql index length (which is usually set to 3)
More info here - http://dev.mysql.com/doc/refman/5.1/en/fulltext-fine-tuning.html
I am trying to have PHP search based on letters entered into a text box. I want it to match a pattern and find the relevant results from the database.
So if I typed in
"Jo Smi"
It would find results
Jo Smith, Pojo Smithson, Ojo Smith
How would one achieve this. I know how to get information from the database but not parts of various fields.
The objective is to search through users searching in fields user_firstname, user_lastname and user_email
Any ideas?
You should be able to do that directly from your query.
get the text box results and escape them then do
SELECT * FROM `database` WHERE `name` REGEXP '{INPUT TEXT HERE}';
That should work I think.
You can do simplistic searching on fields in a database using the LIKE clause:
$query = "SELECT Fields FROM Table WHERE TestField LIKE '%".$escapedTextString."%'";
Do a LIKE search against an upper-cased version of your search terms. Don't forget to mysql_real_escape_string().
$searchpattern = mysql_real_escape_string(strtoupper("Jo Smi"));
mysql_query("SELECT * FROM table WHERE UPPER(column) LIKE '%$searchpattern%';");
Hello Man previous answer is good
but you want to know this info
get the variable => $name =
$_GET['name'];
if you want to make it upper case
use strtoupper();
if you want to
make it Lower case use
strtolower();
if you want to
search you should replace = with
where like where name = $name to
where name like $name
this info
abc% => variable start with abc and finish with any thing
%abc% => variable start any thing , contain abc , finish with any thing
%abc => variable start any thing ,finish with abc