I have an SQL LIKE query running on mySQL which runs fine on my local development server however on the production server it only works on single letters; i.e. if I enter a word any longer than one letter it returns no results.
Any ideas why and how I might be able to fix it?
Thank you in advance.
/**
* Searches all current vehicle listings for matches to given search string.
* #param string - Search keyword(s). Warning: If search string is empty all current vehicles are returned.
* #return array - Resulting table rows containing vin, imageFile, description, kms, auctioneerName, city, time.
*/
public function searchVehicles($search) { //
// Build up initial SQL query. Sub query returns all current vehicles
$query = "SELECT * FROM (SELECT vehicles.auctionId, vin, imageFile, CONCAT_WS(' ', year, makeName, modelName) as description, kms, auctioneerName, city, time FROM vehicles, models, makes, auctions, auctioneers, locations WHERE time > NOW() AND vehicles.modelId = models.modelId AND models.makeId = makes.makeId AND vehicles.auctionId = auctions.auctionId AND auctions.auctioneerId = auctioneers.auctioneerId AND auctions.locationId = locations.locationId) AS results WHERE";
$keywords = explode(" ", $search); // Break search into keywords
// Loop through each keyword in the search to build up SQL query
$firstLoop = true; // Initial loop flag
foreach ($keywords as $keyword) {
if (!$firstLoop) { // Check if this is not the first loop
$query = $query . " AND"; // Then: Add extension statement to query
} else {$firstLoop = false;} // Otherwise: Set flag to false
// Add each keyword search to the query ensuring case insensitivity by converting to uppercase
$query = $query . " UPPER(description) LIKE UPPER('%" . $this->escape($keyword) . "%')";
}
// Add ordering SQL
$query = $query . " ORDER BY time";
// Run query and return results (if any)
return $this->query($query);
}
$query = $query . " UPPER(description) LIKE '%" . strtoupper($this->escape($keyword)) . "%'";
try using COLLATE
$query = $query . " description COLLATE utf8_general_ci like '" . $this->escape($keyword) . ")%'";
for case insensitive search
Upper should be inside.
$query = $query . " UPPER(description) LIKE CONCAT('%',UPPER(" . $this->escape($keyword) . "),'%')";
Related
I am having an issue where I can not search for the exact data I want.
I can search the database fine and return all the values in the format I want. However i want to add in the ability to search by a company's name and also display those results in the same table. The companys Names are not stored in the databse but are in the Array session pulled from an API. We store the ID for each company in the database which is set as the Keys from the array.
I want to know if there is any way to get results given form the array as well as the database search.
I know i can do it with a foreach loop around all my SQL SELECT Statement, but the issue with that is if there is no match in the array it will not run any search, making the rest of the search very limited as searching by IP Address is one of the main reasons for this. the only way I think it is possible is adding a foreach loop into the SQL statement but I don't see how that is possible nor can i find any documentation on it online. please help!
Here is my code that runs based on an input from a search box sent by AJAX.
// Start sessions, Connected to DB set customer array
session_start();
$conn = connect();
$customers = $_SESSION['array'];
// if ajax posted search input
if($_POST){
$search = mysqli_real_escape_string($conn, $_POST['search']);
//set a second input for checking against customers array and format to give results
$input = $search
$input = strtolower($input);
$input = "'$input'";
$result = preg_grep($input, $customers);
$arrayk = array_keys($result);
//SELECT Search mysql Query
$matchingcompanies = "";
foreach($arrayk as $id)
{
$matchingcompanies .= "'" . $id . "' OR ";
}
$matchingcompanies = substr($matchingcompanies,0,strlen($matchingcompanies)-4);
$query1 = "SELECT * FROM IPV4_linked WHERE `companyId` = (" . $matchingcompanies . ") OR concat(ipv4Address, ipv4Subnet, hostName, owner, siteName) like '%" . $search . "%'";
$view4 = mysqli_query($conn, $query1);
//Table Title row
echo "<div><table name ='ipv4' class='tableparent'><td class='tabled'>IP Address</td><td class='table'>Subnet</td><td class='table'>PC Name</td><td class='table'>Owner</td><td class='table'>Customer</td><td class='table'>Customer Site</td></tr>";
//loops through search results and echo table
while ($row = mysqli_fetch_array($view4)){
$id = $row['companyId'];
$company = $customers[$id];
echo "<tr><td class='tabled'>". $row['ipv4Address']."</td><td class='table'>". $row['ipv4Subnet']."</td><td class='table'>".$row['hostName']."</td><td class='table'>". $row['owner']."</td><td class='table'>".$company."</td><td class='table'>".$row['siteName']."</td></tr>";
}
echo"</table></div>";
}
?>
Solved the issue by adding in a matchingcompanies field before and setting it to an exceeding long string with lots of OR's, i will limit the search to only start after 3 characters inputed so the string return is not so large.
//SELECT Search mysql Query
$matchingcompanies = "";
foreach($arrayk as $id)
{
$matchingcompanies .= "'" . $id . "' OR ";
}
$matchingcompanies = substr($matchingcompanies,0,strlen($matchingcompanies)-4);
$query1 = "SELECT * FROM IPV4_linked WHERE `companyId` = (" . $matchingcompanies . ") OR concat(ipv4Address, ipv4Subnet, hostName, owner, siteName) like '%" . $search . "%'";
$view4 = mysqli_query($conn, $query1);
My application allows searching of articles. So when a user enters the string "articlex" the query works & results are show but when multiple words are entered "articlex articley" the query shows no results.
Cuurently I'm using this query
$querySub = 'SELECT * FROM table WHERE (col1 LIKE "%'.$search_string.'%") OR (col2 LIKE "%'.$search_string.'%") OR (col3 LIKE "%'.$search_string.'%")';
Where $search_string only contains the input by user
How can I make the query applicable for multiple words as well?
Example for PDO
/* Assume $pdo is already prepared as PDO instance. */
// search query split by spaces
$user_input = 'foo bar baz';
// create string for PDO::prepare()
$sql = 'SELECT * FROM testTable WHERE ';
$wheres = $values = array();
foreach (array_filter(explode(' ', $user_input), 'strlen') as $keyword) {
$wheres[] = 'col1 LIKE ?';
$values[] = '%' . addcslashes($keyword, '%_\\') . '%'; // this is escape for LIKE search
}
$sql .= $wheres ? implode(' OR ', $wheres) : '1';
// bind values and execute
$stmt = $pdo->prepare($sql);
$stmt->execute($values);
Example for mysql_** functions (deprecated)
/* Assume $link is already prepared as MySQL resource. */
// search query split by spaces
$user_input = 'foo bar baz';
// create string for mysql_auery()
$sql = 'SELECT * FROM testTable WHERE ';
foreach (array_filter(explode(' ', $user_input), 'strlen') as $keyword) {
$wheres[] = 'col1 LIKE ' . mysql_real_escape_string(
'%' . addcslashes($keyword, '%_\\') . '%',
$link
);
}
$sql .= !empty($wheres) ? implode(' OR ', $wheres) : '1';
// execute
$result = mysql_query($sql, $link);
While using variables for like query, you could use
Select * from table where keyword LIKE '%{$to_be_searched}%'
You can use REGEXP for this perpose .....or if you want multiple word search then you need to explode search string by space and then search this string from table using LIKE
if you search "articlex articley" then it will search whole word in LIKE operator
use only one "%" at the end. like
$querySub = SELECT * FROM table WHERE (col1 LIKE '$search_string%'");
This will search for both "articlex" and "articley"
1: This will be return should record
select * from products where title like "%word1%" or
title LIKE "word2";
note: if you have so many word then use dynamic query generator which generate title like "%word3%" or title like"%word4%" or ........
2: This will be return must records
select * from products where title like "%word1%word2%word3%";
I have a search script that retrieves an integer from one table and uses it to search through the IDs of a 2nd table. My issue is if the integer in Table1 appears more then once, I get duplicate results when querying Table2.
Does anyone know a way to use SQL or PHP so that if a row is already displayed it will skip it? Thanks
My code is rather convuleted but here it is if it helps:
//TV FILTERS
$sql = 'SELECT * FROM `table1`';
$where = array();
if ($searchlocation !== 'Any') $where[] = '`value` LIKE "%'.$searchlocation.'%"';
if ($searchmake !== 'Any') $where[] = '`value` LIKE "%'.$searchmake.'%"';
if ($searchtype !== 'Any') $where[] = '`value` LIKE "%'.$searchtype.'%"';
if (count($where) > 0) {
$sql .= ' WHERE '.implode(' OR ', $where);
} else {
// Error out; must specify at least one!
}
$tvqresult = mysql_query($sql);
$num_rowstvq = mysql_num_rows($tvqresult);
while ($rowtvq = mysql_fetch_array($tvqresult)) {
$contid = $rowtvq['contentid'];
//MAIN QUERY
$mainsql = 'SELECT * FROM `table2` WHERE `content` LIKE "%' . $searchterm . '%" AND `id` = ' . $rowtvq['contentid'] . ' AND `template` = 12';
$resultmain = mysql_query($mainsql);
$num_rowsmain = mysql_num_rows($resultmain);
if (!$resultmain) {
continue;
}
else {
while ($row = mysql_fetch_array($resultmain )) {
echo "[!Ditto? &parents=`134` &documents=" . $row['id'] . "&tpl=`usedtempchunk`!]";
}//END MAIN LOOP
}//END MAIN ELSE
}//END TV WHILE LOOP
You only seem to use the contentid column from your first query, so you could change it to:
$sql = 'SELECT distinct contentid FROM `table1`'; // rest would be the same
which would mean that no duplicates will be retreived saving you any hassle in changing your second set of code.
If you are using other columns from the first query somewhere else in your code, you can still fetch more columns with this method as long as there are no duplicate IDs:
$sql = 'SELECT distinct contentid, contentTitle, contentThing FROM `table1`';
If you have to have repeated IDs in your original query, I think you will have to store the data in a variable (like an array) and then make sure that the second dataset isn't repeating anything.
It sounds like you're only looking for 1 row, if so, then at the end of your SQL, simply add LIMIT 1. That'll ensure you only return 1 row, thereby ignoring any duplicate matches.
I'm currently coding a simple search script in PHP that requires three variables from the user namely:
$Capacity, $Location and $RoomType
Capacity is a required field which the jquery validate plugin checks for numerical entry on input - but Location and RoomType are optional.
I'm trying to now draft a SQL query that will search the table rooms.
There are three columns in the table also called Capacity, Location and RoomType that I want to search using the variables.
How would I write this SQL query? Especially with $Capacity being required, $Location / $RoomType expected to be left blank or filled in at the users discretion?
You could use LIKE ...% in your sql query, so that even when blank, it'll be treated as a wildcard.
$q = 'SELECT * FROM foo WHERE capacity = "'.$capacity.'" AND location LIKE "'.$location.'%" AND roomtype LIKE "'.$roomtype.'%"';
Of course, remember to escape the inputs.
Something like this should work:
function BuildSearchQuery($Capacity, $Location, $RoomType)
{
$where = array();
if (!empty($Capacity))
{
$where[] = "Capacity = '" . mysql_real_escape_string($Capacity) . "'";
}
if (!empty($Location))
{
$where[] = "Location = '" . mysql_real_escape_string($Location) . "'";
}
if (!empty($RoomType))
{
$where[] = "RoomType = '" . mysql_real_escape_string($RoomType) . "'";
}
if (empty($where))
{
return false;
}
$sql = "select * from `table` where ";
$sql += implode(" AND ", $where);
return $sql;
}
Although nowadays many frameworks exists that allow you to do this more easily and less error-prone than manually crafting queries.
$query =select * from table where Capacity =$Capacity
if(isset($Location) && $Location!='') $query.= and Location LIKE '%$location%'
if(isset($RoomType) && $RoomType!='') $query.= and RoomType LIKE '%$RoomType%'
Making use of LIKE or = operator in query is upto you.
Depend on how complex it is (and or not ???)
But basically
Select ... From Rooms Where Capacity = #Capacity
and ((Location = #Location) Or (IsNull(#Location,'') = ''))
and ((RoomType = #RoomType) or (IsNull(#RoomType,'') = ''))
Or some such.
If you aren't using parameterised queryies then replace #.... with the escaped inputs.
I'm trying to build a query using php and mysql,
$query = "select * from products where product_name = '$item_name'";
this works when $item_name holds only one name, but $item_name is an array and based on the user's interaction can contain multiple names, how can I make the query to run for multiple name and get the resulted rows.
Thanks in advance
Here's how you could build a safe list of names for inserting into an IN clause...
if (is_array($names) && count($names))
{
$filter="('".implode("','" array_map('mysql_real_escape_string', $names))."')";
$sql="select * from products where product_name in $filter";
//go fetch the results
}
else
{
//input was empty or not an array - you might want to throw an
//an error, or show 'no results'
}
array_map returns the input array of names after running each name through mysql_real_escape_string to sanitize it. We implode that array to make a nice list to use with an IN clause.
You should always ensure any data, particularly coming directly from the client side, is properly escaped in a query to prevent SQL injection attacks.
$vals = implode(',',$item_name);
$query = "select * from products where product_name in (".$vals.");";
Give that a try.
$query = "select * from products where product_name in(";
foreach($item_name as $name)
{
$query .= "'" . $item_name . "', ";
}
$query = substr($query, 0, strlen$query) - 2);
$query .= ");";
First answer (by inkedmn) is really the best one though
foreach($item_name as $name) {
$query = "select * from products where product_name = '$name'";
//whatever you want to do with the query here
}
something like that ought to do it.
Based on inkedmn's response (which didn't quote the item names):
$query = 'select * from products where product_name in ("' . implode('", "', $item_name ) . '")';
Although you may be better with a fulltext search.
http://dev.mysql.com/doc/refman/5.1/en/fulltext-search.html