Flexigrid is a nice jQuery grid, and pretty customizable, but the quick search feature only allows for exact searches (as far as I can tell). Anybody know a fix or workaround for this? I've tried adding wildcard characters to the "p.query" string, but no luck.
FYI: This is for use with a MySQL database and PHP, so the wildcard I tried to add was '%'.
Here's the "doSearch" function in the flexigrid.js:
doSearch: function () {
p.query = $('input[name=q]', g.sDiv).val();
p.qtype = $('select[name=qtype]', g.sDiv).val();
p.newp = 1;
this.populate();
},
Thanks for the help!
The best answer I could devise on my own was changing the SQL query on the PHP side to have a LIKE clause instead of an EQUAL TO clause, using the appropriate wildcard character "%".
I was hoping to find a javascript/jQuery wildcard on the client end that would be appended to the search string, but my search didn't turn up any answers for that.
The line I changed in the PHP script is as follows:
$searchSql = ($qtype != '' && $query != '') ? "where $qtype like CONCAT('%','$query','%') and UserID = $id" : "where UserID = $id";
instead of:
$searchSql = ($qtype != '' && $query != '') ? "where $qtype = '$query' and UserID = $id" : "where UserID = $id";
Best of luck!
Related
1) I have url like this :
http://example.com/post.php?id=1234
And inside : my article
2) but for this url
http://example.com/post.php?1234somewords
It's also work, i see my article
3) and for this url
http://example.com/post.php?somewords
I have good 404 page error
Question is : how could i have 404 error for the 2) url ?
(alternative question : how could i redirect "1234somewords" to "1234" ?)
php mysql query inside post.php is :
require_once('conn_sql.php');
$post = $_GET['post'];
$nQuery = mysqli_query($conn, "SELECT * FROM `post` WHERE post_id = '$post'");
$res = mysqli_fetch_array($nQuery);
It seems that the query "post=1234somewords" works, and this is not what i want.
however, if i search "post=1234somewords" in phpmyadmin, this not works, and this is what i want !
What is the problem with my code ?
this happen because mysql use the beginning part of the string as a valid id .. (this i related to the implic data conversion performed by mysql) you should check if your parameter are valid number before perform the query
you could try removing the not numeric value from the string
$result = preg_replace("/[^0-9]/", "", $_GET['post']; );
if (is_numeric( $result)) {
$nQuery = mysqli_query($conn, "SELECT * FROM `post` WHERE post_id = '$post'");
$res = mysqli_fetch_array($nQuery);
} else {
......
}
This is my first post,so i will do my best to be clear.
Here is my question :
suppose you have a var that contain an operator :
For example, $var = "<=";
And you are tempted to do this :
$query = "SELECT * FROM table WHERE".$attr." ".$var." ".$value;
(where $value is an integer),
Am i allowed to do this ?
If yes,
i have tried the same thing in my PHP script but it doesn't work ! (except for $var = "=") although it did work in phpmyadmin.
(My code is little bit long, but if you want i can post it).
I really appreciate any help.
You don`t have any space between WHERE and $attr, you will perhaps get your wanted effect by doing this:
$query = "SELECT * FROM table WHERE ".$attr." ".$var." ".$value;
Or just
$query = "SELECT * FROM table WHERE $attr $var $value";
Try to echo $query to the browser, and copy&paste that into phpmyadmin.
I'm trying to create a dynamic search query, based on the user input.
Requirements:
A user could fill in none, some, or all fields.
The query searches in a table for a record that matches all the requirements.
Now I have done my research, and I found out multiple ways on doing this. But none of them work, and if they do, they are far from practical.
Attempt:
At the moment I'm creating a query like this:
SELECT *
FROM assignments
WHERE (id = $id OR id = '')
AND (field1 = $field1 OR field1 = '')
This query works, but only if you fill in all the fields.
I got this from a stackoverflow article, that I can't find anymore, that said:
If the user has filled in an input field it will check the first rule
"id = $input"
and if the user hasn't specified any input it will check for "id = '' " and when it
checks for that, it will just return everything. Because it escapes the empty search rule.
But as you might already know, it doesnt work..
How would you suggest me to approach this?
Try getting all of the post vars and looping through them to see if they are valid, and then build your query
<?php
$id = $_POST[id];
$field1 = $_POST[field1];
$field2 = $_POST[field2];
$field3 = $_POST[field3];
$whereArr = array();
if($id != "") $whereArr[] = "id = {$id}";
if($field1 != "") $whereArr[] = "field1 = {$field1}";
if($field2 != "") $whereArr[] = "field2 = {$field2}";
if($field3 != "") $whereArr[] = "field3 = {$field3}";
$whereStr = implode(" AND ", $whereArr);
$query = "Select * from assignments WHERE {$whereStr}";
Something like that should handle what you need
You should start with a string like yours up to the WHERE statement, then after that you loop through all the fields the user wants to search with and add them to an array, then use the PHP function "implode" to glue the fields together with an AND statement as "glue".
Now add on the glued string to the startquery and voila!
I'd give example but on phone atm!
Building the query dynamically based on the responses is definitely a must. But another nice feature that allows users to find results based on even partial responses is using a MySQL REGEXP query. So for instance, if they wanted to find "maverick" in a Top Gun database, a query REGEXP = 'mav' | 'rick' would return results. This brings your search much closer to the search engine functionality that users are accustomed to.
Here's a REGEXP example, simplified.
I am trying to create a PHP file to help search a table built in MySQL from a webpage. I have built the form, which allows the user to enter keywords into two of the search criteria and a drop-down menu for the third. However, I am having trouble with the PHP file itself. I have appeared to do something wrong and cant quite figure out what is going wrong. If anyone can spot an error in the code below I'd really appreciate the help.
Thanks.
// define variables and set to empty values
$Location = $Commemorating = "";
if (isset($_GET['Region']) && !empty($_GET['Region']))
{
$Region_name = $_GET['Region'];
if (empty($_GET["Location"]))
{
$Location = "";
}
else
{
$Location = ($_GET["Location"]);
}
if (empty($_GET["Commemorating"]))
{
$Commemorating = "";
}
else
{
$Commemorating = ($_GET["Commemorating"]);
}
$query = "SELECT Monument,
Location,
Commemorating,
Region,
FROM MONUMENTS
WHERE Region = '$Region'";
//..if a location is specified run this query
if ($Location != "")
{
$query .= " AND Location LIKE '%$Location%'";
}
//..and if a name is entered run this query
if ($Commemorating != "")
{
$query .= " AND Commemorating LIKE '%$Commemorating%'";
}
//..and if a region is specified run this query
if ($Region != "All")
{
$query .= " AND Region LIKE '$Region'";
}
$query_run = mysql_query($query);
}
$query = "SELECT Monument,
Location,
Commemorating,
Region,
Looks like you should strip list comma in field list from the query:
$query = "SELECT Monument,
Location,
Commemorating,
Region
Like this.
There is a bit misunderstanding since you check is Region is not empty, then query for items in given Region and then add another cause in case of Region is not 'All'. So if I run your code with Region = 'All' then the query will return only the items that have Region set to 'All', which sounds a bit odd (I'd say monuments are at a single region, isn't it?).
You also use LIKE while may simple use = since you add sibgle quotes (') around strings so it won't give you any 'wildcard' match but slow down the query. Another thing to do is to do some mysql escape function to be sure you won't get SQL code in one of your GET query.
May I also suggest to short your code a bit:
$Region_name = isset($_GET['Region']) ? trim($_GET['Region']) : '';
if ($Region_name) {
$Location = isset($_GET['Location']) ? trim($_GET['Location']) : '';
$Commemorating = isset($_GET['Commemorating']) ? trim($_GET['Commemorating']) : '';
$query = sprintf("SELECT
Monument,
Location,
Commemorating,
Region
FROM MONUMENTS
WHERE 1=1%s%s%s",
$Region!='All' ? "AND Region='".mysql_real_escape_string($Region)."'",
$Location ? "AND Location='".mysql_real_escape_string($Location)."'",
$Commemorating ? "AND Region = '".mysql_real_escape_string($Region)."'",
);
...etc...
I add 1=1 so I can easily add AND to the following causes without worry.
Use $Region_name instead of $Region in your query. I see you depend on user input (via $_GET). Make sure you sanitize user input: https://stackoverflow.com/a/3126175/1071063
I am trying to put together an MySql query that will return results based on values passed from php. However, the code I am using is throwing an error of 'unknown column in' and then the name of the value in the var $query1. I have obviously gone wrong somewhere and would appreciate some guidance as to correct the error.
I have posted only the relevant code, but would happy to post more if required. Just need to check the error in my statement.
Many thanks.
$searchSql = ($qtype != '' && $query != '' && $query1 != '') ? "WHERE ".$qtype." LIKE '%".$query."%' AND customer = ".$query1."" : '';
Could possibly be due to a missing single-quote around your second criteria:
AND customer = ".$query1.""
Should potentially be:
AND customer = '".$query1."'"
If $query1 is text.