I have a form where a user can type in the firstname to search, my query is not returning the correct results, what am I doing wrong?
$sfn = $_POST["Text1"];
$sql = "SELECT * FROM ex_usrs WHERE firstname LIKE '$sfn'";
...
Maybe you should add %-signs to your keyword like this:
$sql = "SELECT * FROM ex_usrs WHERE firstname LIKE '%$sfn%'";
Your query will only return rows where firstname is equal to $_POST["Text1"]. When you use LIKE you can use a wildcard (%) to represent any number of characters.
This will find rows where firstname starts with $_POST["Text1"].
SELECT * FROM ex_usrs WHERE firstname LIKE '$sfn%'
This will find rows where firstname ends with $_POST["Text1"].
SELECT * FROM ex_usrs WHERE firstname LIKE '%$sfn'
This will find rows where firstname contains $_POST["Text1"].
SELECT * FROM ex_usrs WHERE firstname LIKE '%$sfn%'
Note: Never use variables from $_POST without escaping them first. What if I searched for "O'Neil" (or worse "'; DROP TABLE ex_users; -- ")?
You should use %searchterm% - include the % wildcards.
$sql = "SELECT * FROM ex_usrs WHERE firstname LIKE '%$sfn%'";
It should be
"SELECT * FROM ex_usrs WHERE firstname LIKE '%$sfn%'"
Related
Currently I have a query that searchs for sentences/words, it works almost as expected,
I have a regex expresion that searches for names in a table, expample:
function getNames($str){
$stmt = "SELECT * FROM users WHERE name = :name
OR name REGEXP :reg1
OR name REGEXP :reg2
OR name LIKE :lik1";
$query = self::$connection->prepare($stmt);
$query->execute(array(":name"=>$str,
":reg1"=>"^$str" . "[a-zA-Z\s]*$",
":reg2"=>"^[a-zA-Z]*[\s]*[$str][a-zA-Z]"
":lik1"=>"%" . $str . "%"
));
return $query->fetchAll(PDO::FETCH_ASSOC);
}
Let's suppose my table contains the following values
Bob
Peter
Mark
David
John
If I run my query with Bob as $name value it gets it but I would like to be able to find Bob when I run the query using BobsomeLettersExtra or Bob something as $name value
Is there a way to do this using REGEXP or LIKE ?
SELECT * FROM users WHERE name LIKE '%".$name."%'
above query should be enough to get the result. You should validate data before you enter data to the table if not please use the regex as well
"SELECT * FROM users WHERE name LIKE '%".$name."%' AND REGEXP ^".$name."[a-zA-Z]*$"
UPDATE
sorry if i have misunderstand the question please try this
"Select * from users WHERE '".$name."' LIKE CONCAT(name , '%')"
You may try below Query with where Clause for LIKE :
"SELECT * FROM users WHERE name = ".$name." OR name LIKE '%".$name."%' OR name REGEXP ^".$name."[a-zA-Z]*$"
In my table, I have a column that it has a set of users id. its name is users_id.
each id separated with a comma(,).
ex : users_id = '1,2,3,4,5';
if I passed $id=1 to my function, how can I using where statement ?
function($id){
$sql = "select * from content_noti
where ??????"
}
You can add a leading and a trailing , in the field value in DB.
e.g.
Change
1,2,3,4,5
to
,1,2,3,4,5,
So that every Id has leading and trailing comma ,
Now, update the function body:
function($id){
$sql = "select * from content_noti
where users_id LIKE '%,$id,%'"
}
In this case you don't have any possibility of mistake as if you search user id 1 then you will get only 1 and not 11 or 111 or 1343.
Working Demo
if you have multiple ids than it would be better to use IN with query
$sql = "select * from content_noti where id IN (?)"
if you are looking for reverse than use find_in_set
$sql = "select * from content_noti where FIND_IN_SET(?, id)";
You can use regular expressions in mysql:
function($id){
$sql = "SELECT * FROM content_noti WHERE users_id REGEXP '(^|,)" . $i . "($|,)'";
}
SELECT * from content_noti where users_id = "1" OR users_id = LIKE '%1,%' OR users_id = LIKE '%,1%'
Storing multiple chunks of data as a single comma seperated colum is really poor design for databases and if at all possible you should look into normalizing this by making a coupling table and joining on that.
The performance of the above query will be terrible and it'll be hard to maintain.
Trying to write a funny query, don't know if it's possible.
$sql = "SELECT * FROM users WHERE Type = '1' ";
$sql .= "WHERE FirstName LIKE '%$searchq%' or LastName LIKE '%$searchq%'";
So selecting all from users from the column with type 1, and the concatenated part is whatever which has been entered in the search box. is this even possible? Or do I have to write up two different querys?
Help is much appreciated.
Just use parenthesis to organize your WHERE statements:
$sql = "SELECT * FROM users WHERE Type = '1'
AND (FirstName LIKE '%$searchq%' OR LastName LIKE '%$searchq%')";
How can I select a row in my MySQL DB where the value of a column contains 'XcodeDev' for example?
I tried:
SELECT * FROM Accounts WHERE Username LIKE '$query'
But it only selects a row were the Username value is exactly the same to the query.
What can I do to achieve what I want?
Use the % wildcard, which matches any number of characters.
SELECT * FROM Accounts WHERE Username LIKE '%query%'
This should work:
SELECT * FROM Accounts WHERE Username LIKE '%$query%'
My suggestion would be
$value = $_POST["myfield"];
$Query = Database::Prepare("SELECT * FROM TABLE WHERE MYFIELD LIKE ?");
$Query->Execute(array("%".$value."%"));
SELECT * FROM Accounts WHERE Username LIKE '%$query%'
but it's not suggested. use PDO
I've got a table of first names and last names.
I'm trying to make a jQuery instant search on an input, in order to find very quickly and precisely a person in a huge list of people.
When the first word is entered in the input, it might be the first name or the last name.
I do this : SELECT * FROM myTable WHERE firstName LIKE %content% OR lastName LIKE %content%
When two words are entered, it might be:
* the full firstname and a bit of the lastname
* the full lastname and a bit of the firstame
So I tried this query : SELECT * FROM myTable WHERE (firstName = content1 AND lastName LIKE %content2%) OR ( lastName = content1 AND firstName LIKE %content2%)
Unfortunately parenthesis seems to do nothing, and the query is not interpreted this way, I've got a lot of results, basically produced by the two LIKE %% condition
Anyone had deal with this before and could give me a hand?
Thanx
If one of the words is going to be the full first name of the full last name, while the other word is a partial of the other, why don't you split up the words first? Then you'd pass in two paramaters and have:
SELECT
*
FROM
myTable
WHERE
(
firstName = %content1%
AND lastName LIKE %content2%
) OR (
lastName = %content1%
AND firstName LIKE %content2%
)
I believe you are going to need to split the two words entered and use them indepenently in your query.
It would probably work this way (assuming that the two words are in the content variable):
SELECT ... WHERE
CONCAT(firstName, " ", lastName) LIKE content%
OR CONCAT(lastName, " ", firstName) LIKE content%
however this approach would not be very efficient (no index usage). I would split the two words into two variables (word1, word2) and make it something like:
SELECT ... WHERE
(firstName = word1 AND lastName LIKE word2%)
OR (lastName = word1 AND firstName LIKE word2%)
SELECT * FROM myTable WHERE
(firstName = 'content1' AND lastName LIKE content2%)
OR
(lastName = 'content1' AND firstName LIKE content2%)
When two words are entered, it might
be: * the full firstname and a bit of
the lastname * the full lastname and a
bit of the firstame
If it is ALL of (exact match) the first or last name, then the = test seems correct. Just in case it is an error in the PHP part, this is how it should look like.
$qry = '
SELECT * FROM myTable
WHERE (firstName = content1 AND lastName LIKE '%".mysql_real_escape_string(content2)."%')
OR ( lastName = content1 AND firstName LIKE '%".mysql_real_escape_string(content2)."%')';
If it is a bit of both, then you need the wildcard twice
$qry = '
SELECT * FROM myTable
WHERE (firstName LIKE '%".mysql_real_escape_string(content1)."%' AND lastName LIKE '%".mysql_real_escape_string(content2)."%')
OR ( lastName LIKE '%".mysql_real_escape_string(content1)."%' AND firstName LIKE '%".mysql_real_escape_string(content2)."%')';