transfer several parameters from a form into SQL query - mysql

i am working on a table that includes a filter function.
For the filter i use a form where i enter the parameters.
Those are added to a string which is my SQL query.
So far it works fine.
There is oine input field where multiple parameters canbe added.
The plan is to seperate them with ; .
For example 520;521;522
My plan was to use str_replace to convert this in to sql Code.
For example
$str = str_replace(";", "" OR ", "520;521;522");
Results in to:
SELECT * FROM MaschinenVorgangslisteMitHV WHERE (VorgangNr LIKE '%520%' or '%522%' or '%523%')
But some how this code does not show the expected results.
I only get results for '%520%'
How do i need to adjust this query in order to have the sql query working?
$str = str_replace(";", "" OR ", "520;521;522");
Results in to:
SELECT * FROM MaschinenVorgangslisteMitHV WHERE (VorgangNr LIKE '%520%' or '%522%' or '%523%')
In another input field i search for names.
Here the query looks like this...
SELECT * FROM MaschinenVorgangslisteMitHV WHERE (Bearbeiter LIKE '%Heine%' OR Bearbeiter LIKE '%Wolf%' OR Bearbeiter LIKE '%Maiwald%')
This works fine!

The multiple like should be written as,
SELECT *
FROM MaschinenVorgangslisteMitHV
WHERE VorgangNr REGEXP '520|522|523';

I believe you need to add VorgangNr LIKE after every OR.

Related

How a Mysql "LIKE" Function looks like?

I want to modify my search and thus want to create a function in MySQL. I have been using the "like" function till now. Is it possible to see the script/code for the "like" function in MySQL so that I could get the basic idea of how it works etc.?
I searched a lot on google but could not get the answer.
The Like function searches for a particular column name, then returns matches similar to the LIKE search string given.
Here is a simple example:
$search_text='text';
$sql = "SELECT * FROM TableName WHERE field_name LIKE '%search_text'%';

Using PDO and LIKE not working, why?

I'm using PDO to connect to MySQL. Everything is working fine, except this doesn't work.
Does anyone knows why? And how should i do it?
SELECT * FROM flagIt WHERE :flagids LIKE CONCAT('%', flagIt.flagIt_id, '%')
:flagids is equivalent to a string like "ID1 ID2 ID3".
EDIT (just to compare)
SELECT * FROM flagIt WHERE 'ID1 ID2 ID3' LIKE CONCAT('%', flagIt.flagIt_id, '%)
If i use like this, it works fine, so...why it does not work with :flagids?
I hope you understand my problem.
Thank you very much.
EDIT
I tried:
"SELECT * FROM flagIt WHERE flagIt.flagIt_id IN(:flagids)"
and as Hobo Sapiens suggested
"SELECT * FROM flagIt WHERE FIND_IN_SET(flagIt.flagIt_id, :flagids)"
and nothing works!!!!!!!!!
This is the query you're submitting to PDO::prepare():
SELECT * FROM flagIt WHERE :flagids LIKE CONCAT('%', flagIt.flagIt_id, '%')
The process of preparing a statement doesn't just involve evaluating the contents of the placeholders, substituting them in a string and executing the resulting query.
A prepare asks the server to evaluate the query and prepare an execution plan that includes the table and indexes it will use. For that it needs to know which columns of which tables it must work with, which is why one cannot use a placeholder where you would need an identifier.
The problem with your query is that the server has no way to know at the time it prepares the statement whether the placeholder represents a string literal or a column identifier. Without that information, the preparation cannot be done, and your prepare will fail.
If you have some flexibility over the value you're using in :flagids you could use find_in_set():
SELECT * FROM flagIt WHERE find_in_set(flagIt_id, :flagids)
where a variable containing, for example, 'ID1,ID2,ID3' is bound to :flagids.
This will be fine for small lists, but will be slow for a large list.
MySQL reference for find_in_set()

FullText search with additional where

I'm having trouble working with the match against functionality of MySQL.
I converted my table and a simple query like:
SELECT * FROM 'objectclient_objecten' WHERE MATCH('dh_omschrijving) AGAINST ('these search words');
works! But.. i want to add other "where" elements. Something like:
SELECT * FROM 'objectclient_objecten' WHERE MATCH('dh_omschrijving) AGAINST ('these search words') AND `dh_status` = 1;
But then.. No results. It seems impossible to add something after using match. Is this right? Or is there a workaround?
try that
SELECT * FROM 'objectclient_objecten' WHERE MATCH(dh_omschrijving) AGAINST ('these search words') AND `dh_status` = 1;
^^^^^^^^^^^^^^^^^---without quotes here
MATCH(here columns without quotes) , you are using column between quote.

How to use a LIKE query with CodeIgniter?

I want to run a query like this:
SELECT * FROM table WHERE field LIKE '%search_term%'
In CI you can bind parameters to queries, if you used field=? but this does not work for field LIKE "%?%". From debugging output it seems the query used is field LIKE "%'search'%".
Is there an alternative way to do searching in CodeIgniter?
You can use this query:
SELECT * FROM table WHERE field LIKE ?
And bind with %search% instead of search.
You should be aware that this query will be slow in MySQL. You might want to look at free-text search instead (Lucene, Sphinx, or MySQL's built-in free-text search functions).
this is active record class for codeigniter
$this->db->select('*');
$this->db->like('columnname','both');
$query=$this->db->get("tablesname");
$result=$query->result_array();
if(count($result))
{
return $result;
}
else
{
return FALSE;
}
You should try this..I think its help you..
both means %columnname%,
before means %columnname,
after means columnname%
$search_term=$this->input->post('textboxName');
$search_term="%".$search_term."%";
$sql="SELECT * FROM table WHERE field LIKE ? ";
$query=$this->db->query($sql,array($search_term));
$res=$query->result();
what i can understand CI is adding quotes, pass FALSE as third parameter while binding to prevent CI adding quotes.

Combine 'like' and 'in' in a SqlServer Reporting Services query?

The following doesn't work, but something like this is what I'm looking for.
select *
from Products
where Description like (#SearchedDescription + %)
SSRS uses the # operator in-front of a parameter to simulate an 'in', and I'm not finding a way to match up a string to a list of strings.
There are a few options on how to use a LIKE operator with a parameter.
OPTION 1
If you add the % to the parameter value, then you can customize how the LIKE filter will be processed. For instance, your query could be:
SELECT name
FROM master.dbo.sysobjects
WHERE name LIKE #ReportParameter1
For the data set to use the LIKE statement properly, then you could use a parameter value like sysa%. When I tested a sample report in SSRS 2008 using this code, I returned the following four tables:
sysallocunits
sysaudacts
sysasymkeys
sysaltfiles
OPTION 2
Another way to do this that doesn't require the user to add any '%' symbol is to generate a variable that has the code and exceute the variable.
DECLARE #DynamicSQL NVARCHAR(MAX)
SET #DynamicSQL =
'SELECT name, id, xtype
FROM dbo.sysobjects
WHERE name LIKE ''' + #ReportParameter1 + '%''
'
EXEC (#DynamicSQL)
This will give you finer controller over how the LIKE statement will be used. If you don't want users to inject any additional operators, then you can always add code to strip out non alpha-numeric characters before merging it into the final query.
OPTION 3
You can create a stored procedure that controls this functionality. I generally prefer to use stored procedures as data sources for SSRS and never allow dynamically generated SQL, but that's just a preference of mine. This helps with discoverability when performing dependency analysis checks and also allows you to ensure optimal query performance.
OPTION 4
Create a .NET code assembly that helps dynamically generate the SQL code. I think this is overkill and a poor choice at best, but it could work conceivably.
Have you tried to do:
select * from Products where Description like (#SearchedDescription + '%')
(Putting single quotes around the % sign?)
Dano, which version of SSRS are you using? If it's RS2000, the multi-parameter list is
not officially supported, but there is a workaround....
put like this:
select *
from tsStudent
where studentName like #SName+'%'
I know this is super old, but this came up in my search to solve the same problem, and I wound up using a solution not described here. I'm adding a new potential solution to help whomever else might follow.
As written, this solution only works in SQL Server 2016 and later, but can be adapted for older versions by writing a custom string_split UDF, and by using a subquery instead of a CTE.
First, map your #SearchedDescription into your Dataset as a single string using JOIN:
=JOIN(#SearchedDedscription, ",")
Then use STRING_SPLIT to map your "A,B,C,D" kind of string into a tabular structure.
;with
SearchTerms as (
select distinct
Value
from
string_split(#SearchedDescription, ',')
)
select distinct
*
from
Products
inner join SearchTerms on
Products.Description like SearchTerms.Value + '%'
If someone adds the same search term multiple times, this would duplicate rows in the result set. Similarly, a single product could match multiple search terms. I've added distinct to both the SearchTerms CTE and the main query to try to suppress this inappropriate row duplication.
If your query is more complex (including results from other joins) then this could become an increasingly big problem. Just be aware of it, it's the main drawback of this method.