I am running problems in implementing LIKE in PDO
I have this query:
$query = "SELECT * FROM tbl WHERE address LIKE '%?%' OR address LIKE '%?%'";
$params = array($var1, $var2);
$stmt = $handle->prepare($query);
$stmt->execute($params);
I checked the $var1 and $var2 they contain both the words I want to search, my PDO is working fine since some of my queries SELECT INSERT they work, it's just that I am not familiar in LIKE here in PDO.
The result is none returned. Do my $query is syntactically correct?
You have to include the % signs in the $params, not in the query:
$query = "SELECT * FROM tbl WHERE address LIKE ? OR address LIKE ?";
$params = array("%$var1%", "%$var2%");
$stmt = $handle->prepare($query);
$stmt->execute($params);
If you'd look at the generated query in your previous code, you'd see something like SELECT * FROM tbl WHERE address LIKE '%"foo"%' OR address LIKE '%"bar"%', because the prepared statement is quoting your values inside of an already quoted string.
Simply use the following:
$query = "SELECT * FROM tbl WHERE address LIKE CONCAT('%', :var1, '%')
OR address LIKE CONCAT('%', :var2, '%')";
$ar_val = array(':var1'=>$var1, ':var2'=>$var2);
if($sqlprep->execute($ar_val)) { ... }
No, you don't need to quote prepare placeholders. Also, include the % marks inside of your variables.
LIKE ?
And in the variable: %string%
$query = "SELECT * FROM tbl WHERE address LIKE ? OR address LIKE ?";
$params = array("%$var1%", "%$var2%");
$stmt = $handle->prepare($query);
$stmt->execute($params);
You can see below example
$title = 'PHP%';
$author = 'Bobi%';
// query
$sql = "SELECT * FROM books WHERE title like ? AND author like ? ";
$q = $conn->prepare($sql);
$q->execute(array($title,$author));
Hope it will work.
Related
First of all I want to excuse me for any english mistakes that might be in my texts, in fact it is not my mother language so it's not really perfect... Anyways:
I am using a table for search tags which contains all search tags and a unique name they belong to. For the actual search query, I use REGEXP (the query is written in PDO style). The user has to type in the search keywords seperated with a comma.
As I executed several tests I noticed that the shown results are depending on the order of the typed in words and the order the search tags are stored in the seach tags table.
My question is: How can I execute a query using REGEXP which does ignore the order of the words?
Till now the actual query is pretty simple:
$search = explode(',', htmlentities($_POST["search"]));
$search = implode('|', $search);
$stmt = $db->prepare("SELECT name FROM blablabla WHERE name REGEXP :search");
$stmt->bindValue(":search", $search, PDO::PARAM_STR);
Thanks!
I am sorry, but I do not know, wether this is possible, at least in a performant way.
I would try to achieve it like that:
$search = explode(',', htmlentities($_POST["search"]));
$sql = 'SELECT name FROM blablabla ';
$query = array();
$parts = array();
foreach($search as $value) {
$query[] = 'name LIKE ?';
$parts[] = '%' . $value . '%';
}
$sql .= ' WHERE ' . implode(' OR ', $query); //Or use logical AND. Just what suits you
$stmt = $pdo->prepare($sql);
$stmt->execute($parts);
After reviewing this SO, I am having some trouble using prepared statements.
I have added the following to my db connection:
$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
And here are my query statements:
$query = "SELECT schedules.schedule_name, users.name, schedules.schedule_id
FROM schedules
INNER JOIN users
ON schedules.admin_id=users.user_id
WHERE schedules.schedule_name
LIKE '%:search%'
ORDER BY schedules.schedule_name";
$stmt = $db->prepare($query);
$result = $stmt->execute(array('search' => $search_string));
$search_results = $stmt->fetchAll();
As you can see in the LIKE, I am trying to replace :search when the query is executed but it does not seem to be replaced.
When you do a parameterized query, it is not simply a string replace, and you don't surround it with singlequotes:
$query = "SELECT schedules.schedule_name, users.name, schedules.schedule_id
FROM schedules
INNER JOIN users
ON schedules.admin_id=users.user_id
WHERE schedules.schedule_name
LIKE :search
ORDER BY schedules.schedule_name";
But you want to have % wildcards around the term right? Add them when you inject it:
$result = $stmt->execute(array('search' => '%' . $search_string . '%' ));
I want to create a search query on MySQL database that will consist of 5 different strings typed in from user. I want to query 5 different table columns with these strings.
When I for example have input fields like:
first name, last name, address, post number, city.
How should I query the database that I dont always get all the rows.
My query is something like this:
SELECT user_id, username
from users
where
a like %?% AND
b like %?% AND
c like %?% AND
d like %?% AND
e like %?%;
When I exchange the AND for OR I always get all the results which makes sense, and when I use AND I get only the exact matches...
Is there any function or statement that would help me with this?
EDIT
The code I use is:
$sql = "select users.user_id, first_name
from users
inner join user_normal_aos
on users.user_id = user_normal_aos.user_id
inner join normal_areas_of_expertise
on user_normal_aos.normal_areas_of_expertise_id = normal_areas_of_expertise.normal_areas_of_expertise_id
where
users.first_name like ? AND
users.kanzlei like ? AND
normal_areas_of_expertise.normal_aoe like ? AND
users.postcode like ? AND
users.city like ?";
$query = $this->db->query($sql,
array(
'%'.$lawyer_name.'%',
'%'.$kanzlei.'%',
'%'.$area_of_expertise.'%',
'%'.$post_code.'%',
'%'.$city.'%')
);
For example use PHP to adjust your query based on what fields you have entered.
$where = array();
$replacements = array();
/* you can also compare if string is not null or not empty...
this is just example using isset */
if (isset($lawyer_name)) {
$where[] = 'users.first_name like ?';
$replacements[] = '%'.$lawyer_name.'%';
}
/* repeat this if again for all your fields .... */
$sql = "..... where ".implode(' AND ', $where);
$query = $this->db->query($sql,
$replacements
);
Allright, i see that without 1st line, the second query will not work. But I don't understand why. Why its not working without SET? What set does mean ?
$query = "update messages set $name=$name+1 where id='$idd'";
$db->setQuery( $query );
$db->query( $query ) or die('blogai');
$query2 = "select up,down from messages where id='$idd'";
$db->setQuery( $query2 );
$db->query( $query2 ) or die('blogai');
Check your sql request in your database query editor :
select up,down from messages where id='yourValue'
Quick question: How do I mysqli_escape_string a variable enclosed in a like clause?
"SELECT * FROM table WHERE name LIKE '%". %s . "%'"
or
"SELECT * FROM table WHERE name like '%"."%s"."%'"
don't work.
Thanks!
$value = mysql_real_escape_string($_POST["terms"]);
$query = "SELECT * FROM table WHERE name LIKE '%".$value."%'";
Or you could acheive this with sprintf like this:
$query = sprintf("SELECT * FROM table WHERE name LIKE '%s'", "%".$value."%");