How to convert my query to laravel? My $ID is md5
$ID = "aa8c96cf79a656e7ef095871ec061888";
$sql = "SELECT * FROM orders WHERE md5(CONCAT(`id`,`email`)) = '{$ID}' || md5(CONCAT(`code`,`email`)) = '{$ID}' ";
$order = DB::table('orders')->select(
??
);
Thanks
try something like this:
$order = DB::table('orders')->whereraw('md5(CONCAT(`id`,`email`)) = ? || md5(CONCAT(`code`,`email`)) = ?',[$ID,$ID] );
see here for more details:
https://laravel.com/docs/5.8/queries#raw-expressions
Related
I am a relative novice and could use some help with this problem.
This will be used in a search filter situation.
Users need to search by a value and 1 or more other values passed by the search form.
$name = $_POST['name'];
$sdate = $_POST['sdate'];
$startdate = $_POST['startdate'];
$enddate = $_POST['enddate'];
$vehicle = $_POST['vehicle'];
$triptype = $_POST['triptype'];
If any of these values are '' I do not want them in the query, If they contain a value I do want them in the query.
SELECT * FROM form_data WHERE `resp_person` = '$name',
IF $sdate != '' then `sdate` = '$sdate',
IF $startdate != '' then `sdate` = *all values between $startdate and $enddate*,
IF $triptype != '' then `triptype` = '$vehicle',
IF $vehicle != '' then `vehicle` = '$vehicle', `sdate`
ORDER BY `sdate` DESC, `stime` DESC")
I know the code is wrong but it should give you a good idea of what I am trying to accomplish. Any guidance would be greatly appreciated.
A better way is to not use string concatenation to build the entire query, but rather use an sql library that supports prepared statements, such as PDO.
$pdo = new PDO('... connection string ...', username, password);
$where = '';
$possible_values = array('name', 'sdate', 'startdate', 'enddate', 'vehicle', 'triptype' );
$params = array();
foreach($possible_values as $val)
{
if(isset($_POST[$val]))
{
$params[] = $_POST[$val];
if($where == '')
{
$where = "WHERE $val = ?";
}
else
{
$where .= " AND $val = ?";
}
}
}
$stmt = $pdo->prepare("SELECT * FROM form_data " . $where);
$stmt->execute($params);
In cases like this, I prefer to build the query in pieces...
$wheres = array(); // Collect things to AND together
if ($searchterm != 'All') $wheres[] = "subject LIKE '%searchterm'";
if (...) $wheres[] = "...'";
...
if (count($wheres) > 0)
$where_str = "WHERE " . implode(' AND ', $wheres);
else
$where_str = '';
$order_str = (...) ? "ORDER BY ..." : '';
$limit_str = $limit ? "LIMIT $limit" : '';
$query = "SELECT ... FROM foo $where_str $order_str $limit_str";
Oh, and don't forget to use escape the strings on any data coming in from a form -- else a user can do nasty things to the SQL statement!
$r = ca_mysql_query("SELECT MAX(ad_number) FROM `myTable` WHERE `user` = {$user_id} ");
$max = $r[0]['ad_number'];
echo $max;
It should print max ad_number but its not returning any value
wheares,
if i try query removing MAX(ad_number) its returnig field data from array.
$r = ca_mysql_query("SELECT * FROM `myTable` WHERE `user` = {$user_id} ");
$max = $r[0]['ad_number'];
is returning value for the given records
whats is wrong ?
Use an alias for you column:
SELECT MAX(ad_number) as max_ad_number FROM myTable WHERE user = {$user_id}
Then do this:
$max = $r[0]['max_ad_number']; echo $max;
See documentation from w3schools here
$r = ca_mysql_query("SELECT MAX(ad_number) AS AD_NUMBER FROM myTable WHERE user = {$user_id} ");
$max = $r[0]['AD_NUMBER'];
echo $max;
I have a sql statement where I want to get all the entry with the category of "Game" but do not want to retrieve the record with the code of "A00001".
Below is my sql code but there is an error in the where clause.
$sql1 = "SELECT * FROM productItem WHERE productName = '$name' AND skuCode != '$mySKU';";
$mySKU = 'A00001';
$sql1 = "SELECT * FROM productItem WHERE productName = '$name' AND skuCode != '$mySKU'";
You have an extra ; lurking somewhere in there. Be sure to sanitize $mySKU if it is user input and use prepared statements.
update: Using PDO:
$stmt = $dbh->prepare("SELECT * FROM productItem WHERE productName = :name AND skuCode != :mySKU");
if ($stmt->execute(array('name' => $name, "mySKU" => $mySKU))) {
$rows = $stmt->fetchAll(); //if you are sure there are records
Try this:
"SELECT * FROM productItem WHERE productName = '$name' AND skuCode <> '$mySKU';";
Not equal statement is <>
http://dev.mysql.com/doc/refman/5.0/en/comparison-operators.html#operator_not-equal
In making database queries in Zend Framework 2, how should I be sanitizing user submitted values? For example, $id in the following SQL
$this->tableGateway->adapter->query(
"UPDATE comments SET spam_votes = spam_votes + 1 WHERE comment_id = '$id'",
\Zend\Db\Adapter\Adapter::QUERY_MODE_EXECUTE
);
You can pass parameters when you execute..
$statement = $this->getAdapter()->query("Select * from test WHERE id = ?");
$result = $statement->execute(array(99));
$resultSet = new ResultSet;
$resultSet->initialize($result);
You can also pass them directly to the query method
$statement = $this->getAdapter()->query(
"Select * from test WHERE id = ?",
array(99)
);
$result = $statement->execute();
$resultSet = new ResultSet;
$resultSet->initialize($result);
Both will produce the query "Select * from test WHERE id = '99'"
If you want to use named parameters:
$statement = $this->getAdapter()->query("Select * from test WHERE id = :id");
$result = $statement->execute(array(
':id' => 99
));
$resultSet = new ResultSet;
$resultSet->initialize($result);
If you want to quote your table/field names etc:
$tablename = $adapter->platform->quoteIdentifier('tablename');
$statement = $this->getAdapter()->query("Select * from {$tablename} WHERE id = :id");
$result = $statement->execute(array(
':id' => 99
));
My Query :
$this->db->select('*');
$this->db->join('pos_item_sales', 'pos_item_sales.item_id = pos_item_infos.item_id');
$this->db->join('pos_batch_infos', 'pos_batch_infos.item_id = pos_item_infos.item_id');
$this->db->where("`pos_item_sales`.`transaction_id` = '$transaction_id' AND (`pos_item_sales`.`item_barcode` = '$term' OR `pos_batch_infos`.`item_mbarcode` = '$term' OR `pos_item_infos`.`item_id` = '$term')");
$query = $this->db->get('pos_item_infos');
echo $this->db->last_query();
its solve my prob but i need like this query :
$term = $this->input->get('term',TRUE);
$this->db->select('*');
$this->db->join('pos_item_sales', 'pos_item_sales.item_id = pos_item_infos.item_id');
$this->db->join('pos_batch_infos', 'pos_batch_infos.item_id = pos_item_infos.item_id');
$this->db->where('pos_item_sales.transaction_id',$transaction_id);
$this->db->where('pos_item_sales.item_barcode',$term);
$this->db->or_where('pos_batch_infos.item_mbarcode',$term);
$this->db->or_where('pos_item_infos.item_id',$term);
$query = $this->db->get('pos_item_infos');
echo $this->db->last_query();
But I need a Query like :
SELECT *
FROM (`pos_item_infos`)
JOIN `pos_item_sales` ON `pos_item_sales`.`item_id` = `pos_item_infos`.`item_id`
JOIN `pos_batch_infos` ON `pos_batch_infos`.`item_id` = `pos_item_infos`.`item_id`
WHERE `pos_item_sales`.`transaction_id` = '11355822927'
AND (`pos_item_sales`.`item_barcode` = '8801962686156'
OR `pos_batch_infos`.`item_mbarcode` = '8801962686156'
OR `pos_item_infos`.`item_id` = '8801962686156')
how i solve this prob pls help because its not include ( ) in my or condition.
if you go through the codeigniter userguide.. you can see that there are 4 ways to call where clause...
All of these does the same things... and your first code is codeigniter style (if incase you are worried that is not) that is the 4th method by codeigniter userguide where you can write your own clauses manually... there is no difference in calling the where function in anyways...
so i would go with your first query
$this->db->select('*');
$this->db->join('pos_item_sales', 'pos_item_sales.item_id = pos_item_infos.item_id');
$this->db->join('pos_batch_infos', 'pos_batch_infos.item_id = pos_item_infos.item_id');
$this->db->where("`pos_item_sales`.`transaction_id` = '$transaction_id' AND (`pos_item_sales`.`item_barcode` = '$term' OR `pos_batch_infos`.`item_mbarcode` = '$term' OR `pos_item_infos`.`item_id` = '$term')");
$query = $this->db->get('pos_item_infos');
echo $this->db->last_query();
which is perfectly fine...
In cases of complex queries i find it easier to just send raw query like this :
$query = "your query";
$result = $this->db->query($query);
Don't forget to escape variables before inserting them to the query like this :
$var = $this->db->escape($var);
$query="SELECT *
FROM pos_item_infos
JOIN pos_item_sales ON pos_item_sales.item_id = pos_item_infos.item_id
JOIN pos_batch_infos ON pos_batch_infos.item_id = pos_item_infos.item_id
WHERE pos_item_sales.transaction_id = ?
AND (pos_item_sales.item_barcode = ?
OR pos_batch_infos.item_mbarcode = ?
OR pos_item_infos.item_id = ?)";
$params=array();
$params[]='11355822927';
$params[]='8801962686156';
$params[]='8801962686156';
$params[]='8801962686156';
$result=$this->db->query($query,$params);
$result=$result->result_array();
print_r($result);
Also, simplify your syntax with USING.
SELECT *
FROM pos_item_infos
JOIN pos_item_sales USING (item_id)
JOIN pos_batch_infos USING (item_id)
WHERE pos_item_sales.transaction_id = ?
AND (pos_item_sales.item_barcode = ?
OR pos_batch_infos.item_mbarcode = ?
OR pos_item_infos.item_id = ?)