I want to find text in a MySql database
$result = mysqli_query($con,"SELECT * FROM blog
WHERE text_post LIKE = 't%';
")
or die(mysqli_error());
while($row = mysqli_fetch_array($result)) {
echo $row['titol_post'] . "<br>";
}
It gives me the error:
mysqli_error() expects exactly 1 parameter, 0 given...
If I substitute
WHERE text_post LIKE = 't%';
by
WHERE text_post = 'test';
It works well. I do not undestand. Why the LIKE does not work?
Here like after = is probelm please replace
with
WHERE text_post LIKE = 't%';
to
WHERE text_post LIKE 't%';
mysqli_error(), like all other mysqli_xx() functions, requires that you pass the connection variable to it, so that it knows which DB connection you want to know the last error for.
...
or die(mysqli_error($con));
...
Once you've done this, you will get a more useful error message that will help you diagnose the problem with your SQL code.
When you do get the real SQL error message, you will find that the problem is with the = sign.
The reason for this is that LIKE is an operator in the same way as =. You can only use one operator here, so if you're using LIKE, then you don't need = as well.
Your SQL code would therefore change to look like this:
SELECT * FROM blog
WHERE text_post LIKE 't%
I just changed like = to like and it works
SELECT * FROM blog WHERE text_post LIKE 't%'"
Try to pass conn in the error function:
or die(mysqli_error($con));
The MySQL syntax says:
string mysqli_error(mysqli link);
Returns the last error message for the most recent MySQLi function
call that can succeed or fail.
Also you need to remove the = sign after the LIKE keyword
$result = mysqli_query($con,"SELECT * FROM blog
WHERE text_post LIKE 't%';
")
or die(mysqli_error($con));
This is the right way to write sql query in mysql. Please replace your query with this.
$result = mysqli_query($con,"SELECT * FROM blog
WHERE text_post LIKE 't%';
")
Related
I am trying to execute the following mysql query below with drupal 7 db_select. But I cant understand how this can be done. Is anyone can help me to translate the following mysql query into drupal 7 dynamic db query?
My main goal is actually sorting the mysql result by given string position in the name. Please keep in mind that i dont want to fetch all the results and sort them with php, instead I want to use mysql to do that. As i know the "ORDER BY LOCATE" command is doing that exactly.
SELECT name FROM `taxonomy_term_data` WHERE LOCATE('credit', name) > 0 ORDER BY LOCATE('credit', name)
1. Proper example of db_select
It is possible, using drupal 7 db_select, here is my example working code (done with help of this post)
My example in with table cities containing column city. Find cities with double "o" and sort by it's position:
$r = db_select('cities', 't')
->fields('t')
->condition('t.city', '%' . db_like('oo') . '%', 'LIKE');
$r->addExpression("LOCATE('oo', city) ", 'loc');
$r = $r->orderBy('loc', 'DESC')
->execute()
->fetchAllAssoc("id");
So similar in your example would be:
$r = db_select('taxonomy_term_data', 't')
->fields('t')
->condition('t.name', '%' . db_like('credit') . '%', 'LIKE');
$r->addExpression("LOCATE('credit', name) ", 'loc');
$r = $r->orderBy('loc', 'DESC'); //Or ASC
//Execute your query and gather result anyway you want.
2. Do you need to use db_select?
As someone stated in comment in link I posted "There are times and places to just use db_query."
I think this is that time :) Dont overcomplicate your code just to use drupal-way logic, which is often outdated or just too simple for complex tasks.
I think you should try something like this. db_like function seems to do what you are looking for.
$result = db_select('taxonomy_term_data', 'ttd')
->fields('ttd', 'name')
->condition('ttd.name, '%' . db_like('credit') . '%', 'LIKE')
->orderBy('ttd.name', 'DESC')
->execute();
I am a newbie and currently learning wordpress , i am struggling to write a query in wordpress. I have written it something like this but seesm like its coming null.
$querystr = "SELECT *
FROM $wpdb->seeker_saved_mark_job ";
$movie_names = $wpdb->get_results($querystr);
var_dump($movies_names);
The seeker_saved_mark_job is placed in meta table. I want to get all the results from this table, and they do exist but Its coming null
Try below query
global $wpdb;
$querystr = "SELECT * FROM ".$wpdb->base_prefix."postmeta WHERE `meta_key`='seeker_saved_mark_job'";
$movie_names = $wpdb->get_results($querystr);
var_dump($movies_names);
I have this code:
$places = $this->db
->select('*')
->from('places')
->where('postal_code',$search)
->limit($limit, $start)
->get()->result();
I want to know if is there something wrong, and which is the way to get a query with a simple where inside the query.
Like this..
$places = $this->db->get_where('places',array('postal_code'=>$search),$limit,$start)->result();//outputs result in object format
$places = $this->db->get_where('places',array('postal_code'=>$search),$limit,$start)->result_array();//outputs result in array format
See more docs https://www.codeigniter.com/userguide3/database/query_builder.html
At the end I do it in other way, as I can see is there some issues to do a where and limit sentence in CodeIgniter in the same query.
So I do it directly in SQL
$query = "SELECT * FROM places WHERE locality = '".$search."' LIMIT ".$start.",".$limit."";
$places = $this->db->query($query)->result();
Not nice, but it works.
Cant seem to figure out whats wrong, the query should be correct, and it works in phpMyAdmin but when I introduce a wildcard into the php string "%", every query fails.
This works:
$query = sprintf("SELECT `id`FROM `table`WHERE `name` LIKE '".$resources[1]."'",
mysql_real_escape_string($resources[1]));
This does not:
$query = sprintf("SELECT `id`FROM `table`WHERE `name` LIKE '%".$resources[1]."%'",
mysql_real_escape_string($resources[1]));
The query Im obviously trying to generate is
SELECT `id` FROM `table`WHERE `name` LIKE '%someName%'
Read the sprintf man page: http://php.net/sprintf
$sql = sprintf('..... '%%%s%%', $var);
^^--- turns into %
^-- %s -> $var
^^-- turns into %
Your code, as written, does NOTHING to prevent sql injection, since you're not using sprintf() properly.
If I type
'
into my search bar I get a mysql error as the "sting" has not been escaped- it think.
But the reason why I cant escape it is because I dont think it currently is a string.
the search box generates search results dynamically with ajax it is as I type and it finds the results that I get the error:
You have an error in your SQL syntax; check the manual that corresponds to
your MySQL server version for the right syntax to use near '%' OR Location
LIKE '%'%' OR Map LIKE '%'%' LIMIT 0, 16' at line 2
This is the mysql query:
<?php
if($_POST['q']!=""){
include $_SERVER['DOCUMENT_ROOT'] . "/include/datebasecon.php";
$result = mysql_query("
SELECT id, Name, Location, Map
FROM Accommodation WHERE Name LIKE '%".$_POST['q']."%' OR Location LIKE '%".$_POST['q']."%' OR Map LIKE '%".$_POST['q']."%' LIMIT 0, 16")
or die(mysql_error());
$output = "";
while($row = mysql_fetch_array($result)){
$N = preg_replace("/(".$_POST['q'].")/i","<span>$1</span>",$row['Name']);
$L = preg_replace("/(".$_POST['q'].")/i","<span>$1</span>",$row['Location']);
$M = preg_replace("/(".$_POST['q'].")/i","<span>$1</span>",$row['Map']);
$output .= "<p>".$N." - ".$L."</p>";
}
print $output;
}
?>
Is there anyway i can fix this after its post the query maybe?
When magic_quotes_gpc is off (as it should be!), $_POST['q'] is simply the string ', as just one character. That's why it's appearing in your SQL code like this:
%' OR Location LIKE '%'%' OR Map LIKE '%'%' LIMIT 0, 16
The error takes place at '%'%' because the LIKE string is being prematurely terminated.
You can just use mysql_real_escape_string() on $_POST['q'] and it'll be escaped:
$q = mysql_real_escape_string($_POST['q']);
$result = mysql_query("
SELECT id, Name, Location, Map
FROM Accommodation WHERE Name LIKE '%".$q."%' OR Location LIKE '%".$q."%' OR Map LIKE '%".$q."%' LIMIT 0, 16")
or die(mysql_error());
You wrote "I dont think it currently is a string"... it is a string. You can pass it to mysql_real_escape_string() and use the result to make your query secure and reliable. Everything your script receives by the $_POST, $_GET, $_REQUEST and $_COOKIE params can be used as string, except it is an array.
To make you understand.
Look at your query:
LIKE '%search string%'
note apostrophes you have used to delimit search string.
These apostrophes does mean that data inside IS a string.
Everything you put in quotes into query is a string.
Everything you put in quotes into query must be escaped.
No need to think, consider or estimate. The rule is simple and unambiguous: quoted text should be always escaped.