I'm currently using the below query;
SELECT * FROM '' WHERE Name LIKE 'argument'
OR Reg LIKE 'argument'
However, this will only show results that are LIKE Name or Reg not exact.
How do I change this query to search for results that are exact and like?
Remove the %. Try with -
SELECT * FROM cars WHERE Name LIKE '$searchq' OR Reg LIKE '$searchq'
Does
"SELECT * FROM cars WHERE Name = '$searchq' OR Reg = '$searchq'"
out of the option?
or just use an equals operator for checking the Reg...
SELECT * FROM cars WHERE (Name LIKE ('%'. $searchq .'%') OR Reg = '$searchq')
Note: It may also be worth ensuring all letters in the Reg and search string are both upper case before doing the search. e.g.
<%php $searchq = strtoupper($searchq); %>
SELECT * FROM cars WHERE (Name LIKE ('%'. $searchq .'%') OR upper(Reg) = '$searchq'
Change your SQL to this
$query = mysql_query("SELECT * FROM cars WHERE Name LIKE '%".$searchq."%' OR Reg LIKE '%".$searchq."%' OR Name = '".$searchq."' OR Reg ='".$searchq."'") or die(mysql_error());
I hope you are sanitizing your the search string. Not sanitizing it may leads to SQL Injection.
Related
When i using user-defined variable , i want to use 'index' like 'ref..';
for example,
SET #company_code = "A002";
select *
from product_in_out
where company_code = #company_code
and product_date = "2022-04-13"
and out_type = "Q"
;
above result like this,
[enter image description here][1]
for using SQL index, i've tested that variable to plain text like "A002".
at that time, SQL use index like 'ref'
select *
from product_in_out
where company_code = "A002"
and product_date = "2022-04-13"
and out_type = "Q"
;
if so, is there any good way to use valiable for using mysql Index?!?!
As a workaround, add this composite index:
INDEX(out_type, product_date, company_code)
(I assume product_date is of datatype DATE.)
I have a piece of code like this:
isbn = 4567
c.execute("SELECT * FROM book WHERE Book_d = %s;",(isbn,))
search = c.fetchone()
print(search)
But I want to change the attribute to a variable like this:
isbn = 4567
bisbn = 'Book_d'
c.execute("SELECT * FROM book WHERE %s = %s;",(bisbn, isbn,))
search = c.fetchone()
print(search)
But I guess the syntax is wrong here.
I just wanted to ask whether it is possible to do something like this and if so how?
Thanks
Please check this.
isbn = 4567
bisbn = 'Book_d'
sql_query = "SELECT * FROM book WHERE %s = %s;"%(bisbn, isbn,)
Or if you are using python3
sql_query = f"SELECT * FROM book WHERE {bisbn} = {isbn}"
print(sql_query)
Previously, this was working:
$patient_story_set_photos = $wpdb->get_results('SELECT * FROM wp_before_after WHERE patientID = '.$post->ID.' AND patient_display = 1');
However, when I try to add another AND condition like this:
$patient_story_set_photos = $wpdb->get_results('SELECT * FROM wp_before_after WHERE patientID = '.$post->ID.' AND patient_display = 1 AND period_taken = '.$set->period_taken);
I get the following error on screen:
WordPress database error: [Unknown column '1hour' in 'where clause']
SELECT * FROM wp_before_after WHERE patientID = 8175 AND patient_display = 1 AND period_taken = 1hour
Can't see why there's a problem, are you not allowed to use multiple AND conditions in SQL?
The problem is not the AND, the problem is your 1hour, 1hour unquoted means a reference to an object (database, table) named 1hour, you need to quote '1hour'.
If you write
SELECT * FROM wp_before_after
WHERE patientID = 8175
AND patient_display = 1
AND period_taken = '1hour'
you will compare the field periodtaken to a string (CHAR,VARCHAR,TEXT) equal to '1hour'.
I assume period_taken is a field typed CHAR,VARCHAR or TEXT
Before anything, DO NOT CONCATENATE SQL STRINGS nowadays it is a MUST (see how to do it properly https://stackoverflow.com/a/60496/3771219)
The problem you are facing is because, I presume, that the period_taken field is some sort of Char/Varchar/String field and when you are filtering by a "Stringy" field you must sorround your literals values with single quotes:
SELECT *
FROM wp_before_after
WHERE patientID = 8175
AND patient_display = 1
AND period_taken = '1hour'
Hope this help
I want to write mysql query to display all records if text field value = "All" or else display records similar to keyword value. I have written code below to just to give an idea.
if (keyword = 'All' )
select * from ItemMain
else if (keyword like %itemname%)
select * from ItemMain
Ok, assuming PHP as the front-end language you can put it all in one query like this (forgive the curly braces; I'm never sure when they're needed or not so I tend to over-use them):
$query = <<< ENDSQL
SELECT *
FROM ItemMain
WHERE ('{$keyword}' = 'All') OR (your_textfield like '%{$keyword}%')
ENDSQL;
... execute the query
But really I'd go with the suggestion from #cjg and use two different queries:
$query = "";
if ($keyword == 'All') {
$query = "SELECT * FROM ItemMain";
} else {
$query = "SELECT * FROM ItemMain WHERE your_textfield LIKE '%{$keyword}%'";
}
... execute the query
If itemname is your column name, and your search string parameter replaces the ? in your code. Then your statement should look something like this if you are searching for all itemnames containing your search string:
SELECT *
FROM ItemMain
WHERE ? = 'All' OR itemname LIKE '%?%'
Or this if you are looking for an exact match:
SELECT *
FROM ItemMain
WHERE ? = 'All' OR itemname = ?
I have procedure with a single string parameter to retrieve records from my table test which has two fields id(int) and Name(varchar).
the query in the procedure is shown below
Select * from test where id in (strParam);
and value in the parameter will be
strParam="1,2";
but the result will be wrong because query will be as shown below
Select * from test where id in ('1,2');
but i need the query to be like shown below
Select * from test where id in (1,2);
please help me with a solution
the programming language is C#
thanks,
suraj
Usually you construct the SQL correctly in your programming language:
Select * from test where id in ('1,2');
should come from your application code, where it's easier to change strParam="1,2"; to strParam="'1','2'":
Split (explode) the string into an array
escape each element in the array (using the correct MySQL-ESCAPE function)
Join (implode) the array back into a string,
If you really can't change the application code, maybe some SQL tricks could work. Try:
SELECT * FROM test where FIND_IN_SET(ID,strParam) > 0
Not sure if this is the most efficient way:
Explode the value strParam to an array and then build up the string you need in the query:
<?php
$arrayParam = explode(',', $strParam);
$strParamQuery = '(';
foreach ($arrayParam as $Param) {
if ($strParamQuery != '(') { $strParamQuery = $strParamQuery.','; //Add a comma to all but the first occurence
$strParamQuery = $strParamQuery.$param;
}
$strParamQuery = $strParamQuery.')';
$query = 'Select * from test where id in '.$strParamQuery.';';
?>