First of all I want to excuse me for any english mistakes that might be in my texts, in fact it is not my mother language so it's not really perfect... Anyways:
I am using a table for search tags which contains all search tags and a unique name they belong to. For the actual search query, I use REGEXP (the query is written in PDO style). The user has to type in the search keywords seperated with a comma.
As I executed several tests I noticed that the shown results are depending on the order of the typed in words and the order the search tags are stored in the seach tags table.
My question is: How can I execute a query using REGEXP which does ignore the order of the words?
Till now the actual query is pretty simple:
$search = explode(',', htmlentities($_POST["search"]));
$search = implode('|', $search);
$stmt = $db->prepare("SELECT name FROM blablabla WHERE name REGEXP :search");
$stmt->bindValue(":search", $search, PDO::PARAM_STR);
Thanks!
I am sorry, but I do not know, wether this is possible, at least in a performant way.
I would try to achieve it like that:
$search = explode(',', htmlentities($_POST["search"]));
$sql = 'SELECT name FROM blablabla ';
$query = array();
$parts = array();
foreach($search as $value) {
$query[] = 'name LIKE ?';
$parts[] = '%' . $value . '%';
}
$sql .= ' WHERE ' . implode(' OR ', $query); //Or use logical AND. Just what suits you
$stmt = $pdo->prepare($sql);
$stmt->execute($parts);
Related
I am running problems in implementing LIKE in PDO
I have this query:
$query = "SELECT * FROM tbl WHERE address LIKE '%?%' OR address LIKE '%?%'";
$params = array($var1, $var2);
$stmt = $handle->prepare($query);
$stmt->execute($params);
I checked the $var1 and $var2 they contain both the words I want to search, my PDO is working fine since some of my queries SELECT INSERT they work, it's just that I am not familiar in LIKE here in PDO.
The result is none returned. Do my $query is syntactically correct?
You have to include the % signs in the $params, not in the query:
$query = "SELECT * FROM tbl WHERE address LIKE ? OR address LIKE ?";
$params = array("%$var1%", "%$var2%");
$stmt = $handle->prepare($query);
$stmt->execute($params);
If you'd look at the generated query in your previous code, you'd see something like SELECT * FROM tbl WHERE address LIKE '%"foo"%' OR address LIKE '%"bar"%', because the prepared statement is quoting your values inside of an already quoted string.
Simply use the following:
$query = "SELECT * FROM tbl WHERE address LIKE CONCAT('%', :var1, '%')
OR address LIKE CONCAT('%', :var2, '%')";
$ar_val = array(':var1'=>$var1, ':var2'=>$var2);
if($sqlprep->execute($ar_val)) { ... }
No, you don't need to quote prepare placeholders. Also, include the % marks inside of your variables.
LIKE ?
And in the variable: %string%
$query = "SELECT * FROM tbl WHERE address LIKE ? OR address LIKE ?";
$params = array("%$var1%", "%$var2%");
$stmt = $handle->prepare($query);
$stmt->execute($params);
You can see below example
$title = 'PHP%';
$author = 'Bobi%';
// query
$sql = "SELECT * FROM books WHERE title like ? AND author like ? ";
$q = $conn->prepare($sql);
$q->execute(array($title,$author));
Hope it will work.
With big help from #Fky & especially #Syscall I managed to change a drupal query to search within 3 tables instead of two and to add conditions as well as keyword split and removal of whitespaces.
drupal sql conditional clauses for multiple tables?
I would like the results 1) to be ordered by keywords occurrence of the matching results and then 2) sorted by title in ASC.
Ie. searching for "banana apple orange" to return:
banana orange
apple
banana
orange
I managed to order by title but can't figure out how to sort by keyword occurrences first?
$term = strip_tags(drupal_substr($_POST['keyword'], 0, 100));
$terms = explode(' ', $term); // split using ' '
$terms = array_map('trim', $terms); // remove unwanted spaces
$termsfiltered = array_filter($terms);
$or = db_or();
foreach ($termsfiltered as $term) {
$or->condition('fd.field_detailed_question_value', '%'.db_like($term).'%', 'LIKE');
$or->condition('fb.body_value','%'.db_like($term).'%' , 'LIKE');
$or->condition('n.title','%'.db_like($term).'%' , 'LIKE');
}
$query = db_select('node', 'n');
$query->fields('n');
$query->range(0,20); //LIMIT to 15 records
$query->orderBy('title', 'ASC'); //ORDER BY title
$query->leftJoin('field_data_body' , 'fb', 'fb.entity_id=n.nid');
$query->leftJoin('field_data_field_detailed_question' ,'fd', 'fd.entity_id=n.nid');
$query->condition($or);
$query->condition('n.status','1');
$stmt = $query->execute(); // execute the query (returns the "statement" to fetch).
I found one question Sort sql result by occurence of a set of keywords that mentions
Take your where clause, replace all the or with +, and make sure each
individual like the statement is wrapped in parenthesis, then order by it.
I also saw an example of using $query->addExpression...
Would that be the right approach/how to do it with drupal query? Help, please :)
Update: Or combine orderby with COUNT somehow?
The linked answer seens to be the right way to do this.
Creating the ORDER BY statement for Drupal query could be done like this:
$term = strip_tags(drupal_substr($_POST['keyword'], 0, 100));
$terms = explode(' ', $term); // split using ' '
$terms = array_map('trim', $terms); // remove unwanted spaces
$termsfiltered = array_filter($terms);
$order_array = [] ; // Create an empty array to create the string
$or = db_or() ;
foreach ($termsfiltered as $term) {
// Or condition
$or->condition('fd.field_detailed_question_value', '%'.db_like($term).'%', 'LIKE');
$or->condition('fb.body_value','%'.db_like($term).'%' , 'LIKE');
$or->condition('n.title','%'.db_like($term).'%' , 'LIKE');
// Order by array (add the concat of each fields)
$order_array[] = '(concat(title, fd.field_detailed_question_value, fb.body_value) like \'%'.db_like($term).'%\')';
}
$query = db_select('node', 'n');
$query->fields('n');
$query->range(0,20);
$query->orderBy(implode('+',$order_array), 'desc'); // Dynamic order by
$query->leftJoin('field_data_body' , 'fb', 'fb.entity_id=n.nid');
$query->leftJoin('field_data_field_detailed_question' ,'fd', 'fd.entity_id=n.nid');
$query->condition($or);
$query->condition('n.status','1');
$stmt = $query->execute(); // execute the query (returns the "statement" to fetch).
The adds are :
$order_array = [] ; before the loop
$order_array[] = '(concat...) inside the loop
$query->orderBy(implode('+',$order_array), 'desc'); changed
Note that you could prevent errors by using (or something like that) :
if (empty($termsfiltered)) { return "No matches."; }
Another thing. Using $_POST is not a good practice in Drupal. If you come from a form, you should use $form_state['values']['keyword'] instead of $_POST['keyword']: See this example.
edit
$term = strip_tags(drupal_substr($_POST['keyword'], 0, 100));
$terms = explode(' ', $term); // split using ' '
$terms = array_map('trim', $terms); // remove unwanted spaces
$termsfiltered = array_filter($terms);
$order_array = ['title'=>[],'question'=>[],'body'=>[]] ; // Create an empty array to create the string
$or = db_or() ;
foreach ($termsfiltered as $term) {
// Or condition
$or->condition('fd.field_detailed_question_value', '%'.db_like($term).'%', 'LIKE');
$or->condition('fb.body_value','%'.db_like($term).'%' , 'LIKE');
$or->condition('n.title','%'.db_like($term).'%' , 'LIKE');
// Order by array (add the concat of each fields)
$order_array['title'][] = '(title like \'%'.db_like($term).'%\')';
$order_array['question'][] = '(fd.field_detailed_question_value like \'%'.db_like($term).'%\')';
$order_array['body'][] = '(fb.body_value like \'%'.db_like($term).'%\')';
}
$query = db_select('node', 'n');
$query->fields('n');
$query->range(0,20);
$query->orderBy(implode('+',$order_array['title']), 'desc'); // Dynamic order by
$query->orderBy(implode('+',$order_array['question']), 'desc'); // Dynamic order by
$query->orderBy(implode('+',$order_array['body']), 'desc'); // Dynamic order by
$query->leftJoin('field_data_body' , 'fb', 'fb.entity_id=n.nid');
$query->leftJoin('field_data_field_detailed_question' ,'fd', 'fd.entity_id=n.nid');
$query->condition($or);
$query->condition('n.status','1');
$stmt = $query->execute();
I'm building a simple search algorithm and I want to break my string with spaces, and search my database on it, like so:
$search = "Sony TV with FullHD support";
$search = explode( ' ', $search );
SELECT name FROM Products WHERE name LIKE %$search[1]% AND name LIKE %$search[2]% LIMIT 6
Is this possible?
Yes, you can use SQL IN operator to search multiple absolute values:
SELECT name FROM products WHERE name IN ( 'Value1', 'Value2', ... );
If you want to use LIKE you will need to use OR instead:
SELECT name FROM products WHERE name LIKE '%Value1' OR name LIKE '%Value2';
Using AND (as you tried) requires ALL conditions to be true, using OR requires at least one to be true.
Try this
Using UNION
$sql = '';
$count = 0;
foreach($search as $text)
{
if($count > 0)
$sql = $sql."UNION Select name From myTable WHERE Name LIKE '%$text%'";
else
$sql = $sql."Select name From myTable WHERE Name LIKE '%$text%'";
$count++;
}
Using WHERE IN
$comma_separated = "('" . implode("','", $search) . "')"; // ('1','2','3')
$sql = "Select name From myTable WHERE name IN ".$comma_separated ;
This will works perfectly in both cases, one or multiple fields searching multiple words.
Hope this will help someone. Thanks
declare #searchTrm varchar(MAX)='one two three four';
--select value from STRING_SPLIT(#searchTrm, ' ') where trim(value)<>''
select * from Bols
WHERE EXISTS (SELECT value
FROM STRING_SPLIT(#searchTrm, ' ')
WHERE
trim(value)<>''
and(
BolNumber like '%'+ value+'%'
or UserComment like '%'+ value+'%'
or RequesterId like '%'+ value+'%' )
)
This has been partially answered here:
MySQL Like multiple values
I advise against
$search = explode( ' ', $search );
and input them directly into the SQL query as this makes prone to SQL inject via the search bar. You will have to escape the characters first in case they try something funny like: "--; DROP TABLE name;
$search = str_replace('"', "''", search );
But even that is not completely safe. You must try to use SQL prepared statements to be safer. Using the regular expression is much easier to build a function to prepare and create what you want.
function makeSQL_search_pattern($search) {
search_pattern = false;
//escape the special regex chars
$search = str_replace('"', "''", $search);
$search = str_replace('^', "\\^", $search);
$search = str_replace('$', "\\$", $search);
$search = str_replace('.', "\\.", $search);
$search = str_replace('[', "\\[", $search);
$search = str_replace(']', "\\]", $search);
$search = str_replace('|', "\\|", $search);
$search = str_replace('*', "\\*", $search);
$search = str_replace('+', "\\+", $search);
$search = str_replace('{', "\\{", $search);
$search = str_replace('}', "\\}", $search);
$search = explode(" ", $search);
for ($i = 0; $i < count($search); $i++) {
if ($i > 0 && $i < count($search) ) {
$search_pattern .= "|";
}
$search_pattern .= $search[$i];
}
return search_pattern;
}
$search_pattern = makeSQL_search_pattern($search);
$sql_query = "SELECT name FROM Products WHERE name REGEXP :search LIMIT 6"
$stmt = pdo->prepare($sql_query);
$stmt->bindParam(":search", $search_pattern, PDO::PARAM_STR);
$stmt->execute();
I have not tested this code, but this is what I would do in your case.
I hope this helps.
You can try and execute below query:
SELECT name FROM Products WHERE REGEXP '.*Value1|.*Value2';
Pls note that there should not be a space before or after the pipe symbol
(|).
I know this is long time ago, but I have a solution. It can solved like this:
#intial query
query = 'SELECT var1, var2 FROM dbo.db_name WHERE'
if status :
query = query + " AND status='" + status + "'"
if type :
query = query + " AND Type='" + type + "'"
if number :
query = query + " AND Number='" + number + "'"
if cancel_request:
query = query + " AND CancelRequest='" + cancel_request + "'"
query = query + ' ORDER BY transid DESC'
cur.execute(query)
I have made a search engine which works well, but I want it to disregard symbols in the database entries.
e.g. I search for A*B-C
In the database I have a column that contains ABC.
I would like it to bring back this record even thought it has symbols in.
How would I do this?
Hi, I tried that but it does not work.
Here is my code:
$query = '%' . rawurlencode($queryRaw) . '%' ;
$queryClean = ereg_replace("[^A-Za-z0-9]", "%", $query) ;
$result = $dbh->prepare("SELECT supplier_details.id as supid, name, languages.languages, countries.country
FROM supplier_details, languages, countries
WHERE languageRef = languages.id
AND countryRef = countries.id
AND (name LIKE ? OR name LIKE ?)
LIMIT 50") ;
$result->bindParam(1, $query, PDO::PARAM_INT) ;
$result->bindParam(2, $queryClean, PDO::PARAM_INT) ;
$result->execute() ;
select *
from tbl
where clmn like '%A%B%C%'
after some researching I put this code together to search a mysql table in the db. while it works fine, it limit itself to match the words exactly as the user enters it. anyone know how to make it so that it matches my some sort of relevancy? I have been reading about the full text search but I cant really seem to grasp it.
for example, if you search for 'unanswered questions' in two fields, I want to be able to get result like that include the searched word(s) in any string that it show up in, and list it according to relevancy, like so (search results example output):
- unanswered questions
- answered questions
- answer question
- unanswered questions
- unanswered questions
- questions
- answer
$k = trim ($_GET['search']);
$i = "";
$terms = explode (" ", $k);
$query = "SELECT * FROM table1 WHERE ";
foreach ($terms as $each){
$i++;
if ($i == 1)
$query .= "fld_title LIKE '%$each%' OR fld_keyword LIKE '%$each%' ";
else
$query .= "OR fld_title LIKE '%$each%' OR fld_keyword LIKE '%$each%' ";
}
// connect
include_once "connect.php"; //connect 2 db
$query = mysql_query($query);
$numrows = mysql_num_rows ($query);
if ($numrows > 0){
while ($row = mysql_fetch_assoc ($query)){
//
//
// echo out something here
//
//
}
}else
{
echo "No results found for <b>$k</b>";
}
to do a fulltext search you have to:
Create a Fulltext index in the table (note the fields can't be BLOB)
ALTER TABLE tablename ADD FULLTEXT(field1, field2,...);
in your case:
ALTER TABLE table1 ADD FULLTEXT(fld_title, fld_keyword);
in php change
$k = trim ($_GET['search']);
$i = "";
$terms = explode (" ", $k);
$query = "SELECT * FROM table1 WHERE ";
foreach ($terms as $each){
$i++;
if ($i == 1)
$query .= "fld_title LIKE '%$each%' OR fld_keyword LIKE '%$each%' ";
else
$query .= "OR fld_title LIKE '%$each%' OR fld_keyword LIKE '%$each%' ";
}
for
$k = trim ($_GET['search']);
$query="SELECT * FROM table1 WHERE MATCH(fld_title, fld_keyword) AGAINST ('".$k."')";
if you want to see the relevancy of the results:
$query="SELECT *, MATCH(fld_title, fld_keyword) AGAINST ('".$k."') as relevancy FROM table1 WHERE MATCH(fld_title, fld_keyword) AGAINST ('".$k."')";
The MATCH-AGAINST returns a number: 0 for no match or other depending on matching.
You can "order by relevancy", change the query for make more relevant the search... MATCH(fld_title, fld_keyword) AGAINST ('".$k."') > 0.5
Only one problem: the AGAINST part ($k for you) must be greater than 3 characters.