I have the following code:
mysql_query("SELECT * FROM list WHERE name LIKE '%'$searchTerm'%' OR description LIKE '%'$searchTerm'%';");
The only problem is, in pure SQL, such a query would look like:
SELECT * FROM list WHERE name LIKE '%asdf%' OR description LIKE '%asdf%'
What I'm confused about is how to put my variables into the string properly, normally a variable in a mysql_query would be surrounded by single quotes, but the addition of the single quotes in the SQL itself is confusing me.
I tried concatenating with . but I don't think that's a good solution.
mysql_query("SELECT * FROM list WHERE name LIKE '%$searchTerm%' OR description LIKE '%$searchTerm%';");
Why won't you just...
echo "SELECT * FROM list WHERE name LIKE '%$searchTerm%' OR description LIKE '%$searchTerm%';"
...and see how the query actually will look like..
I don't know PHP, but I suggest to use a replace function to manage the character "'" into $searchterm. This also allow to avoid sql injections..
This is the clearest way to me, using "." to concatenate:
mysql_query("SELECT * FROM list WHERE name LIKE '%".$searchTerm."%' OR description LIKE '%".$searchTerm."%'");
Try and use that, it should work on what you're trying :)
Related
What is the best way to search a database for a phrase such as "Almond Anise Cookie" and return the result?
If I
SELECT *
FROM recipes
WHERE name LIKE '%".$query."%'
and use the phrase "Almond Cookie", nothing is returned as expected. But if I search for "Anise Cookie" the result above is returned.
I've also tried
SELECT *
FROM recipes
WHERE name LIKE '%".$query."%'
OR name LIKE '".$query."%'
OR name LIKE '%".$query."'
with the same failed result.
Using MATCH AGAINST returns everything that contains "Almond" and everything that contains "Cookie" also not a good result. Is there a happy middle in returned results?
You can try using REPLACE. Something like this should work:
SELECT *
FROM recipes
WHERE NAME LIKE REPLACE(' ".$query." ',' ','%');
Note that I purposely add spaces between .$query. to ensure that the replace operation will make your term filled with the wildcard symbol. In the example above:
If $query='almond cookies' then REPLACE(' ".$query." ',' ','%') will become %almond%cookies%.
You can test the fiddle here : https://www.db-fiddle.com/f/kMzp99S8ENbTkYcW5FVdYN/0
I am trying to search domain names ending in particular keywords. e.g. "car" would bring up buycar.com, but not carbuy.com.
So if my query is
SELECT * FROM domains WHERE LIKE '%car'
Will not show any results at all, obviously because the domains dont end in car, they end in .com, or .co, or something.
I think I need to do some sort of regex replace to search the domain, until the first .
Or whatever would do the equivalent of this in sql for php:
$pos = strpos($domain,'.');
$search = substr($domain,0,$pos);
So it would just search the actual domain without the TLD. Is this possible with sql?
How about using:
SELECT *
FROM domains
WHERE domain LIKE '%car.%'
You could remove characters like .com, .IR, .co after car and run own query.
Please try this:
SELECT *
FROM domains
WHERE
REVERSE(SUBSTRING(REVERSE(domain),CHARINDEX('.',REVERSE(domain))+1,LEN(domain
))) LIKE '%car'
if you don't remove that character and use Like '%car.%' maybe get some thing like this: car.site.com
I am trying to find a string in a MySQL field which is encoded in base64 (for international characters)
Usual search:
$sql = "SELECT * FROM table WHERE field LIKE '%term%' ";
I have tried this:
$sql = "SELECT * FROM table WHERE field name LIKE '%".base64_encode($term)."%' ";
But it does not work all the time, depending on the search term length... For some reason, it gives result whenever my term is an odd-number long...
I have also tried using the MySQL function TO_BASE64() and FROM_BASE64() which did not work...
Can someone please help?
You need to compare the input value against the base64-decoded stored value, so reverse your attempt a little to call FROM_BASE64() on the stored value and compare against the plain input value. You cannot compare a partial match in $term if it is encoded because the partial value will never produce the same or even similar base64 string as the full stored value.
SELECT * FROM `table` WHERE FROM_BASE64(`field`) LIKE '%$term%'
In this context, $term is a plain string, not base64 encoded. It's of course recommended that $term be a bound parameter rather than a plain PHP variable concatenated into the query.
However, this is going to be slow. If you are in any position to change the way your data has been stored, you are highly encouraged to store it in a plain unencoded form. Every query will need to base64-decode every row to find a matching one, which is extremely inefficient.
Note also, that TO_BASE64(),FROM_BASE64() were recently added in MySQL 5.6.1, and therefore may not be available in a lot of installations. You really should change the way the data is stored to eliminate the encoding.
If you don't want to upgrade to MySQL 5.6 or above, you can use the following trick which is removing the padding issue:
SELECT * FROM `table` WHERE
field LIKE '%" . base64_encode($term) . "%'
OR field LIKE '%" . substr(base64_encode($term .'a'),0,-4) . "%'
OR field LIKE '%" . substr(base64_encode($term .'aa'),0,-8) . "%'
OR field LIKE '%" . substr(base64_encode($term .'aaa'),0,-12) . "%'
The search term length issue is therefore avoided. You may optimize this query by using only one of the four LIKE depending on the length of the $term.
When I search any record by chapter number then it works.
But the problem is when I select chapter number 1 or 2 from drop-down and the search all records included in that chapter.
It displays all records included in 1,11,21,31...or 2,21,12,...like this.
I know I wrote 'like' there that's why it happens. But when i write " = " operator that I commented in my code that also didn't work for me.
What will be the perfect query to solve this problem?
My Code:
<?php
include("conn.php");
$name=$_POST['fname'];
$name2=$_POST['chapter'];
$sql="SELECT distinct * FROM $user WHERE question like '%".$name."%' and Chapter like '%".$name2."%'";
// $sql="SELECT * FROM $user WHERE question='$name' and Chapter='$name2'";
$result=mysql_query($sql,$connection) or die(mysql_error());
while($row=mysql_fetch_array($result)) {
?>
I would be interested to see what the type of 'Chapter' is in the returned query, and try to see why it is that the equality comparison doesn't work.
If the typing is straightforward (i.e. it really is just plain old strings), then I'd be looking for whitespace characters or something like that which is foiling the equality comparison.
Similarly, I'm wondering whether it's the equality on the 'Question' that is messing up your alternate query.
At a guess, try one of the following:
$sql="SELECT distinct * FROM $user WHERE question like '%".$name."%' and Chapter like '$name2'";
$sql="SELECT distinct * FROM $user WHERE question like '%".$name."%' and Chapter='$name2'";
Oh, and you should really do something about escaping those parameters properly to avoid any nasty SQL injection attacks.
The problem is this part of the first query:
Chapter like '%".$name2."%'
If = doesn't work, then I can think of two things. The first is that Chapter is really a list, probably a comma delimited list. The second is that there are extraneous characters in the database.
If Chapter is really a list, use find_in_set() instead:
find_in_set($name2, Chapter) > 0
You directly use $_POST variables in your SQL query which makes you vulnerable to SQL injection attacks. Please take a look at this page for ways around that: http://bobby-tables.com/php.html. You should use either mysql_real_escape_string or prepared statements (better). The best solution would probably be to use PDO.
Also if you want a better answer, please format your question so it can be easily read, include example inputs, outputs and database contents and make sure your code is properly indented.
All I can assume now is that your database field probably contains more than the data you want to match. Leading/tailing spaces or something?
The main problem in your query is in this section
like '%".$name."%'
Just remove % sign from your whole query where you have wrote and check your query may work
properly.
What I need seems simple, but I haven't been able to pull it off so far. Maybe it's just these late hours, or maybe it's not that simple after all, I don't know any more :)
So, here's the thing. I want to be able to check whether the search string from my site contains any of the fields from a particular column in my database. So, it would be the opposite of the usual one:
mysql_query("
SELECT *
FROM `table`
WHERE `column` LIKE '%{$search}%'
");
which looks for the fields with values where the search string is contained.
What would be the easiest way, using some regular expressions or...?
Thanks a bunch!
Just do it the other way around
SELECT *
FROM `table`
WHERE '{$search}' LIKE concat('%', `column`, '%')
bear with me for the proper syntax for variable escaping for SQL-injection.
your query is also good as you want.
but still you can try this.
You can search your string by using MATCH() AGAINST() statement in mysql.
mysql_query("SELECT * FROM table_name WHERE MATCH(field11,field12) AGAINST ('searchstring')");
Here your field must be having Fulltext datatype.
This may work good.
Thanks.