Quick question: How do I mysqli_escape_string a variable enclosed in a like clause?
"SELECT * FROM table WHERE name LIKE '%". %s . "%'"
or
"SELECT * FROM table WHERE name like '%"."%s"."%'"
don't work.
Thanks!
$value = mysql_real_escape_string($_POST["terms"]);
$query = "SELECT * FROM table WHERE name LIKE '%".$value."%'";
Or you could acheive this with sprintf like this:
$query = sprintf("SELECT * FROM table WHERE name LIKE '%s'", "%".$value."%");
Related
I am running problems in implementing LIKE in PDO
I have this query:
$query = "SELECT * FROM tbl WHERE address LIKE '%?%' OR address LIKE '%?%'";
$params = array($var1, $var2);
$stmt = $handle->prepare($query);
$stmt->execute($params);
I checked the $var1 and $var2 they contain both the words I want to search, my PDO is working fine since some of my queries SELECT INSERT they work, it's just that I am not familiar in LIKE here in PDO.
The result is none returned. Do my $query is syntactically correct?
You have to include the % signs in the $params, not in the query:
$query = "SELECT * FROM tbl WHERE address LIKE ? OR address LIKE ?";
$params = array("%$var1%", "%$var2%");
$stmt = $handle->prepare($query);
$stmt->execute($params);
If you'd look at the generated query in your previous code, you'd see something like SELECT * FROM tbl WHERE address LIKE '%"foo"%' OR address LIKE '%"bar"%', because the prepared statement is quoting your values inside of an already quoted string.
Simply use the following:
$query = "SELECT * FROM tbl WHERE address LIKE CONCAT('%', :var1, '%')
OR address LIKE CONCAT('%', :var2, '%')";
$ar_val = array(':var1'=>$var1, ':var2'=>$var2);
if($sqlprep->execute($ar_val)) { ... }
No, you don't need to quote prepare placeholders. Also, include the % marks inside of your variables.
LIKE ?
And in the variable: %string%
$query = "SELECT * FROM tbl WHERE address LIKE ? OR address LIKE ?";
$params = array("%$var1%", "%$var2%");
$stmt = $handle->prepare($query);
$stmt->execute($params);
You can see below example
$title = 'PHP%';
$author = 'Bobi%';
// query
$sql = "SELECT * FROM books WHERE title like ? AND author like ? ";
$q = $conn->prepare($sql);
$q->execute(array($title,$author));
Hope it will work.
i want to search data in an array .How can i search using mysql select command. i wrote the query as
$this->db->query("SELECT * FROM client_details WHERE dob IN ({implode(',', $data})");
$data is an array of dates .Please Help me for solving this..
try with
$data =array('0'=>'2015-01-23','1'=>'2015-01-22','2'=>'2015-01-21');
$tmp = implode('","', $data);
$tmp ='"'.$tmp.'"';
$sql= 'SELECT * FROM client_details WHERE dob IN ('.$tmp.')';
echo $sql;
$this->db->query($sql);
You can do something like this:
Option 1
$tmp = implode(',', $data);
$this->db->query("SELECT * FROM client_details WHERE dob IN ($tmp)");
Option 2
$this->db->query("SELECT * FROM client_details WHERE dob IN (".implode(',', $data).")");
Also, there is a mistake in your bracket formation.
It should be dob IN ({implode(',', $data)}"); [Curly braces should close after the closing parenthesis].
Im having a little problem finding a query to do what I want.
Im using Jquerys autocomplete to search for job ID.
Currently the code I'm using is:
$keyword = "%" . (int) $_GET['term'];
$sql = $DB->prepare("SELECT JID, SiteName FROM jobs WHERE CID = :cid AND `JID` LIKE :term ORDER BY JID DESC LIMIT 6");
when the code runs it only returns IDs 1 and 11
I want is so any ID beginning with 1 is displayed eg
1,10,11,12,13,14,15 ... 100 etc
Any ideas how I solve this?
change that
$keyword = "%" . (int) $_GET['term'];
to
$keyword = (int) $_GET['term']. "%" ;
you are cheking numbers which ends by 1 , like that you will check numbers wich starts by 1.
this would be better thought if you using pdo
$keyword = (int) $_GET['term'];
$params = array("$keyword%");
$sql = $DB->prepare(...........);
$sql->execute($params);
I've had a bit of a look around, and tried a few things, but I can't seem to get this to work... Can anyone help?
$typeall = " ('House','Condo','Loft','Townhouse','Land')";
$rs = mysql_query("SELECT * FROM 'houses' WHERE and category IN " .$typeall);
does not work
but if I type
$rs = mysql_query("SELECT * FROM 'houses' WHERE and category IN ('House','Condo','Loft','Townhouse','Land')");
it works perfect, why?
Thanks.
Try this:
$typeall = "'House','Condo','Loft','Townhouse','Land'";
$rs = mysql_query("SELECT * FROM 'houses' WHERE and category IN (".$typeall.")");
may be variable $typeall is not working in brackets.
Don't quote table name, and drop extra and:
$typeall = " ('House','Condo','Loft','Townhouse','Land')";
$rs = mysql_query("SELECT * FROM houses WHERE category IN " .$typeall);
You should remove the and:
WHERE and category IN ...
Into:
WHERE category IN ...
Is it possible to have an OR inside a WHERE statement in a mysql query as I have done below.
$query = mysql_query("SELECT * FROM fields WHERE post_id=$id OR post_id="" order by id desc") or die(mysql_error());
This produces a server error when run on my site. Any thoughts on how I could accomplish this?
Thanks in advance.
Yes you can have an OR. What is the type of post_id?
If post_id is a character type:
"SELECT * FROM fields WHERE post_id='$id' OR post_id='' order by id desc"
If it's an integer then it can't be equal to the empty string. Did you mean post_id IS NULL instead?
What is the error? It looks like you have not escaped the double quote in the query. It should be:
$query = mysql_query("SELECT * FROM fields WHERE post_id=$id OR post_id=\"\" order by id desc") or die(mysql_error());
what are the errors.. as such ur query is fine but u string problems with all these double quotes.. try something like this..
$query = mysql_query("SELECT * FROM fields
WHERE post_id = " . $id . " OR post_id='' order by id desc")
or die(mysql_error());