Jump to content

dynamic mySQL select statment

jardane

By jardane
in PHP Coding Help

 Share

Recommended Posts

jardane Newbie

jardane

Posted
Posted

I have a program where i have my text box's where the user can enter search terms. The user is only required to enter at least one but has the option to enter up to 14. I tried this:

$q = "SELECT `name`, `site_address`, `site_city`, `state`, `zip_code`, `telephone`, `mailing_address`, `transporter`, `desginated_facility`, `us_dot`, `quantity`, `wast_code`,`offerers_name`, `manifests` FROM `companies` WHERE " . $search;

I  build $search to include what i want searched for depending on what the user wants to search for. But this is not working and i know for sure that it's the select statement. Can someone give me a hand or tell me another way of doing this?

Link to comment
Share on other sites
jardane Newbie

jardane

Posted
  • Author
Posted

The echo of the select statement is:

SELECT `name`, `site_address`, `site_city`, `state`, `zip_code`, `telephone`, `mailing_address`, `transporter`, `desginated_facility`, `us_dot`, `quantity`, `wast_code`,`offerers_name`, `manifests` FROM `companies` WHERE quantity='$qu'

 

$search is made with this script:

for ($i = 0; $i < $count; $i++) {
		$search = $search . $find[$i];
	}

 

And the $find array is set using:

if (!empty($_POST['quantity'])) {
	if ($count == 0){
		$find[$count] = " quantity='\$qu'";
		$qu = mysqli_real_escape_string($dbc, trim($_POST['quantity']));
		$count ++;
			}else{
			$find[$count] = " AND quantity='\$qu'";
			$qu = mysqli_real_escape_string($dbc, trim($_POST['quantity']));
			$count ++;
	}
}

There is one of these for each search option.

Link to comment
Share on other sites
DavidAM Member

DavidAM

Posted
Posted

Your SELECT statement contains the literal '$qu' NOT the value of the variable named $qu.  It looks like you are trying to bind the PHP variable to the SELECT statement.  I don't do binding (don't even know how or if it is possible).  Change that way you setup your $find array to put the value into the string:

 

if (!empty($_POST['quantity'])) {
  $qu = mysqli_real_escape_string($dbc, trim($_POST['quantity']));
  if ($count == 0){
    $find[$count] = " quantity='" . $qu . "'";
    $count ++;
  }else{
    $find[$count] = " AND quantity='" . $qu . "'";
    $count ++;
  }
}

 

Link to comment
Share on other sites
the182guy Newbie

the182guy

Posted
Posted

The first problem is you have put a backslash before the $qu variable, the result of this is literally '$qu' gets inserted into the SQL statement, intead of the value of $qu

 

Second problem is it looks like you haven't set $qu to the value of the posted variable here (on both lines)

$find[$count] = " quantity='\$qu'";

 

Move the $qu =  line to above the $find[$count] line, if you don't then $qu will not be set to the value of the posted quantity

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.