Jump to content

$_POST form variable with a LIKE statement?


bigkev1983

Recommended Posts

Hello there

I'm pretty new to PHP and mianly use Dreamweaver to come up with most of the code for search interfaces to be honest so I'm hoping you guys can help me.

I have this select statement for my search results page:
$query_directory = sprintf("SELECT * FROM directory WHERE Name LIKE '%".$_POST['name']."%' ORDER BY id DESC", $colname_directory);

to get all records from the database whose name contains characters typed in by the user from the search form.

However, it doesn't work and SQL just comes back with an error so I think the syntax must be wrong. The standard statement (below) DOES return results but obviously it doesn't do what I need it to as it forces the user to type in the whole name exactly:

$query_directory = sprintf("SELECT * FROM directory WHERE Name = '".$_POST['name']."' ORDER BY id DESC", $colname_directory);

Can anyone help me make the first statement work?

Kev
Link to comment
Share on other sites

What is $colname_directory? sprintf needs a place holder, so your code should look something like.

[code=php:0]
$colname_directory = $_POST['name'];
$query_directory = sprintf('SELECT * FROM directory WHERE Name LIKE "%'."%s".'%" ORDER BY id DESC', $colname_directory);
[/code]

Link to comment
Share on other sites

Note sure what that means but I get thie following error:

You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '"%s ORDER BY id DESC LIMIT 0, 10' at line 1

???

Here's the code I just used...

mysql_select_db($database_directory, $directory);
$colname_directory = $_POST['name'];
$query_directory = sprintf('SELECT * FROM directory WHERE Name LIKE "%'."%s".'%" ORDER BY id DESC', $colname_directory);

$query_limit_directory = sprintf("%s LIMIT %d, %d", $query_directory, $startRow_directory, $maxRows_directory);
$directory = mysql_query($query_limit_directory, $directory) or die(mysql_error());
$row_directory = mysql_fetch_assoc($directory);
Link to comment
Share on other sites

Hi Huggie - I tried this code...

mysql_select_db($database_directory, $directory);
$query_directory = "SELECT * FROM directory WHERE Name LIKE '%$_POST['name']%' ORDER BY id DESC";

$query_limit_directory = sprintf("%s LIMIT %d, %d", $query_directory, $startRow_directory, $maxRows_directory);
$directory = mysql_query($query_limit_directory, $directory) or die(mysql_error());
$row_directory = mysql_fetch_assoc($directory)

But got the following error:

Parse error: parse error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /homepages/16/d93745840/htdocs/m18directory/results.php on line 13

I also tried it without the sprintf (and brackets) in the $query_limit_directory line but same error.

Any ideas? I thought it wouldn't be too difficult to have a results page displaying all results from a table where the name field is like what the user has typed in the form but it's proving tricky!
Link to comment
Share on other sites

[quote author=bigkev1983 link=topic=109390.msg440974#msg440974 date=1159196465]
$query_directory = "SELECT * FROM directory WHERE Name LIKE '%$_POST['name']%' ORDER BY id DESC";
[/quote]

That's your problem.

You can't reference a associative array, such as $_POST, within the quotes of an expression.  It should look more like this:

<code>
<?php
...
$q = "SELECT * FROM `directory` WHERE `Name` LIKE '%" . $_POST['name'] . "%' ORDER BY id DESC;";
...
?>
</code>

I'm pretty sure that that is your problem.  Let me know if it helps.  Oh, and if you want to use "%" in a sprintf(), you need to backslash it, like sprintf("something something percent sign = \% and again \%");, otherwise it takes it as a sign that your going to drop a variable into it, and its looking for an type identifier.
Link to comment
Share on other sites

Thanks Huggie - you're a star. I tried your statament and it worked first time.

Kev

P.S. - If I want to get results from two different form inputs can I just do this?....

$query_directory = "SELECT * FROM directory WHERE Name LIKE '%{$_POST['name']}%' OR WHERE Keywords LIKE '%{$_POST['keywords']}%' ORDER BY name ASC";
Link to comment
Share on other sites

Huggie my man - you are a genius!

Just one last thing - if one of the fields i blank, it reeturns all results no matter what. Is there any way I can tell it to ignore a field if it's blank? Here's what I have now...

$query_directory = "SELECT * FROM directory WHERE Name LIKE '%{$_POST['name']}%' OR Keywords LIKE '%{$_POST['keywords']}%' ORDER BY name";
Link to comment
Share on other sites

[quote]
Just one last thing - if one of the fields is blank, it returns all results no matter what. Is there any way I can tell it to ignore a field if it's blank?
[/quote]

You mean if one of the submitted form fields is blank, or one of the database fields?

Can you also tell me what column is your primary key in your directory table?

Regards
Huggie
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.