Jump to content

Recommended Posts

Good morning,

 

I have a PHP page that searches a mysql database and returns any results.  the fields are FIRSTNAME and SURNAME, separate fields within the table.  

I have run the following search from the mysql command line and the results are correct:

select * from user_data where concat_ws(' ', firstname, lastname) LIKE 'Fred Smith';

However when I transfer this into my PHP page it doesn't return any results:

$sql = "SELECT * from user_data where concat_ws(' ', firstname, lastname) like '$search'";

 

Link to comment
https://forums.phpfreaks.com/topic/316157-php-concatenate/
Share on other sites

Which is it - SURNAME or lastname?

And - maybe it's just me and my style but I would write the query differently:

$q = "select firstname, lastname from user_data
	where firstname='Fred' and lastname='Smith'";

This avoids the unnecessary concatenation and does the proper selection of the fields you need to receive rather than using the * to pull all the columns in.

Link to comment
https://forums.phpfreaks.com/topic/316157-php-concatenate/#findComment-1607472
Share on other sites

  • 1 month later...

Based on the code snippet you provided, it appears that you're using the variable `$search` in your SQL query. However, the issue might lie in the way you are constructing and using this variable in your PHP code. Here are a few things to consider:

1. SQL injection vulnerability: Directly interpolating user input into SQL queries can expose your application to SQL injection attacks. It is highly recommended to use prepared statements or parameterized queries to prevent this vulnerability. Here's an example of how you can modify your code to use prepared statements:

```php
// Assuming you have a database connection established earlier

$search = '%'.$search.'%'; // Add wildcards to match any occurrences of the search term

$sql = "SELECT * FROM user_data WHERE CONCAT_WS(' ', firstname, lastname) LIKE ?";
$stmt = $pdo->prepare($sql);
$stmt->execute([$search]);
$results = $stmt->fetchAll();
```

2. Wildcards in the LIKE comparison: To match partial names, you need to include wildcard characters (`%`) in the `LIKE` comparison. I've modified the code snippet above to add the `%` wildcards before and after the `$search` variable.

Make sure that the value of `$search` contains the actual search term you want to use.

3. Debugging and error handling: If you're still not getting any results, it's a good practice to add error handling to your code to catch any potential errors. You can use `try-catch` blocks or check for errors using `PDO::errorInfo()`.

```php
try {
    // Assuming you have a database connection established earlier

    $search = '%'.$search.'%'; // Add wildcards to match any occurrences of the search term

    $sql = "SELECT * FROM user_data WHERE CONCAT_WS(' ', firstname, lastname) LIKE ?";
    $stmt = $pdo->prepare($sql);
    $stmt->execute([$search]);
    $results = $stmt->fetchAll();
} catch (PDOException $e) {
    echo "Error: " . $e->getMessage();
}
```

By implementing these modifications, you should be able to execute the search query correctly in PHP and retrieve the desired results from the MySQL database.

Link to comment
https://forums.phpfreaks.com/topic/316157-php-concatenate/#findComment-1609352
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.