John Davidson

How to use PSQL (pervasive) OR in PHP with a variable?

0 comments
Message:


This is part of my query:


where workcenter = '$query' or EmployeeName like '$query'

workcenter is a number and EmployeeName is a string. Users enter either a number or a name and this searches the table for either the workcenter # or the employee.


In my PSQL editor this query works when hardcoded:


where workcenter = 'Adrian' or EmployeeName like '%Adrian%'

How am I supposed to write the EmployeeName like '$query' so it returns results?


I've tried:

%'$query'%

'%$query%'

'%{$query}%'


EDIT: after following @mirtheli suggestion I tried


$base = 'select Employee,EmployeeName,WorkcenterName from zzHENEmplWkcntr ';

$query = $_GET['wc'];comes from input text (example: 1234 or adrian)

$psql = $base . "where workcenter = '$query' or EmployeeName like \'%' .$query . '%\'";

echo "Query: ".$psql;

Output: select Employee,EmployeeName,WorkcenterName from zzHENEmplWkcntr where workcenter = 'adrian' or EmployeeName like \'%' . adrian . '%\'

Error I get: Fatal error: Uncaught Error: Call to a member function execute() on bool in C:\inetpub\wwwroot\viewWorkcenter.php:21 Stack trace: #0 {main} thrown in C:\inetpub\wwwroot\viewWorkcenter.php on line 21


LINE 20 & 21:


$qry = $conn->prepare($psql);

$qry->execute();

My understanding is that this error means the query returned no results.


My Answer:
To use PSQL OR in PHP with a variable, you can use prepared statements to prevent SQL injection and dynamically build your query based on the user input. Here's an example of how you can achieve this:

php
// Assuming $query contains the user input

// Establish a connection to the database
$dsn = "odbc:Driver={Pervasive ODBC Client Interface};ServerName=localhost;dbq=your_database;";
$username = "your_username";
$password = "your_password";

try {
$pdo = new PDO($dsn, $username, $password);
} catch (PDOException $e) {
die("Connection failed: " . $e->getMessage());
}

// Prepare the SQL query
$sql = "SELECT * FROM your_table WHERE workcenter = :query OR EmployeeName LIKE :query";
$stmt = $pdo->prepare($sql);

// Bind the parameter
$stmt->bindParam(':query', $query, PDO::PARAM_STR);

// Execute the query
$stmt->execute();

// Fetch the results
$results = $stmt->fetchAll(PDO::FETCH_ASSOC);

// Output the results
foreach ($results as $row) {
// Do something with the data
}

// Close the connection
$pdo = null;


In this example, we use a prepared statement to safely insert the user input into the query. The `:query` placeholder is bound to the `$query` variable using the `bindParam` method. This helps prevent SQL injection attacks.

Make sure to replace `your_database`, `your_table`, `your_username`, and `your_password` with your actual database details. Also, adjust the connection string (`$dsn`) to match your Pervasive database configuration.

By using prepared statements and binding parameters, you can safely execute queries with user input in PSQL (Pervasive) using PHP.

Rate this post

4 of 5 based on 9705 votes

Comments



© 2024 Hayatsk.info - Personal Blogs Platform. All Rights Reserved.
Create blog  |  Privacy Policy  |  Terms & Conditions  |  Contact Us