0

I'm making a simple search engine in PHP (with PDO) and MySQL, its goal is to find products in a stock.
My TABLE phone has a COLUMN snowden which is a TINYINT (containing 0 or 1). I want to be able to get results if phone.snowden is true and the user's input is 'snowden'.


Here's a short version of my query: (:search_0 is the user's input. This is a prepared query for PDO)

SELECT * FROM phone WHERE phone.snowden = 1 AND :search_0 = `snowden`


Of course the real query is actually longer (joining multiple tables and searching into many columns) but everything works except this.
When I try to search 'snowden' I get no result (meaning the keyword(s) have not been found in any column and the 'snowden' case doesn't work).

  • Do I miss something about the syntax ?
  • How can I achieve this query in the way I tried ?
  • How can I achieve this with a comparison with the column name (if this is a better way to proceed) ?

EDIT: Full code

Here's the full code I use:

$keywords = explode(" ", $_POST['query']);
$query = "SELECT phone.id, phone.imei, phone.model, phone.color, phone.capacity, phone.grade, phone.sourcing, phone.entry, phone.canal, phone.sale, phone.state, phone.snowden FROM phone LEFT JOIN capacity ON (phone.capacity = capacity.id) LEFT JOIN color ON (capacity.color = color.id) LEFT JOIN model ON (color.model = model.id) LEFT JOIN grade ON (phone.grade = grade.id) WHERE ";
$query_array = array();
for ($i = 0; $i < count($keywords); $i += 1) {
    $query .= " ( phone.imei LIKE :search_" . $i;
    $query .= " OR phone.sourcing LIKE :search_" . $i;
    $query .= " OR phone.canal LIKE :search_" . $i;
    $query .= " OR phone.entry LIKE :search_" . $i;
    $query .= " OR phone.sale LIKE :search_" . $i;
    $query .= " OR phone.state LIKE :search_" . $i;
    $query .= " OR ( phone.snowden = 1 AND ':search_" . $i . "' = `snowden` )";
    $query .= " OR model.name LIKE :search_" . $i;
    $query .= " OR color.name LIKE :search_" . $i;
    $query .= " OR capacity.amount LIKE :search_" . $i;
    $query .= " OR grade.name LIKE :search_" . $i;
    if ($i != (count($keywords) - 1)) {
        $query .= " ) AND ";
    } else {
        $query .= " ) ";
    }
    if (strtolower($keywords[$i]) == 'snowden') {
        $query_array['search_' . $i] = $keywords[$i];
    } else {
        $query_array['search_' . $i] = "%" . $keywords[$i] . "%";
    }
}
$query .= "ORDER BY phone.id DESC";
$results = $stock->prepare($query);
$results->execute($query_array);
Improve this question
25
  • 1
    Possible duplicate of Can PHP PDO Statements accept the table or column name as parameter? Commented Sep 15, 2017 at 9:15
  • 2
    The problem with your query what ever that is typed by user becomes you column, eg if user typed "hi " then your query becomes SELECT * FROM phone WHERE phone.snowden = 1 AND hi = 'snowden' Please see above from @Nidhi257 Commented Sep 15, 2017 at 9:23
  • 1
    so you want to check whether user has typed snowden as string ? Commented Sep 15, 2017 at 9:25
  • 1
    oho great finally :) Commented Sep 15, 2017 at 10:02
  • 1
    try updating this: $query .= " OR ( phone.snowden = 1 AND 'snowden'= :search_" . $i )"; Commented Sep 15, 2017 at 10:20

1 Answer 1

Reset to default
1

replace your line 

$query .= " OR ( phone.snowden = 1 AND ':search_" . $i . "' = `snowden` )";

with 

$query .= " OR ( phone.snowden = 1 AND 'snowden'= :search_" . $i )";
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.