I am trying to search my database, I initially had it working with only one and condition but now with four, it will just refresh the page, removing field inputs.
I have tried using only a comma's but this appears to also not work. I have been unable to find any information on Google about their being a limit but also no examples using four conditions. Is there a correct or better way I could try?
if(isset($_POST['search'])){
$lname = trim($_POST['lname']);
$address = trim($_POST['address']);
$street = trim($_POST['street']);
$city = trim($_POST['city']);
$county = trim($_POST['county']);
if($lname==""){
$error[] = "Provide Last Name.";
}elseif($address=""){
$error[] = "Provide House Number/Name.";
}elseif($street==""){
$error[] = "Provide Street.";
}elseif($city==""){
$error[] = "Provide City.";
}elseif($county==""){
$error[] = "Provide County.";
}else{
try{
$stmt = $conn->prepare("SELECT * FROM clients WHERE lname=lname AND address=address AND street=street AND city=city AND county=county");
$stmt->execute(array("lname"=>$lname, "address"=>$address, "street"=>$street, "city"=>$city, "county"=>$county));
$userRow=$stmt->fetch(PDO::FETCH_ASSOC);
if($userRow==''){
$user->redirect('./results.php?new='.$lname.$street);
}else{
if($userRow['rating'] == 'good'){
$user->redirect('./results.php?good='.$lname.$street);
}
if($userRow['rating'] == 'cautionextra'){
$user->redirect('./results.php?cautionextra='.$lname.$street);
}
if($userRow['rating'] == 'cautiondiscount'){
$user->redirect('./results.php?cautiondiscount='.$lname.$street);
}
if($userRow['rating'] == 'cautionlate'){
$user->redirect('./results.php?cautionlate='.$lname.$street);
}
if($userRow['rating'] == 'badnopay'){
$user->redirect('./results.php?badnopay='.$lname.$street);
}
if($userRow['rating'] == 'badabusive'){
$user->redirect('./results.php?badabusive='.$lname.$street);
}
}
}
catch(PDOException $e){
echo $e->getMessage();
}
}
}
Executing SELECT * FROM clients WHERE lname=lname AND address=address AND street=street AND city=city AND county=countyin phpmyadmin returns all of the rows, great but when I var_dump($userRow);, it shows the results for a row different to the one of which I tried to search for.
The issue is that using an equality test for the search columns makes it difficult to get a match with any row because:
The approach with search fields is:
approximately match the input value with column value by using like instead of = as the comparison operator.empty input value match any column value. i.e. ignore the testThe supplied code will generate code: column like % for empty input or will wrap the input value in wildcards: column like %input value%
Untested source at Pastebin.com
Untested code:
<?php // completely untested code...
$stmt = $conn->prepare("SELECT *
FROM clients
WHERE lname like :lname
AND address like :address
AND street like :street
AND city like :city
AND county like :county");
$stmt->execute(array("lname" => empty($lname) ? '%' : '%'. $lname .'%',
"address" => empty($address) ? '%' : '%'. $address .'%',
"street" => empty($street) ? '%' : '%'. $street .'%',
"city" => empty($city) ? '%' : '%'. $city .'%',
"county" => empty($county) ? '%' : '%'. $county .'%'));
$userRow = $stmt->fetch(PDO::FETCH_ASSOC);
You don't need: ":lname" in execute(array(...)) just use index without colon in front: "lname".
Full line:
$stmt->execute(array("lname"=>$lname, "address"=>$address, "street"=>$street, "city"=>$city, "county"=>$county));