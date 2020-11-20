PHP PDO Modify Search to include two conditions

PHP
#17

Are you getting the sql error about the number of bound variables not matching on the same page request as the var_dump() output you are showing? I suspect that you are telling/showing the result from two different page requests.

Also, to do this in a more flexible and general way, you would explode the submitted search term on just the ‘,’ character, trim the values, then dynamically build the sql statement with an AND’ed term for each element. For a single value, you would end up with one LIKE term in the query (which you may want to actually search for in both the first and last name columns) and for two values, you would end up with two LIKE terms in the query.

#18

I tried this line of code that @SamA74 gave me for debugging

and this was the output:

string(12) "brown, james" array(2) { [0]=> string(5) "brown" [1]=> string(5) "james" }

because one is a var_dump on the variable and the other is a var_dump on the request.

So what you’re saying is I need to modify this:

$params = explode(', ', $_REQUEST["term"]);

to this:

$params = explode(',', $_REQUEST["term"]);

and this:

SELECT id, last_name, first_name, middle_name, suffix, precinct, residential_address FROM members WHERE last_name LIKE ? AND first_name LIKE ?

and modify the query somehow to only look for one ? rather than two?

#19

Yes, but are you getting the sql error at the same time the var_dump() looks like that?

No. You would dynamically build that part of the the sql query to match how many elements there are in the exploded array.

You also need to decide how you want to use wild-card matches with this. Your goal should be for a search to work, regardless of how much or how little the visitor on the site enters. To do that you need to define what you want to happen for all possible variations of the submitted input value.

#20

No. It’s when I remove the var_dump lines that the error appears.

Aren’t there two elements? Or is there three? According to that output, there’s a string that appears before the array is listed.

#21

100% agree, this needs a more flexible and robust search query system.
Relying on people to enter the exact search format: lastname - comma - space - firstname won’t go far.
But probably for now, it’s a case of getting the basics working.
Then build a better query…

#22

The string is the dumped contents of the request. The array is the exploded result of the request string. It appears to be correct.

#23

So if I have to dynamically build the end of the query based on the fact that there are 2 elements in the array like @mabismad said to do:

Then my guess is that the query itself is correct?

(Just trying to walkthrough and retrace my steps to find out where the problem is)

#24

If/when you go down that route, you can end up with many parameters. Even if they have the same (two) values, they will have to be repeated to fill the same number of placeholders.
I think for now, work on getting it working with just two.
Then expand and improve upon it.
Complicating things now, while it’s already not working (for reasons unknown) may be troublesome.

#25

I was looking on StackExchange about this error and I found this:

image

In this case, the query has 4 tokens in the query, but the array only has 2 bound variables forcing the code to break - which makes sense.

In my case though, the query is asking for 2 tokens while my array only has…1 bound variable?

#26

No, the $params array has two values, for the two placeholders, so it should work.
That’s why I ask you to dump the variable, to see it is an array of two values.
If it had 1 value, 3 or 4, I would expect that error.

I can’t help thinking there is something else you are not showing us, as it does not make sense, or I’ve been looking at it too long.

#27

I can’t think of anything else other than this javascript that makes it work:

$(document).ready(function(){
    $('.search-box input[type="text"]').on("keyup input", function(){
        /* Get input value on change */
        var inputVal = $(this).val();
        var resultDropdown = $(this).siblings(".result");
        if(inputVal.length){
            $.get("api/search/backend-search.php", {term: inputVal}).done(function(data){
                // Display the returned data in browser
                resultDropdown.html(data);
            });
        } else{
            resultDropdown.empty();
        }
    });
    
    // Set search input value on click of result item
    $(document).on("click", ".result p", function(){
        $(this).parents(".search-box").find('input[type="text"]').val($(this).text());
        $(this).parent(".result").empty();
    });
});
#28

The posted var_dump() output won’t produce that sql error for just the posted code/query. However, with the exit; statement in that part of the code, no one knows if the sql error you are posting corresponds to that input data or some other data. That error is coming from some other request to the code or from some other code on the page that doesn’t have the same number of prepared query place-holder and elements in the $params array. As a next step, remove the exit; statement from the end of the var_dump() debugging block of code.

#29

random interjection
LIKE “a string” is not using the power of LIKE.

#30

Yes. This is part of the problem. The javscript is making a http request upon every keyup.

Your php code must validate the inputs before using them. Part of this validation would be to test for a minimum length (such as 2-3 characters) and correctly handle cases where there is not and where there is a comma in the input.

#31

Test for a comma, a space, and then at least one character, or the code falls apart.

EDIT: Actually only a comma and space. technically the empty string still would work.

#32

So the problem is here:

if(inputVal.length){
    $.get("api/search/backend-search.php", {term: inputVal}).done(function(data){

* * *
#33

actually now that i think about it, you need to test for exactly one comma followed by a space. Otherwise the thing falls apart the other way around.

#34

That would be covered under the additional parts of the suggestions made -

And -

#35

No. I specifically stated “Your php code…” in that reply. Are you translating the replies we are giving you into your native language using google’s online/browser translator? You are missing the meaning of what is being written.

#36

A general-purpose solution for the definition of this task -

<?php

// name search -
// for a single value, search the last name (with trailing wild-card match?)
// for two comma separated values, assume last, first name. (do you still want wild-card matching for one/both of the columns?)

require '../dbconnect.php';

// use the correct global variable you expect the input in. since you are searching and displaying the result, you should be using a get input
if(isset($_GET["term"]))
{
	// explode, trim, and remove empty elements from the submitted search term
	$terms = array_filter(array_map('trim',explode(',',$_GET['term'])));
	// note: this works as expected even if there is not a comma in the value
	
	// test if there's not a search term(s)
	if(!$terms)
	{
		// do whatever you want for this case, such as set up an error message that the visitor must enter a search term
	}
	else
	{
		// one or two search terms
		// since you are expecting at most two, you should validate that here... it's an error if there are more than two for the stated definition of this task.
		
		$where_terms = []; // an array of WHERE terms that will be AND'ed
		$params = []; // array of prepared query input values

		// for what the OP has indicated, the name search will either be for a last name or a last name AND first name
		// if there are any search terms, always build the last name part
		
		// note: you may want this case to match either the last name OR the first name column (either one or both.) you would build this 'single' sql term with two parts OR'ed together and add the search value twice to the $params array
		// note: if you are doing a wild-card match, add the appropriate % character(s) when you add the values to the $params array

		// add the last name
		$where_terms[] = "last_name LIKE ?";
		$params[] = $terms[0];

		// determine if there's a first name
		if(count($terms) > 1)
		{
			// add the first name
			$where_terms[] = "first_name LIKE ?";
			$params[] = $terms[1];
		}
		
		// build the WHERE... part of the query
		$where_term = '';
		if(!empty($where_terms))
		{
			$where_term = "WHERE " . implode(' AND ', $where_terms);
			// note: this implode will work correctly for one or more elements in the array
		}

		// build the sql query with whatever WHERE term was produced above
        $sql = "SELECT id, last_name, first_name, middle_name, suffix, precinct, residential_address
		FROM members
		$where_term
		";
				
        $stmt = $pdo->prepare($sql);
		$stmt-execute($params); // note: this works correctly for zero or more elements in $params
        $result = $stmt->fetchAll();
		
		// at the point of producing the output, test/loop over the data
		if(!$result)
		{
			// note: because the code for the 'fail' case is often shorter than for the success case, put this first to make the code more readable
            echo "<p>No records found</p>";
		}
		else
		{
			foreach($result as $row)
			{
				echo "<p>{$row['id']} - {$row['last_name']}, {$row['first_name']} 
					{$row['middle_name']} {$row['suffix']} ({$row['precinct']}) | 
					{$row['residential_address']}</p>";
			}
		}
	}
}

Note: this doesn’t include the minimum length check.