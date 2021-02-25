100% agree, this needs a more flexible and robust search query system.
Relying on people to enter the exact search format:
lastname - comma - space - firstname won’t go far.
But probably for now, it’s a case of getting the basics working.
Then build a better query…
The string is the dumped contents of the request. The array is the exploded result of the request string. It appears to be correct.
So if I have to dynamically build the end of the query based on the fact that there are 2 elements in the array like @mabismad said to do:
Then my guess is that the query itself is correct?
(Just trying to walkthrough and retrace my steps to find out where the problem is)
If/when you go down that route, you can end up with many parameters. Even if they have the same (two) values, they will have to be repeated to fill the same number of placeholders.
I think for now, work on getting it working with just two.
Then expand and improve upon it.
Complicating things now, while it’s already not working (for reasons unknown) may be troublesome.
I was looking on StackExchange about this error and I found this:
In this case, the query has 4 tokens in the query, but the array only has 2 bound variables forcing the code to break - which makes sense.
In my case though, the query is asking for 2 tokens while my array only has…1 bound variable?
No, the
$params array has two values, for the two placeholders, so it should work.
That’s why I ask you to dump the variable, to see it is an array of two values.
If it had 1 value, 3 or 4, I would expect that error.
I can’t help thinking there is something else you are not showing us, as it does not make sense, or I’ve been looking at it too long.
I can’t think of anything else other than this javascript that makes it work:
$(document).ready(function(){
$('.search-box input[type="text"]').on("keyup input", function(){
/* Get input value on change */
var inputVal = $(this).val();
var resultDropdown = $(this).siblings(".result");
if(inputVal.length){
$.get("api/search/backend-search.php", {term: inputVal}).done(function(data){
// Display the returned data in browser
resultDropdown.html(data);
});
} else{
resultDropdown.empty();
}
});
// Set search input value on click of result item
$(document).on("click", ".result p", function(){
$(this).parents(".search-box").find('input[type="text"]').val($(this).text());
$(this).parent(".result").empty();
});
});
The posted var_dump() output won’t produce that sql error for just the posted code/query. However, with the exit; statement in that part of the code, no one knows if the sql error you are posting corresponds to that input data or some other data. That error is coming from some other request to the code or from some other code on the page that doesn’t have the same number of prepared query place-holder and elements in the $params array. As a next step, remove the exit; statement from the end of the var_dump() debugging block of code.
LIKE “a string” is not using the power of LIKE.
Yes. This is part of the problem. The javscript is making a http request upon every keyup.
Your php code must validate the inputs before using them. Part of this validation would be to test for a minimum length (such as 2-3 characters) and correctly handle cases where there is not and where there is a comma in the input.
Test for a comma, a space, and then at least one character, or the code falls apart.
EDIT: Actually only a comma and space. technically the empty string still would work.
So the problem is here:
if(inputVal.length){
$.get("api/search/backend-search.php", {term: inputVal}).done(function(data){
* * *
actually now that i think about it, you need to test for exactly one comma followed by a space. Otherwise the thing falls apart the other way around.
That would be covered under the additional parts of the suggestions made -
And -
No. I specifically stated “Your php code…” in that reply. Are you translating the replies we are giving you into your native language using google’s online/browser translator? You are missing the meaning of what is being written.
A general-purpose solution for the definition of this task -
<?php
// name search -
// for a single value, search the last name (with trailing wild-card match?)
// for two comma separated values, assume last, first name. (do you still want wild-card matching for one/both of the columns?)
require '../dbconnect.php';
// use the correct global variable you expect the input in. since you are searching and displaying the result, you should be using a get input
if(isset($_GET["term"]))
{
// explode, trim, and remove empty elements from the submitted search term
$terms = array_filter(array_map('trim',explode(',',$_GET['term'])));
// note: this works as expected even if there is not a comma in the value
// test if there's not a search term(s)
if(!$terms)
{
// do whatever you want for this case, such as set up an error message that the visitor must enter a search term
}
else
{
// one or two search terms
// since you are expecting at most two, you should validate that here... it's an error if there are more than two for the stated definition of this task.
$where_terms = []; // an array of WHERE terms that will be AND'ed
$params = []; // array of prepared query input values
// for what the OP has indicated, the name search will either be for a last name or a last name AND first name
// if there are any search terms, always build the last name part
// note: you may want this case to match either the last name OR the first name column (either one or both.) you would build this 'single' sql term with two parts OR'ed together and add the search value twice to the $params array
// note: if you are doing a wild-card match, add the appropriate % character(s) when you add the values to the $params array
// add the last name
$where_terms[] = "last_name LIKE ?";
$params[] = $terms[0];
// determine if there's a first name
if(count($terms) > 1)
{
// add the first name
$where_terms[] = "first_name LIKE ?";
$params[] = $terms[1];
}
// build the WHERE... part of the query
$where_term = '';
if(!empty($where_terms))
{
$where_term = "WHERE " . implode(' AND ', $where_terms);
// note: this implode will work correctly for one or more elements in the array
}
// build the sql query with whatever WHERE term was produced above
$sql = "SELECT id, last_name, first_name, middle_name, suffix, precinct, residential_address
FROM members
$where_term
";
$stmt = $pdo->prepare($sql);
$stmt-execute($params); // note: this works correctly for zero or more elements in $params
$result = $stmt->fetchAll();
// at the point of producing the output, test/loop over the data
if(!$result)
{
// note: because the code for the 'fail' case is often shorter than for the success case, put this first to make the code more readable
echo "<p>No records found</p>";
}
else
{
foreach($result as $row)
{
echo "<p>{$row['id']} - {$row['last_name']}, {$row['first_name']}
{$row['middle_name']} {$row['suffix']} ({$row['precinct']}) |
{$row['residential_address']}</p>";
}
}
}
}
Note: this doesn’t include the minimum length check.
Is that minimum length check really necessary or was that just for testing?
Also, I got that code and modified it to make it work, and I am getting the results I need!
My next question is regarding what you guys said about wild cards. What are these and what is the best way to implement them in the script?
There are a few, the common one used in SQL is
% which represents zero or more characters.
For example, if you searched
WHERE name LIKE 'john%'
It could return “John”, “Johnson”, “Johnathan”, “Johnny”, etc. With zero or more characters on the end.
If you searched
WHERE name LIKE '%john'
It may return “John”, “Littlejohn”, “StJohn” etc. With zero or more characters on the front.
If you searched
WHERE name LIKE '%john%'
It may return any of the above names, with zero or more characters either end. Basically a “contains this string” search.
So wildcards can broaden the scope of the search for inexact matches.
The operation you are doing is called ajax autocomplete/typeahead. The wild-card match lets you type a few characters and you are shown the matching entries, that for example, start with the entered characters. The following line in the first posted code accomplished this -
$term = $_REQUEST["term"] . '%';
Your current operation requires an exact match, e.g. if you enter the complete last name, you will be shown the rows that match exactly what you have entered.
You can restore the wild-card operation by appending the % character at the two places in the code where the values are being added to the $params array.
