skip to Main Content

hi there i want to search multiple order id in same search request on my website now my website have only 1 id search and get option like 100 or 101 but i need to search miltiple id search using comma like 100,101,102,103 and get all of those id how can do this here i share my code please help me

elseif( $_GET["search_type"] == "order_id" && $_GET["search"] ):
  $search_where = $_GET["search_type"];
  $search_word  = urldecode($_GET["search"]);
  $count        = $conn->prepare("SELECT * FROM orders INNER JOIN clients ON clients.client_id = orders.client_id WHERE orders.order_id LIKE '%".$search_word."%' && orders.dripfeed='1' && orders.subscriptions_type='1' ");
  $count        -> execute(array());
  $count        = $count->rowCount();
  $search       = "WHERE orders.order_id LIKE '%".$search_word."%'  && orders.dripfeed='1' && orders.subscriptions_type='1' ";
  $search_link  = "?search=".$search_word."&search_type=".$search_where;

2

Answers


  1. Instead of using LIKE operator you can use IN operator, e.g.WHERE orders.order_id IN (100,101,102,103)

    Some important tips:

    • you are using prepared statement and that is good but instead of passing a parameter you use string concatenation: dont do that you are exposed to SQL injection, use parameters in prepared statement intead.
    • don’t, i repeat don’t pass the SQL query condition in the query string: it is worse than the previous problem
    • you can query the count of the row directly in a query instead of query all the rows and retrieve the row count ($count->rowCount()) for example you can wrap your query like so:
    $baseQuery = "SELECT field1, field2 FROM table";
    $countQuery "SELECT count(*) FROM ($baseQuery) AS c";
    

    and then excute the $countQuery (always with prepared statement and parameters) and get the count immediately

    Login or Signup to reply.
  2. You can try this code:

    elseif ($_GET["search_type"] == "order_id" && $_GET["search"]) {
      $search_where = $_GET["search_type"];
      $search_words = explode(',', urldecode($_GET["search"])); // split search query by comma
      $search_query = array();
      foreach ($search_words as $word) {
        $word = trim($word);
        if ($word != '') {
          $search_query[] = "orders.order_id LIKE '%$word%'";
        }
      }
      $search_query = implode(' OR ', $search_query);
      $count = $conn->prepare("SELECT * FROM orders INNER JOIN clients ON clients.client_id = orders.client_id WHERE ($search_query) && orders.dripfeed='1' && orders.subscriptions_type='1'");
      $count->execute(array());
      $count = $count->rowCount();
      $search = "WHERE ($search_query) && orders.dripfeed='1' && orders.subscriptions_type='1'";
      $search_link = "?search=".implode(',', $search_words)."&search_type=".$search_where;
    }
    

    As you can check the code first uses the explode() method to split the search query into multiple terms separated by commas, and then it loops through each term to build the search query using the LIKE operator and the OR logical operator. The database’s matching order IDs are then looked up using the resulting query. Finally, all of the search terms are added, separated by commas, to the search query and search link.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search