How to make a search query in stored procedure with OR, AND keyword using php and mysql?
Question
I am making a search query in stored procedure but the problem is that everytime I search for a word it displays an error.
my stored procedure
DELIMITER//
CREATE PROCEDURE viewMedicine(product_name varchar(40), description text)
READS SQL DATA
DETERMINISTIC
begin
PREPARE STMT FROM "SELECT * FROM products WHERE product_name like ? OR description like ? ORDER BY ASC";
SET @s=product_name;
SET @ss=description;
EXECUTE STMT USING @s, @ss;
end//
DELIMITER;
php code:
$search="";
if(isset($_POST['search_txt'])){
$search=$_POST['search_txt'];
if($search!="")
$sql="Call searchMedicine('$search%')";
else
$sql="SELECT id, product_name, description, price, quantity, date FROM products ORDER BY product_name ASC";
}
else
$sql="SELECT id, product_name, description, price, quantity, date FROM products ORDER BY product_name ASC";
$result = mysqli_query($conn, $sql);
while($test = mysqli_fetch_array($result))
{
$id = $test['id'];
?>
1 answers
solution1
0 ACCPTED 2015-12-29 00:55:31
What error are you seeing? Your sproc is called viewMedicine and has two arguments, product_name and description. Your sql code is calling searchMedicine and is only passing one parameter, $search.
Your call of mysql_fetch_array is most likely incorrect. You need to pass the mysql_result object that is returned by mysqli_query. I can't tell for sure without seeing more of your code. Please see my comment.
EDIT: Thanks for providing the code. Your use of mysqli_query is correct but there is a syntax or argument error. Looking at the definition of your SPROC, I'd say it's an argument error.
Try making the following changes:
$search="";
if (isset($_POST['search_txt'])){
$search=$_POST['search_txt'];
if($search!="")
$sql="Call viewMedicine('$search%', '')";
else
$sql="SELECT id, product_name, description, price, quantity, date FROM products ORDER BY product_name ASC";
}
else {
$sql="SELECT id, product_name, description, price, quantity, date FROM products ORDER BY product_name ASC";
}
$result = mysqli_query($conn, $sql);
if(!$result) {
echo("Error description: " . mysqli_error($conn));
}
else {
while($test = mysqli_fetch_array($result))
{
$id = $test['id'];
?>
If you do not need to search for description in your query, remove it from the SPROC:
PREPARE STMT FROM "SELECT * FROM products WHERE product_name like ?";
SET @s=product_name;
EXECUTE STMT USING @s;
Then, your call in your code would become:
...
if($search!="")
$sql="Call viewMedicine('$search%')";
else
...
EDIT 2:
If you want to search for the description, you will need to get it to the script. You probably want to do it the same way you are doing the search for the product name, I assume, which is through the $_POST array, so I will write code for the assumption. Be aware, of course, that you'll need to make the necessary changes to the webform which sends POST data to this script.
$search="";
if (isset($_POST['search_txt']) &&
isset($_POST['description_txt'])){
$search=$_POST['search_txt'];
$description=$_POST['description_txt'];
if($search != "" && $description != "")
$sql="Call viewMedicine('$search%', '%$description%')";
else
$sql="SELECT id, product_name, description, price, quantity, date FROM products ORDER BY product_name ASC";
}
else {
$sql="SELECT id, product_name, description, price, quantity, date FROM products ORDER BY product_name ASC";
}
$result = mysqli_query($conn, $sql);
if(!$result) {
echo("Error description: " . mysqli_error($conn));
}
else {
while($test = mysqli_fetch_array($result))
{
$id = $test['id'];
?>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.