0

Alright. I don't know how to program in PHP. I don't currently want to know. All I want to know is if &= " and" then what = "or"?

I'm on a site with a search. the search doesn't work completly. The admin has much more important things to do then fix it. We can tweeak the search to fix the problems by adjusting the url. (note the admin is aware that we players sometimes add stuff to the url to get it to work right.)

Here is an example with the main words replaced for privacy: examplewebsite.com/examplesearch.php?variable1=&variable2=&variable3=&variable4=NAME1%25NAME2&variable5=&examplesearch=Search

Now this is supposed to return data sets where variables1 through 3 and variable 5 is anything and where variable 4 reads "Name1 Name2" However - this doesn't work. UNTIL I add another %25 like this: variable4=Name1%25Name2%25

Then it works. I'm guessing %25 is a wildcard?

Anyway this is just an example of what I'm talking about manipulating the url. I have no access to the program itself. I want to know if there is an "or " command. In other words if & = "and" what = "or" It may not work because she may not have programmed it that way but I want to try it.

One of the variables is a size variable. Instead of varable1=big&variable2= etc. I'd like to do varable1=big (or) large. Though that may be written varable1=big(symbol meaning "or") varable1=large&varable2= etc.

I hope I make sence here. I'm planning to write the admin to suggest how to correct the search for some of the other items... but I want to see if an "or" link is possible as well so I can suggest how to do another type of search.

thanks for your time.

2
Contributors
3
Replies
4
Views
5 Years
Discussion Span
Last Post by diafol
0

Alright. I don't know how to program in PHP. I don't currently want to know.

Sacrilege! You'll be lucky to get a reply after saying that!

Anyway, you can pass mutiple values for a parameter as an array:

url?param1[]=value1&param1[]=value2

HOWEVER - if the server-side code is not set up to deal with an array, just a single value or '%' separated values (that's your %25), then I don't expect this to work. It all depends on the way the code has been written to query the DB. Just because it works for one field ('variable' in your post above), doesn't mean to say it will work for every field. For example if variable1 was to do with 'image size', it's quite reasonable to expect a single input as ONE of big /medium / small. Using an array or '%' will not work to make an 'OR' clause for the database query.

Breaking the guy's SQL with certain characters in your url could work, but only if he's been lazy. That's not something I would recommend though.

At the end of the day, if the guy's not bothered, there's little you can do, but how about an online petition? Or calls to email en masse?

0

Thanks for the reply. Oh it's a game and I like it and pay for extras (it's free but you can support the game and get extra stuff.) I certianly don't want to break it!

Oh also I know older HTML and I'm self taught in my sql... but I'm not advanced. Just not interested in trying somethign else right now.

Anyway she introduced a number system - well it's been there but in the background... but she changed the way the game works a bit. It's hard for me to explane without giving away the game. Anyway she made some aspects harder so - she revelied the numbers. So now it's "big (16)" to show the range. We would like to have the search by the number. Because some of the ranges are rather large. So that's partially where the or came in. If she can do that with an array I'd love to pass that on to her. For example I'd love to search between 15 and 20. like if it was sql - where size between '15' and '20' Of course I don't expect to do that with the url - just you mentioning arrays got me thinking of it. I was hoping the (16) was part of the word so I could do a wild car but I don't think it is - I think it's stored seperate.

I just tried your idea - I wasn't sure if it was brackets or parenthsis. When I tried brackets I got nothing... when I tried parenthsis - I got everything. there isn't anythign that is supposed to go between them is there?

0

there isn't anythign that is supposed to go between them is there?

Not as a rule, unless you need a associative array, which I'm pretty sure you don't.
You can pass arrays on to create SQL quite easily with a bit of php:

url?range[]=15&range[]=20&range[]=22

All the php needs to do is something like:

if(isset($_GET['range'])){
    $range = (array) $_GET['range'];
    $range = array_map("intval",$range);
    sort($range);
    $rangestring = implode(",",$range);
    $sql = "SELECT ... FROM table WHERE range_id IN ($rangestring)";
}

However, you could just use a comma separated list of values:

url?range=15,20,22

Could be dealt with:

if(isset($_GET['range'])){
    $range = (array) $_GET['range'];
    $range = explode(",",$range);
    $range = array_map("intval",$range);
    sort($range);
    $rangestring = implode(",",$range);
    $sql = "SELECT ... FROM table WHERE range_id IN ($rangestring)";
}

This may seem a bit involved, but it simply ensure that all incoming data is cleaned before querying the database.

Anyway...

//EDIT

Just re-read about 'between' - yes simple:

url?rangestart=15&rangeend=20

Could be dealt with:

if(isset($_GET['rangestart']) && isset($_GET['rangeend'])){
    $rangestart = intval($_GET['rangestart']);
    $rangeend = intval($_GET['rangeend']);
    if($rangeend >= $rangestart){
        $r1 = $rangestart;
        $r2 = $rangeend;
    }else{
        $r1 = $rangeend;
        $r2 = $rangestart;
    }
    $sql = "SELECT ... FROM table WHERE range_id BETWEEN $rangestart AND $rangeend";
}

To be honest there are many ways to go about this - you could even do an associative array:

url?range[start]=16&range[end]=20&range[increment]=2&variable2=234&variable3=3jsaci7
url?range[list]=2,3,5,8,9&variable2=234&variable3=3jsaci7

That would be trivial for a moderately experienced PHP programmer to turn that to query to DB

Edited by diafol

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.