MySQLi Query Builder returning all and/or random records regardless of search criteria.

11/04/2015 3:27 am | #1 Nathon Jones Web Design

Here's our search form:

<form class="navbar-form navbar-right" action="admin.php" method="post" name="pocsearchFORM" id="pocsearchFORM">
            <div class="form-group">
              <input type="text" name="adminsearch" id="adminsearch" placeholder="Search headstones..." class="form-control">
            </div>
            <button type="submit" class="btn btn-info" name="pocsearchBTN" id="pocsearchBTN">Search <span class="glyphicon glyphicon-search"></span></button>
          </form>

Here's what MySQLi Query Builder generated:

<?php
$rsSEARCH = new WA_MySQLi_RS("rsSEARCH",$csdbmysqli,0);
$rsSEARCH->setQuery("SELECT POCheadstones.HeadstoneID, POCheadstones.MapRefID, POCheadstones.DGFHSID, POCheadstones.Inscription, POCheadstones.StoneDescription FROM POCheadstones WHERE POCheadstones.MapRefID = ? OR POCheadstones.Inscription LIKE ? OR POCheadstones.DGFHSID = ? OR POCheadstones.StoneDescription LIKE ? ORDER BY POCheadstones.MapRefID ASC");
$rsSEARCH->bindParam("i", "".(isset($_POST['adminsearch'])?$_POST['adminsearch']:"")  ."", "-1"); //WAQB_Param1
$rsSEARCH->bindParam("c", "".(isset($_POST['adminsearch'])?$_POST['adminsearch']:"")  ."", "-1"); //WAQB_Param2
$rsSEARCH->bindParam("i", "".(isset($_POST['adminsearch'])?$_POST['adminsearch']:"")  ."", "-1"); //WAQB_Param3
$rsSEARCH->bindParam("c", "".(isset($_POST['adminsearch'])?$_POST['adminsearch']:"")  ."", "-1"); //WAQB_Param4
$rsSEARCH->execute();
?>

If I type in a single keyword, for example "1865", it returns all manner of records - some contain "1865", some do not. Also, before we've even searched it returns records!

Page attached and, once I've posted this, I'll add a link and admin details for where you can test this online. Thank you.

11/04/2015 3:43 am | #2 Nathon Jones Web Design

Online details below. You'll see, as soon as you log in, that 3 results are already displayed from the recordset despite you not having searched for anything.

If you search for "1865" you'll get three results, which each have "1865" within them however if you type in the word "Hannay" you get results that simply don't contain that term.

It's all most odd. I'd appreciate your help with it because I've been unable to use the extensions since this mess with DMX Zone Extension Manager.

Thank you.
NJ

11/04/2015 4:10 am | #3 Nathon Jones Web Design

Checking this:

<?php
$rsSEARCH = new WA_MySQLi_RS("rsSEARCH",$csdbmysqli,0);
$rsSEARCH->setQuery("SELECT POCheadstones.HeadstoneID, POCheadstones.MapRefID, POCheadstones.DGFHSID, POCheadstones.Inscription, POCheadstones.StoneDescription FROM POCheadstones WHERE POCheadstones.MapRefID = ? OR POCheadstones.Inscription LIKE ? OR POCheadstones.DGFHSID = ? OR POCheadstones.StoneDescription LIKE ? ORDER BY POCheadstones.MapRefID ASC");
$rsSEARCH->bindParam("i", "".(isset($_POST['adminsearch'])?$_POST['adminsearch']:"")  ."", "-1"); //WAQB_Param1
$rsSEARCH->bindParam("c", "".(isset($_POST['adminsearch'])?$_POST['adminsearch']:"")  ."", "-1"); //WAQB_Param2
$rsSEARCH->bindParam("i", "".(isset($_POST['adminsearch'])?$_POST['adminsearch']:"")  ."", "-1"); //WAQB_Param3
$rsSEARCH->bindParam("c", "".(isset($_POST['adminsearch'])?$_POST['adminsearch']:"")  ."", "-1"); //WAQB_Param4
$rsSEARCH->execute();
?>

Despite TRIPLE checking that we were using the word LIKE instead of =, MySQLi Query Builder is changing Integer fields back to =.
So, to prove we weren't going mad, we re-created it and, lo and behold, MySQLi Query Builder just auto-changes the Integer fields back to =.
Extremely frustrating.

We have also changed the recordset to:

<?php
if (isset($_POST["pocsearchBTN"]) || isset($_POST["pocsearchBTN_x"])) {
$rsSEARCH = new WA_MySQLi_RS("rsSEARCH",$csdbmysqli,0);
$rsSEARCH->setQuery("SELECT POCheadstones.HeadstoneID, POCheadstones.MapRefID, POCheadstones.DGFHSID, POCheadstones.Inscription, POCheadstones.StoneDescription FROM POCheadstones WHERE POCheadstones.MapRefID LIKE ? OR POCheadstones.Inscription LIKE ? OR POCheadstones.DGFHSID LIKE ? OR POCheadstones.StoneDescription LIKE ? ORDER BY POCheadstones.MapRefID ASC");
$rsSEARCH->bindParam("c", "".(isset($_POST['adminsearch'])?$_POST['adminsearch']:"")  ."", "-1"); //WAQB_Param1
$rsSEARCH->bindParam("c", "".(isset($_POST['adminsearch'])?$_POST['adminsearch']:"")  ."", "-1"); //WAQB_Param2
$rsSEARCH->bindParam("c", "".(isset($_POST['adminsearch'])?$_POST['adminsearch']:"")  ."", "-1"); //WAQB_Param3
$rsSEARCH->bindParam("c", "".(isset($_POST['adminsearch'])?$_POST['adminsearch']:"")  ."", "-1"); //WAQB_Param4
$rsSEARCH->execute();
}
?>

Because, no matter what we do, the recordset is returning values despite us not having submitted the search form. No idea what's happening there.
NJ

11/04/2015 12:22 pm | #4 Ray BorduinWebAssist

LIKE and Contains are not valid for integer fields. That is why it is trying to update your SQL to be valid syntax... However I think they should still work though technically invalid MySQL should be smart enough to treat them like text when a LIKE operator is used.

You will have to do that manually after running the Querybuilder, but that doesn't explain the strange results you are seeing. I'd have to debug to figure that one out because it seems like it should work after you made your update.

Please post FTP information in the private area of a response and I'll figure out what is going on.

Did this help? Tips are appreciated...

1/11/2016 12:09 pm | #5 Nathon Jones Web Design

Sorry, going back to this one, I simplified the search as much as I could but we are still seeing very odd results in our searches.

We have this live on the domain now at:
http://www.portpatrickchurchyard.org.uk/

Using the search box, top right, works well but, spookily, if you try a search for "jones" two records are always returned despite them having NO reference to the name "jones" at all in any of the fields the querybuilder is querying!

This is our WebAssist QueryBuilder code...

<?php
if (isset($_POST["pocsearchBTN"]) || isset($_POST["pocsearchBTN_x"])) {
$rsSEARCH = new WA_MySQLi_RS("rsSEARCH",$csdbmysqli,0);
$rsSEARCH->setQuery("SELECT POCheadstones.HeadstoneID, POCheadstones.MapRefID, POCheadstones.DGFHSID, POCheadstones.Inscription, POCheadstones.StoneDescription, COUNT(POCphotographs.PhotographID) AS numofimgs, POCphotographs.PhotographFilename FROM POCheadstones INNER JOIN POCphotographs ON POCheadstones.HeadstoneID = POCphotographs.HeadstoneID WHERE POCheadstones.MapRefID LIKE ? OR POCheadstones.Inscription LIKE ? OR POCheadstones.DGFHSID LIKE ? OR POCheadstones.StoneDescription LIKE ? GROUP BY POCheadstones.MapRefID ASC");
$rsSEARCH->bindParam("c", "".(isset($_POST['headstonesearch'])?$_POST['headstonesearch']:"")  ."", "-1"); //WAQB_Param1
$rsSEARCH->bindParam("c", "".(isset($_POST['headstonesearch'])?$_POST['headstonesearch']:"")  ."", "-1"); //WAQB_Param2
$rsSEARCH->bindParam("c", "".(isset($_POST['headstonesearch'])?$_POST['headstonesearch']:"")  ."", "-1"); //WAQB_Param3
$rsSEARCH->bindParam("c", "".(isset($_POST['headstonesearch'])?$_POST['headstonesearch']:"")  ."", "-1"); //WAQB_Param4
$rsSEARCH->execute();
}
?>

Hope you can help shed some light on this one.
Thank you.
NJ

1/12/2016 12:09 am | #7 Nathon Jones Web Design

Provided below. Incidentally, the "Keep me logged in" feature of this forum isn't working. Asks me for my credentials every log in using Microsoft Edge.
Thank you Ray. Wishing you all the best for 2016.

1/12/2016 12:47 am | #8 Ray BorduinWebAssist

In the description field for both of those you have:

<a href="http://www.nathonjoneswebdesign.co.uk/portpatrickoldkirkyard/headstone-detail.php?Hid...

it is finding the "jones" from inside the links in the description... so they do have jones in them.

Did this help? Tips are appreciated...

1/12/2016 1:00 am | #9 Nathon Jones Web Design

Man, I must have looked at that a hundred times or more! :(
I think a qualified doctor would be genuinely concerned reading through some of my posts.
Sorry for the hassle Ray.

NJ.

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

MySQLi Query Builder returning all and/or random records regardless of search criteria.

11/04/2015 3:27 am | #1 Nathon Jones Web Design