Home/ Questions/Q 6911443
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T08:57:22+00:00

I am inheriting this project from a previous developer and I’ll try to be

  • 0

I am inheriting this project from a previous developer and I’ll try to be as descriptive as possible.

On the page, a user enters a search string and submits the page. The page hits a stored procedure, and the query returns back results. The issue is when the search string is longer than 15 characters. If it is 15 or less, the results return fine. When executing the stored procedure manually, the correct results are returned. When trying to execute from the browser, I’m getting a false response.

First, the stored procedure and the parameters:

exec crm_selectSearch2 1, 'commonwealth water', 'PCBI'

Next the part of the query from the stored procedure:

IF @search_type = 1 BEGIN -- Organization Name
SELECT  org.org_name_1 AS name,
        org.org_id AS id,
        addr.address_city AS city,
        org.phone_number AS phone,
        org.email AS email,
        CASE WHEN ((org.org_status_flag = 'R' OR org.org_status_flag = 'N' OR org.org_status_flag = 'F') AND org.dues_category = 'MBR') THEN 1 ELSE 0 END 'member',
        CASE WHEN (org.org_status_flag = 'P' AND org.dues_category = 'FREE') THEN 1 ELSE 0 END AS 'associate',
        CASE WHEN (org.delete_reason = 'OUT' AND org.org_delete_flag = 'Y' AND org.org_status_flag = 'C') THEN 1 ELSE 0 END 'out',
        org.affiliate_code
FROM        organiz AS org
LEFT JOIN   address AS addr ON addr.address_id = org.address_id
WHERE   (org.org_name_1 LIKE '%'+@search_string+'%' OR org.org_name_2 LIKE '%'+@search_string+'%' OR org.org_search LIKE '%'+@search_string+'%')
AND     (org.affiliate_code = @affiliate_code OR (@affiliate_code = 'PCBI' AND ((org.org_status_flag = 'R' OR org.org_status_flag = 'N' OR org.org_status_flag = 'F') AND org.dues_category = 'MBR')))
ORDER BY    out ASC, org_name_1 ASC

END

When executing this stored procedure manually, I return a positive result. The previous developer wrote his own database handler:

$rpResult = dbStoredProc('crm_selectSearch2',$_REQUEST['search_type'],ereg_replace(' ','',$_REQUEST['search_string']),$GLOBALS['aPermissions']['affiliate_code']

The function dbStoredProc looks like:

if($iMSSQL = dbConnect()) {
    if($iResult = dbExec("select syscolumns.name as column_name, syscolumns.length as length, syscolumns.colorder, syscolumns.type from sysobjects inner join syscolumns on sysobjects.[id] = syscolumns.[id] where sysobjects.name = '".$sProcName."' order by syscolumns.colorder asc")) {
        $aArgs = func_get_args();
        $sSQL = 'EXECUTE '.$sProcName.' ';
        while(@$aRow = mssql_fetch_array($iResult)) {
            if(dbValidate($aRow['type'],$aRow['length'],$aArgs[$aRow['colorder']])) {
                $sSQL = $sSQL.$aRow['column_name'].'='.dbValue($aArgs[$aRow['colorder']],$aRow['type']).',';
                dbDebug('dbStoredProc: Attached "'.$aArgs[$aRow['colorder']].'" to "'.$aRow['column_name'].'";',3);
            } else {
                dbDebug('dbStoredProc: Failed to Attach "'.$aArgs[$aRow['colorder']].'" to "'.$aRow['column_name'].':'.$aRow['type'].'";',2);
            }
        }
        $sSQL[strlen($sSQL)-1] = ';';
        dbDebug('dbStoredProc: "'.$sSQL.'";',3);
        if(@$iResult = mssql_query($sSQL)) {
            dbDebug('dbStoredProc: Executed "'.$sProcName.'"',1);
            var_dump($iResult);
            return $iResult;
        } else {
            dbDebug('dbStoredProc: Failed to Execute "'.$sProcName.'";',1);
            dbDebug('dbStoredProc: '.mssql_get_last_message().';',3);
            return FALSE;
        }
    } else {
        dbDebug('dbStoredProc: Failed to Select Procedure from SysObjects;',1);
        return FALSE;
    }
} else {
    dbDebug('dbStoredProc: Failed to Connect to Database;',1);
    return FALSE;
}

If you notice right after the execution of the query, I am doing a var_dump on $iResult. The response is:

resource(5) of type (mssql result) bool(false)

This result is happening when I use strings longer than 15. If I use a string less than 15, the correct results are returned.

Am I missing something blatant?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    This code:

    ereg_replace(' ','',$_REQUEST['search_string'])

    removes spaces from your search string. So instead of looking for 

    'commonwealth water'

    it looks for 

    'commonwealthwater'

    The column org.org_search has all spaces removed, so it matches de-spaced search strings, but since it is limited to 15 characters (at least in the example):

    'COMMONWEALTHWAT'

    it can only match search strings of up to 15 (non-space) characters long.

    Since the column org_search was probably created for a reason, and is possibly used in other code as well, the solution would be to recreate all (broken?) org_search values without the 15 characters limitation, and leave the de-spacing in place.

    • 0