1

I faced a problem in developing advanced search code using php as an input and output, sql to select and filter data ..

php code:

<form action="index.php?Type=Advance" method="post">
      <input type="text"   name="name">
                <input type="text"   name="sponsor">

    <select size="1" name="gender" id="">
    <option value="male">male</option>
    <option value="female">female</femal>
</select>
                       <select size="1" name="address" id="">
    <option value="x">x</option>
    <option value="y">y</option>
    <option value="z">z</option>
       </select>
             <input type="submit">
  </form>

Then i declare the variables

public function AdvanceSearch($name,$sponsor,$gender,$address) {

$cheack = "";
if(isset($name)&&$name != ""){
    $cheack.="  name =  '$name' ";
}
if(isset($sponsor)&&$sponsor != ""){
    $cheack.=" AND sponsor =  '$sponsor' ";
}
if(isset($gender)&&$gender != ""){
    $cheack.=" AND gender =  '$gender' ";
}
if(isset($address) &&$address != "" ){
    $cheack.=" AND workplace =  '$address' ";
}
   $DB = mysql_query("SELECT * FROM table WHERE 1 =  1 ".$cheack);
   echo "SELECT * FROM user WHERE ".$WHQ;
   exit();

actually it works, however if i didn't insert the name ... the sql statement will be like this 

SELECT * 
FROM table 
WHERE AND sponsor = 'www' 
    AND gender = 'male'

what if i want to search on the table but without inserting the name .. how can i let the sql statement works if i didn't inset the name.

Improve this question
2
  • Not sure I understand... it looks like it would work if you didnt declare name as $cheack would instead consist of sponsor/gender/address... what is not working? Error messages? Also i'm not sure why you have WHERE 1 = 1 in your statement at all. Commented Mar 24, 2013 at 12:23
  • 1
    Make sure to properly escape the query string when not using parameters with mysql_real_escape_string() Commented Mar 24, 2013 at 12:28

2 Answers 2

Reset to default
3

A typical solution to this is always adding a true condition first, such as 1=1. The query without any extra conditions then becomes

SELECT * FROM table WHERE 1=1

and when you add any AND conditions you can just add them to the end, with no special case for the first or last condition:

SELECT * FROM table WHERE 1=1 AND sponsor = 'www' AND gender = 'male'

Note that if you used OR instead of AND the first condition should be false, like 0=1.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

You can use a flag variable like :

$cheack = "";
$flag = False;

if(isset($name)&&$name != ""){
 $cheack.="  name =  '$name' ";
 $flag =True;
}

if(isset($sponsor)&&$sponsor != ""){
 if($flag){
  $cheack.="AND ";
 }
 $cheack.="sponsor =  '$sponsor' ";
}

if(isset($gender)&&$gender != ""){
 if($flag){
  $cheack.="AND ";
 }
 $cheack.="gender =  '$gender' ";
}

if(isset($address) &&$address != "" ){
 if($flag){
  $cheack.="AND ";
 }
 $cheack.="workplace =  '$address' ";
}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.