0

Let's asume I have following object in PHP:

class param{
 public $home; //set by another function
 public $user; //set by another function
 public function createRequest(){
//in this function I want to create mysql string with $home and $user
  $sql = "select * FROM table WHERE home =".$this->home." AND user=".$this->user;
  return $sql;
}

Problem is, that $home (or $user) could be empty string and in this case I want to include all homes (or users), not just columns, where home="" (or user="");

Do you have any suggestion how to do that? Or is this idea wrong? (I'm just beginner with PHP)

Improve this question
1
  • By the way you are missing your speech marks for mysql_ Commented Jul 1, 2013 at 20:57

2 Answers 2

Reset to default
1

This is not the most elegant, and we should be using PDO prepared statements... but for sake of example:

class param{
  public $home; //set by another function
  public $user; //set by another function
  public function createRequest(){
    //in this function I want to create mysql string with $home and $user
    $sql = "select * FROM table";
    if(strlen($this->home) || strlen($this->user)) {
      $sql .= " WHERE ";
      $and = array();
      if(strlen($this->home))
        $and[] = " home='".$this->home."' ";
      if(strlen($this->user))
        $and[] = " user='".$this->user."' "; 
      $sql .= implode(" AND ", $and);
    }
    return $sql;
  }
}

Example test output:

$p = new param;
echo $p->createRequest();
echo "<br>";

$p->home = "foo";
echo $p->createRequest();
echo "<br>";

$p->user = "bar";
echo $p->createRequest();
echo "<br>";

$p->home = "";
echo $p->createRequest();

Will yield:

select * FROM table
select * FROM table WHERE home='foo' 
select * FROM table WHERE home='foo' AND user='bar' 
select * FROM table WHERE user='bar'
Improve this answer
Sign up to request clarification or add additional context in comments.

9 Comments

Prepared statements don't make this any easier.
Coupled with sprintf, I've seen better solutions!
I think you mean to say he should be properly escaping the values - and prepared statements are one way to do that. But you can escape them without preparent statements (and you probably should in this answer)
But I don't know his driver or how he's connecting to the database :o
Either way, you have to build the WHERE clause dynamically, either with interpolated values or ?.
|
0 
class param{
 public $home; //set by another function
 public $user; //set by another function
 public function createRequest(){
//in this function I want to create mysql string with $home and $user
    $ClauseArray = array(' 1 = 1 ');
    if ($this->home != '') $ClauseArray[] = " home = '".$this->home."' ";
    if ($this->user != '') $ClauseArray[] = " user = '".$this->user."' ";
    $sql = "select * FROM table WHERE ".implode('AND', $ClauseArray);
    return $sql;
}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.