0

I try to make an "advanced" search field for users. (the users have 5-8 field to short the search list..)

I think i have to build the query depending on which posted field is not empty.

This is my original query, but with this, i got all the row from table..

$query = "select * from MYTABLE where FIELD1 LIKE '%$sample1%' OR FIELD2 LIKE '%$sample2%' OR FIELD3 LIKE '%$sample3%' OR FIELD4 LIKE '%$sample4%' order by name";

So i think i have to use IF statement in query, but i dont know how, i got error all time. And one more thing: If ths user is fill out the "sample4", then he must to fill "sample1". How can i check this?

Thank you for your help.

Improve this question
6
  • 12
    Please google "SQL Injection attack' Commented Dec 15, 2009 at 10:14
  • It's not sure he's not aware of SQL injection, but I guess you're right, Mitch Commented Dec 15, 2009 at 10:20
  • What RDBMS are you coding against ? Commented Dec 15, 2009 at 10:20
  • Mitch - sql injection..i try to solve this, what alternate idea have you to do my query? Adrian - Mysql Commented Dec 15, 2009 at 10:24
  • Read about MySQL control flow functions here dev.mysql.com/doc/refman/5.0/en/control-flow-functions.html Commented Dec 15, 2009 at 10:38

5 Answers 5

Reset to default
2

You can also use array to do this, it will be more organized this way. For every where condition you store them in one array item, and finally join them when generating the SQL.

<?

$fields = array('field1', 'field2', 'field3');
// Changed this to 0, so it won't return all rows
// but also the default array element prevent the statement to fail when 
// no search is being specified at all
$wheres = array(0);
foreach ($fields as $fieldname) {
  // Get user input
  $search = $_GET[$fieldname];
  // add condition to wheres if not empty
  if (!empty($search)) {
    $wheres[] = $fieldname . ' LIKE "%' . mysql_real_escape_string($search)  . '%"';
  }
}

// Join the wheres conditions using OR, (or AND)
$query = 'select * from MYTABLE where' . join(' OR ', $wheres);

?>
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

But take care of SQL injection, as mentioned above :-)
sorry, yes, my fault I put a default 1 in the OR compare statement. Change that to 0 will do.
regarding to SQL injection, at this stage it might hinder the learning process. It is a very important issue to be aware of. You can use mysqli in PHP and use bind param method to pass in variables, when you are ready.
1

You should consider implementing a "full text search" engine.

MySQL has a "FULLTEXT" search feature - you can start learning about it here: See also this article: Developing A Site Search Engine With PHP And MySQL

Improve this answer

Comments

0

Maybe it would be better to create a query that includes only the filter constraints that the user filled out, instead of including all.

If you prefer to follow your solution, you may use the SQL construct

CASE WHEN

Please see this for MS SQL and this for MySQL

Improve this answer

1 Comment

This is exactly what i want. "reate a query that includes only the filter ..." But i dont know how.
0

Perhaps you will want a php-centric full text search solution - then look at Zend_Search_Lucene which is a PHP port of Apache Lucene Presentations of Zend_Search_Lucene can be found here:

Improve this answer

Comments

0

You can try using the "is not null" operator like this:

select * 
from mytable
where 
(field1 is not null and field1 like '%test%') or 
(field2 is not null and field2 like '%test%') or 
(field3 is not null and field3 like '%test%') or
(field4 is not null and field4 like '%test%')
order by name

See also Handling MySQL NULL Values

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.