0

I want to create sql queries dynamically depending upon the data I receive from the user.

Code:

$test = $_POST['clientData']; //It can be an array of values
count($test); //This can be 2 or 3 or any number depending upon the user input at the client

$query = "select * from testTable where testData = ".$test[0]." and testData = ".$test[1]." and . . .[This would vary depending upon the user input]"

Is it possible to achieve the above scenario. I am relatively new in this area.Your guidance would be helpful.

Improve this question
3
  • 1
    I guess this is PHP and not so much SQL related? Commented Oct 23, 2013 at 12:40
  • Yes.I am firing sql queries via PHP.Just added PHP tag.Thanks for that. Commented Oct 23, 2013 at 12:41
  • @leo yes leo.Its an array. Commented Oct 23, 2013 at 12:45

8 Answers 8

Reset to default
1

Use:

<?php

$test=$_POST['clientData'];//It can be an array of values

$query = "select *from testtable where 1 ";
foreach($test as $value) {
    $query .= " AND testData='" . $value . "'";
}

echo $query;

?>
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

Use prepared statements:

$query = $dbh->prepare("SELECT * FROM testtable WHERE testData=:test0 and testData=:test1");
$query ->bindParam(':test0', $test0);
$query ->bindParam(':test1', $test0);

$test0 = $test[0];
$test1 = $test[1];

$query->execute();
Improve this answer

Comments

1

Rishi that's a very long chapter.

If you want to search into a single field then you can try to do:

<?php
$test = $_POST[ 'clientData' ];
if( is_array( $test ) ){
    $select = implode( ",", $test );
} else { 
    $select = $test;

}

$query=select *from testtable where testData IN ( $select );
?>

This is valid only for searches into a specific field. If you want to create searches on multiple fields then you need to do a lot of more work, having an associative mapping which can create a relation variable name -> field_to_search

Improve this answer

Comments

0 
$data = $_POST['data'];

$query = "SELECT";

if ( is_set($data['columns']) )
   $query .= " ".implode(',',$data['columns']);
else
   $query .= "*";

if ( is_set($data['table']) )
$query .= " ".$data['table'];

and ...

Improve this answer

Comments

0

This is very much pseudo code as I don't really know PHP, but could you not do something like this

$query = "select * from testable";

$count = count($test);

if($count  > 0)
{ 
    $query .= " where ";

    for ($x=0; $x<=$count; $x++)
    {
        if($x > 0)
        {
              $query .= " and ";
        }

        $query .= " testData='" . $test[x] . "'";
    } 
}
Improve this answer

Comments

0 
$test=$_POST['clientData'];
$query="select * from testtable where testData='".$test[0]."' and testData='".$test[1]."' and . . .[This would vary depending upon the user input]";
$result = mysql_query($query);
Improve this answer

Comments

0 
$test=$_POST['clientData'];//It can be an array of values
    $dValuesCount = count($test);//This can be 2 or 3 or any number depending upon the user input at the client

    $query="select *from testtable ";  


    if ($dValuesCount > 0 ){
        $query .= " WHERE ";

        for ($dCounter = 0; $dCounter <= $dValuesCount ; $dCounter++){

            $query .= "testData=" . $test[$dCounter];
            if ($dCounter != ($dValuesCount - 1)){

            $query .= " AND ";
            }

        }


    }
Improve this answer

Comments

0 
$q="select *from table where ";
    $a=count($test)-1;
    $b=0;
    while($element = current($test)) {
        $key=key($array);
        if($b!=$a){
            $q.=$key."=".$test[$key]." and ";
        }
        else {
            $q.=$key."=".$test[$key];
        }
        next($array);
        $b=$b+1;
    }

for this your array must contain columnname as key for example

$test['name'],$test['lastname']

then it will return

$q="select * from table where name=testnamevalue and lastname=testlastnamevalue";

hope it works

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.