tags:

views:

124

answers:

3
+1  Q: 

Building MySQL query based on posted variables

This seems like such a simple task, but I'm having a hard time finding a solution that I like for this. I can't find anything I would consider anything other than clunky. Here's what I'm working with:

There is a search form that posts variables to the processing script. These variables are the filters for the data being queried. Depending on the rights of the user, there may be more or less variables coming in, depending on the filters they have access to. Each filter refers to a field in the table the results are coming from, basically. One option for each filter is "ANY" as well, so no WHERE clause is needed.

What's a good way to build the query string. Let's say there's four variables coming back: $firstname, $lastname, $age, $dob. But only some users have access to filter by $age and $dob.

$query = "SELECT * FROM people";
if(($firstname != 'ANY' && !empty($firstname)) ||
   ($lastname != 'ANY' && !empty($lastname)) ||
   ($age != 'ANY' && !empty($age)) ||
   ($dob != 'ANY' && !empty($dob))) {
    $query .= " WHERE";
}

if($firstname != 'ANY' && !empty($firstname)) {
    $query .= " firstname='$firstname'";
}
if($lastname != 'ANY' && !empty($lastname)) {
    if($firstname != 'ANY' || !empty($firstname)) {
        $query .= " AND";
    }
    $query .= " lastname='$lastname'";
}
...

And so on. But that just looks dumb, horrible, and ridiculously inefficient to me. I'm using a slightly modified MVC pattern, so would it make sense to build out methods in the search model for each possible filter?

A: 

You can extend this:

http://code.google.com/p/mysql-query-builder/

inakiabt  2009-08-07 14:36:27
Unfortunately I'm not utilizing any sort of PDO at this point; though that is definitely something I'm looking into. I inherited some of this code and I can only change so much in one go.
Nathan Loding  2009-08-07 14:43:15
User is redirected to: http://github.com/indeyets/MySQL-Query-Builder/tree/master
Smandoli  2009-08-07 14:45:04
+1  A: 
Saggi Malachi  2009-08-07 14:39:00
Never thought of an approach like that. I still feel like there's some sort of pattern or something I could follow, but this will at least clean up the code for now.
Nathan Loding  2009-08-07 14:44:19
That's a cleaner approach. In fact I'm able to improve some code of mine from both Nathan's opener and this reply. I believe the general answer to Nathan's question is "Yep, PHP can look a bit convoluted. Sorry 'bout that!" I'll stay tuned -- maybe I'm wrong. (And maybe I should look into PDO, per other posted answer.)
Smandoli  2009-08-07 14:49:59
When dealing with multiple variables and, depending on their value, the end result changes -- it's going to be convoluted no matter what. The difference is in making it easier to read rather than messier. I'm still playing with it -- I really feel like there's something I'm still missing.
Nathan Loding  2009-08-07 15:18:58
Another nice approach would be collecting all statements into an array and then just if (count($arr)>0) { $query .= "WHERE ". implode(" AND ",$arr); }
Saggi Malachi  2009-08-07 15:24:10
@Saggi: I went with the array implosion suggestion and it worked beautifully. I feel pretty dumb missing something as simple as that!
Nathan Loding  2009-08-07 16:04:24
I added the implosion suggestion to my answer
Saggi Malachi  2009-08-07 16:20:47
A: 

here's some code that will pull all posted variables and string them together.

foreach($_POST as $name=>$value){
    $arrFields[] = $name." = '".$value."'";
}
$sSql = "SELECT * FROM people WHERE 1 AND ".implode(" AND ",$arrFields);

OR if your field names are not the same as your table names, or if you want to treat the fields differently in your SQL, you can use a switch.

foreach($_POST as $name=>$value){
    switch($name){
     case "firstname":
      $arrFields[] = "fName = '".$value."'";
      break;
     case "lastname":
      $arrFields[] = "lName = '".$value."'";
      break;
     case "age":
      $arrFields[] = "bioAge >= ".$value;
      break;
    }
}
$sSql = "SELECT * FROM people WHERE 1 AND ".implode(" AND ",$arrFields);
dogatonic  2009-08-07 17:35:54

related questions

Remove Quotes and Commas from a String in MySQL
What's the best way of converting a mysql database to a sqlite one?
How do you manage databases in development, test, and production?
Multiple foreign keys?
Add 1 to a field (MySQL)
Issues using MS Access as a front-end to a MySQL database back-end?
Bigger than a char but smaller than a blob
How do I retrieve my MySQL username and password?
Long-time LAMP Developer moving to VB.NET
How do I Concatenate entire result sets in MySQL?
Full complete MySQL database replication? Ideas? What do people do?
SQL: Distribution of table in time
SQLite vs MySQL
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Multiple Updates in MySQL
MySQL/Apache Error in PHP MySQL query
What all do I need to escape when sending a (My)SQL query?
Auto Generate Database Diagram MySQL
Mechanisms for tracking DB schema changes
How big can a MySQL database get before performance starts to degrade.
Python and MySQL
SQL Server 2005 implementation of MySQL REPLACE INTO?
How to export data from SQL Server 2005 to MySQL
Throw Error In MySQL Trigger
Binary Data in MySQL