tags:

views:

138

answers:

1
+1  Q: 

creating a mysql search string dynamically?

Hi all,

I'm trying to create a simple search page, but I'm not 100% sure how to write the actual search string (using the appropriate AND's etc if the variable exists) here's the code:

if ($post) {

    //get all search variables
    $type = JRequest::getVar('type');
    $classifications = JRequest::getVar('classifications', array(0), 'post', 'array');
    $rating = JRequest::getVar('rating');
    $status = JRequest::getVar('status');
    $cterms = JRequest::getVar('cterms');
    $clientid = JRequest::getVar('clientid');
    $company = JRequest::getVar('company');
    $address = JRequest::getVar('address');
    $name = JRequest::getVar('name');
    $surname = JRequest::getVar('surname');
    $city = JRequest::getVar('city');
    $state = JRequest::getVar('state');
    $pcode = JRequest::getVar('pcode');
    $country = JRequest::getVar('country');

    //create search string
    echo "SELECT * FROM #__db_clients "; <- the query is supposed to be done here.. it's in as echo because I was trying to spit it out before trying to make it run.. :)

} else {

    echo 'There has been an error, please try again.';

};

I've tried using (if type != null then searchtype = "where type = 'X'") but then I couldn't figure out how to place the AND before/after if it's required for the search.. if that makes sense?

+2  A: 

This is a quick example. I don't know what kind of data JRequest::getVar returns (always a string, or mixed types?) but this should start you off. Make sure to use whichever escaping method applies within the foreach loop:

if ($post) {
    $criteria = array();
    //get all search variables
    $criteria['type'] = JRequest::getVar('type');
    $criteria['classifications'] = JRequest::getVar('classifications', array(0), 'post', 'array');
    $criteria['rating'] = JRequest::getVar('rating');

    //if there are some criteria, make an array of fieldName=>Value maps
    if(!empty($criteria)) {
        $where = array();
        foreach($criteria as $k => $v) {
            //IMPORTANT!!
            //$v is the value of the field, needs to be quoted correctly!!
            $where[] = "$k = '$v'";
        }
    }
    //create search string
    $query =  "SELECT * FROM #__db_clients";

    if($where) {
        $query .= " where " . join(' AND ', $where);
    }   
} else {    
    echo 'There has been an error, please try again.';
};
karim79  2009-09-15 01:34:29
Be sure to apply escaping to `$v` as you interpolate it into the expression.
Bill Karwin  2009-09-15 01:36:53
@Bill Karwin - Thanks, absolutely! I don't know which escaping method applies to his application, so I put a note into the answer (as well as code comment).
karim79  2009-09-15 01:40:32
Thanks so much, that'll definately help me get my code going :) Muchly appreciated!
SoulieBaby  2009-09-15 01:42:31
@SoulieBaby - np, make sure to thoroughly test whatever you turn that into, it helps to put a lot of diagnostic echo statements at each step, so you can see what's going on. And *make sure everything is properly escaped/quoted*. Good luck!
karim79  2009-09-15 01:47:52
Hmm it doesnt like "foreach($criteria as $k = $v) {" I get this error: Parse error: syntax error, unexpected '=', expecting ')'
SoulieBaby  2009-09-15 01:49:42
@SoulieBaby - My mistake, I've edited the answer: '=' should be '=>' so replace that line with foreach($criteria as $k => $v) {
karim79  2009-09-15 01:52:06
thank you :) works well :D
SoulieBaby  2009-09-15 01:55:20
mysql_real_escape_string() is your friend.
Shoan  2009-09-15 02:07:23

related questions

Remove Quotes and Commas from a String in MySQL
What's the best way of converting a mysql database to a sqlite one?
How do you manage databases in development, test, and production?
Multiple foreign keys?
Add 1 to a field (MySQL)
Issues using MS Access as a front-end to a MySQL database back-end?
Bigger than a char but smaller than a blob
How do I retrieve my MySQL username and password?
Long-time LAMP Developer moving to VB.NET
How do I Concatenate entire result sets in MySQL?
Full complete MySQL database replication? Ideas? What do people do?
SQL: Distribution of table in time
SQLite vs MySQL
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Multiple Updates in MySQL
MySQL/Apache Error in PHP MySQL query
What all do I need to escape when sending a (My)SQL query?
Auto Generate Database Diagram MySQL
Mechanisms for tracking DB schema changes
How big can a MySQL database get before performance starts to degrade.
Python and MySQL
SQL Server 2005 implementation of MySQL REPLACE INTO?
How to export data from SQL Server 2005 to MySQL
Throw Error In MySQL Trigger
Binary Data in MySQL