tags:

views:

52

answers:

5
+2  Q: 

help with sql query with parentheses

i have following code:

SELECT *
FROM table
WHERE thread = $thread
AND (user != $user1 OR user != $user2)

i want the code to pick all rows that contains $thread BUT the user isn't $user1 or $user2.

is my code correct? or should it be like:

SELECT *
FROM table
WHERE thread = $thread
(AND user != $user1 OR user != $user2)

thanks in advance

+1  A: 

Use this:

SELECT *
FROM table
WHERE thread = $thread
(AND user != $user1 AND user != $user2)

Because you don't want if the user is either of user1 or user2, for this reason using 'AND' will be proper option here.

Also if the $thread is not an integer field, you need enclose it in quotes eg:

WHERE thread = '$thread'
Sarfraz  2010-02-16 03:42:04
+2  A: 

SELECT *
FROM table
WHERE thread = $thread
AND user != $user1
AND user != $user2

Plynx  2010-02-16 03:42:08
what if thread is a string?
Sarfraz  2010-02-16 03:46:23
Just following the OP's lead. Avoiding SQL injection is important, obviously.
Plynx  2010-02-16 05:05:04
A: 

I think you should also be using <> instead of !=

So:

SELECT *
FROM table
WHERE thread = $thread
AND user <> $user1
AND user <> $user2
Ganesh Shankar  2010-02-16 03:42:57
<> and != both are same and understood by mysql
Sarfraz  2010-02-16 03:44:52
`!=` is ANSI-92, and supported by MySQL at least 4.1+
OMG Ponies  2010-02-16 03:57:06
+3  A: 

Use:

SELECT t.*
  FROM TABLE t
 WHERE t.thread = mysql_real_escape_string($thread)
   AND t.user NOT IN (mysql_real_escape_string($user1), mysql_real_escape_string($user2))

Please use mysql_real_escape_string, or risk SQL injection attacks.

OMG Ponies  2010-02-16 03:46:25
Mind that you don't need single quotes, because of using `mysql_real_escape_string`
OMG Ponies  2010-02-16 03:51:23
i have already escaped them=)
weng  2010-02-16 03:52:06
`mysql_escape_string` is deprecated, but an alternative for PHP prior to 5.3: http://php.net/manual/en/function.mysql-escape-string.php
OMG Ponies  2010-02-16 03:52:39
@noname: Sorry, just making sure.
OMG Ponies  2010-02-16 03:53:02
+1  A: 

You could also use

SELECT *
FROM table
WHERE thread = '$thread'
AND user NOT IN ($user1, $user2)

Don't know which executes faster, but this is my preferred way because I like it's readability better.

PhiwassailerKing  2010-02-16 04:29:48

related questions

Remove Quotes and Commas from a String in MySQL
What's the best way of converting a mysql database to a sqlite one?
How do you manage databases in development, test, and production?
Multiple foreign keys?
Add 1 to a field (MySQL)
Issues using MS Access as a front-end to a MySQL database back-end?
Bigger than a char but smaller than a blob
How do I retrieve my MySQL username and password?
Long-time LAMP Developer moving to VB.NET
How do I Concatenate entire result sets in MySQL?
Full complete MySQL database replication? Ideas? What do people do?
SQL: Distribution of table in time
SQLite vs MySQL
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Multiple Updates in MySQL
MySQL/Apache Error in PHP MySQL query
What all do I need to escape when sending a (My)SQL query?
Auto Generate Database Diagram MySQL
Mechanisms for tracking DB schema changes
How big can a MySQL database get before performance starts to degrade.
Python and MySQL
SQL Server 2005 implementation of MySQL REPLACE INTO?
How to export data from SQL Server 2005 to MySQL
Throw Error In MySQL Trigger
Binary Data in MySQL