ansaurus

Question

PHP mysql - ...AND column='anything'... ?

Answer 1

+2 A:

Try using this:

AND ('$tab' = '' OR ikon = '$tab')

If the empty string is given then the condition will always succeed.

Alternatively, from PHP you could build two different queries depending on whether $id is empty or not.

Mark Byers 2010-05-24 12:52:43

Still no results. Before passing in the URL variable, i check if it's set, and if it's not, i set it to "". That's the same thing as: AND column='something' OR column='', right? Well, still not working anyways. :/

Nike 2010-05-24 12:57:26

Sarfraz Ahmed, yup that's correct.

Nike 2010-05-24 12:58:03

@Nike: No it's not the same. You need the parentheses.

Mark Byers 2010-05-24 13:02:06

Okey, it still gives me the same result though.

Nike 2010-05-24 13:10:11

@Nike: You've typed `column=''` instead of `'$id' = ''`.

Mark Byers 2010-05-24 13:12:14

Actually, it's suppose to be " ikon='' " and not ID.

Nike 2010-05-24 13:19:14

@Nike: My apologies, I was unable to guess your column names correctly. I'll edit my post.

Mark Byers 2010-05-24 13:24:52

Answer 2

A:

Run your query if search string is provided by wrapping it in if-else condition:

$id = (int) $_GET['id'];

if ($id)
{
  // run query
}
else
{
  // echo oops
}

Sarfraz 2010-05-24 12:54:05

Yeah i could do that, i've thought about it, but i don't want to clutter the code too much. Isn't there any way to just check if it's *?

Nike 2010-05-24 12:59:59

Answer 3

+2 A:

You can dynamically create your query, e.g.:

$query = "SELECT * FROM table WHERE foo='bar'";

if(isset($_GET['id'])) {
    $query .= " AND column='" . mysql_real_escape_string($_GET['id']) . "'";
}

Update: Updated code to be closer to the OP's question.

Felix Kling 2010-05-24 12:58:24

+1 - best solution offered thus far.

Sohnee 2010-05-24 13:02:29

The presence of `AND` in the question implies that he always wants a `WHERE` clause, but that one of the clauses should be optional.

Mark Byers 2010-05-24 13:03:08

@Mark Byers: Yes, I know. It is only an example and I think it can be easily adapted to using `AND`. It should give the right idea. (Anyway, updated my example...)

Felix Kling 2010-05-24 13:04:17

That's a good idea! I'll keep that in mind for future use. This time however, i don't think that's a good idea to use.

Nike 2010-05-24 13:04:19

Answer 4

A:

There is noway to check if a column is "anything"
The way to include all values into query result is exclude this field from the query.
But you can always build a query dynamically.
Just a small example:

$w=array();
if (!empty($_GET['rooms'])) $w[]="rooms='".mysql_real_escape_string($_GET['rooms'])."'";
if (!empty($_GET['space'])) $w[]="space='".mysql_real_escape_string($_GET['space'])."'";
if (!empty($_GET['max_price'])) $w[]="price < '".mysql_real_escape_string($_GET['max_price'])."'";


if (count($w)) $where="WHERE ".implode(' AND ',$w); else $where='';
$query="select * from table $where";

For your query it's very easy:

$ikon="";
if ($id) $ikon = "AND ikon='$tab'";
mysql_query("SELECT * FROM filer 
             WHERE (real_name LIKE '%$searchString%' 
                   OR filinfo LIKE '%$searchString%')
                   AND public='1' 
                   $ikon 
             ORDER BY rank DESC, kommentarer DESC");

I hope you have all your strings already escaped

Col. Shrapnel 2010-05-24 13:05:51

Could you perhaps explain what the last IF statement actually does?

Nike 2010-05-24 13:08:19

@Nike it is for the case if no criteria were passed.

Col. Shrapnel 2010-05-24 13:11:55

Aaah, now suddenly everything makes more sense to me! :) That would however also clutter the code. If there is no easier way i think i'll go with a simple if statement. if(isset($_GET['foo'])){query..}else {another query...}

Nike 2010-05-24 13:17:53

Oh, it seems even very simple code looks "clutter" to you. Next time I'll write slower.

Col. Shrapnel 2010-05-24 13:20:56

Got your period or what? It's unnecessary to write 6 lines of code to accomplish something that i just managed to do with a few words.

Nike 2010-05-24 13:32:41

@Nike Lost your eyes? actually there is less code than yours. Way less. And I suspect the other your code is no better. Why not to learn from a guru how to code without "clutter" and say thanks?

Col. Shrapnel 2010-05-24 13:34:23

Answer 5

+2 A:

and ikon like '%' would check for the column containing "anything". Note that like can also be used for comparing to literal strings with no wildcards, so, if you change that portion of SQL to use like then you could pre-set the variable to '%' and be all set.

However, as someone else mentioned below, beware of SQL injection attacks. I always strongly suggest that people use mysqli and prepared queries instead of relying on mysql_real_escape_string().

Donnie 2010-05-24 13:19:09

That worked beatifully. Thanks a bunch! :)

Nike 2010-05-24 13:25:27

ansaurus

tags:

views:

answers:

PHP mysql - ...AND column='anything'... ?

related questions