I have a variable in PHP. I want to check my PHP variable in MySQL query and if it is not null use it in a where clause.
select * from T1
where post = "news" and $city = cityname and $city is not null
$city is PHP variable.
I have a problem when $city is null, that should show all news posts but it returns nothing.
this is my table:
Since $city is a PHP variable, if it is NULL then when you echo it in your query you will simply get nothing. That will make an invalid query; it will look like this:
select * from T1
where post = "news" and = cityname and is not null
To make this work, you need to enclose $city in your query in quotes, and then rather than comparing it to NULL, compare it to the empty string i.e.
select * from T1
where post = "news" and ('$city' = cityname or '$city' = '')
Note that the correct logical operator is or for this use case.
As was pointed out in the comments, you should look into prepared statements. This question has some really useful information: How can I prevent SQL injection in PHP?
Try this
select * from T1
where post = "news" and ($city = cityname or $city is not null )
Related
I am having a problem with where_in . I am trying to get the shop name which possess the lookbook had the specific point id
$this->db->select('shop');
$this->db->from('shopify_lookbook');
$this->db->where_in('lookbook_id', 'SELECT lookbook_id FROM shopify_point WHERE point_id = $pointid');
The problem is the query it generate
SELECT `shop` FROM `shopify_lookbook` WHERE `lookbook_id` IN('SELECT lookbook_id FROM shopify_point WHERE point_id = 543')
It will give blank but when I try in mysql without '' in IN() like below
SELECT `shop` FROM `shopify_lookbook` WHERE `lookbook_id` IN(SELECT lookbook_id FROM shopify_point WHERE point_id = 543)
It returns the shop name that I want. How can I erase '' in $this->db->where_in()
You might use where instead and to construct your IN clause there:
$this->db->where('lookbook_id IN (SELECT lookbook_id FROM shopify_point WHERE point_id = $pointid)', NULL, FALSE);
If keep_base_amount is null then I want to use country_id=236 in where clause, else I want to use keep_base_amount's value as in country_id.
I have query something like this:
SELECT * FROM account_treasury_local
WHERE
CASE WHEN keep_base_amount IS NOT NULL THEN country_id = keep_base_amount
ELSE country_id = '236' END
There is a record in database. But, I am getting nothing in result. Is there anything missing/wrong in above query.
As simple as this
SELECT * FROM account_treasury_local
WHERE (keep_base_amount IS NOT NULL AND country_id = keep_base_amount) OR (keep_base_amount IS NULL AND country_id = '236')
Have you tried:
SELECT * FROM account_treasury_local
WHERE
(keep_base_amount IS NOT NULL AND country_id = keep_base_amount)
OR
(keep_base_amount IS NULL AND country_id = '236')
I'm not sure I'm understanding your question correctly.
I am trying to query based on the value of an enum field. Essentially I have 3 values (categories) for the enum field, a, b and c respectively. I am attempting to populate a select field based on the results of the following query:
SELECT * WHERE pid = $id AND group = 'a';
I have tried this with and without single quotes and get the error You have an error in your SQL syntax; and have narrowed it down to being a lack of knowing how to query based on a specific enum value. I assumed this would work and see no reason for it not to so if I can be enlightened I would greatly appreciate it.
Group is a reserved keyword use it like this
SELECT * FROM mytable WHERE pid = $id AND `group` = 'a';
Use tablename
SELECT * From tablename WHERE pid = $id AND `group` = 'a';
Try This..
SELECT * FROM tbname WHERE pid = $id AND `group` = 'a';
if i have a category page that im rendering by querying the subcategories in my database, then if i click on one of the subcategories it sends me to
mydomain.com/product_list.php?id=subcategory.
is there a way take the subcategory from the url to query the database to only show the products in that subcategory?
i think it'll look something like:
$sql = mysql_query("SELECT * FROM products");
This can be obtained from $_GET DOCs.
$subcategory_id = $_GET['id'];
So this would become:
if(array_key_exists('id', $_GET) and is_numeric($_GET['id'])) {
$subcategory_id = (int) $_GET['id'];
$SQL = "SELECT * FROM products WHERE subcategory_id = $subcategory_id";
}
Note I have cast the input variable to an integer to prevent SQL injection etc. As the ID must always be a number.
If you need to pass in a string then use mysql_real_escape_string() DOCs on it first and don't type cast to an integer (int):
if(array_key_exists('id', $_GET)) {
$subcategory_id = mysql_real_escape_string($_GET['id']);
$SQL = "SELECT * FROM products WHERE subcategory_id = '$subcategory_id'";
}
$query = mysql_query("SELECT * FROM `products` WHERE `id` = " . mysql_real_escape_string($_GET['id']);
Of course, that's assuming the table name is products, and the ID columns is id.
Your question is a little confusing. I think to start some tutorials on PHP should be looked at, and the different types of http requests.
What you are looking at is called a GET request. You can access all key, value pairs after the ? in a url through the superglobal $_GET this is an associate array containing all key => values.
So as per above $_GET['id'] is the value you want. But please before you begin look at SQL injection, it is too easy to think that that value can be used directly to make a query.
Here is my current MySQL syntax (but this doesn't work):
SELECT * FROM posts WHERE userID = $userID AND postBy = $postBy AND postType = 'unread'
Here is the picture of my MySQL table (a picture can show more than words!)
I want to know if there is any other way of doing it or if I have to forget this idea?
There's nothing wrong with what you're attempting to do, it's just that you haven't quoted the PHP variable
Make sure you're escaping/sanitizing your input. Also use prepared statements if possible
SELECT * FROM posts WHERE userID = $userID AND postBy = '{$postBy}' AND postType = 'unread'
You should really use parameters, but other than that you will need to enclose the text variables in single quotes.
SELECT * FROM posts WHERE userID = $userID AND postBy = '$postBy' AND postType = 'unread'