I'm relatively new to PHP and I need some help on a search query.
I have a few drop down 'select' and a 'checkbox group' which will filter the search from database using (...WHERE somethingA = 'somethingA' && somethingB = 'somethingB' etc)
That's all working great but the problem comes when I want to make it so that some search fields DONT have to be used, so if 'SomethingA' is either disabled or value='none' then it will only return WHERE somethingB = 'SomethingB'.
I have tried using OR instead of AND but that returns both values if they are true and not really filtering it properly.
my initial solution was to have if..else statements to define the query,
for example:
$query = "SELECT * FROM table";
$results = $con->query("$query $where $QueryA $QueryB $QueryC");
if($_GET['SomethingA'] == "none" && $_GET['SomethingB'] == "none" && $_GET['SomethingC'] == "none"){
$where = ""
$QueryA = ""
$QueryB = ""
$QueryC = "ORDER by ID" //if all search field is 'none' then get all results
}elseif($_GET['SomethingB'] == "none" && $_GET['SomethingC'] == "none"){
$where = "WHERE"
$QueryA = "SomethingA = '{SomethingA}'" //only use A filter one field
$QueryB = ""
$QueryC = ""
}elseif($_GET['SomethingA'] == "none" && $_GET['SomethingC'] == "none"){
$where = "WHERE"
$QueryA = ""
$QueryB = "SomethingB = '{SomethingB}'" //only use B filter one field
$QueryC = ""
.....
it works but you can already see the problem as if i wanted to cross matrix all conditions it becomes very lengthy and confusing.
So my question is whether there is a much better way of doing this, for instance, make value='none' return all results?
been looking around and attacking it from many angles but cant find a solution..
maybe javascript could help but im not the best with it.
thanks in advance
The question is not too clear but look into this. It should help.
$query="SELECT * FROM table WHERE";
$query_link = " AND ";
$isASet=false;
$isBSet=false;
$isCSet=false;
if(strcmp($_GET['SomethingA'],"none") != 0){
$query.=" column = {$_GET['SomethingA']}";
//set this to true for later if statements
$isASet=true;
}
if(strcmp($_GET['SomethingB'],"none") != 0){
//check if A has been set, if yes include an AND
if($isASet){
$query.=$query_link;
}
//include this one as usual
$query.=" column = {$_GET['SomethingB']}";
$isBSet=true;
}
if(strcmp($_GET['SomethingC'],"none") != 0){
//check if A or B has been set, if yes include an AND
if($isASet || $isBSet){
$query.=$query_link;
}
//include this as usual
$query.=" column = {$_GET['SomethingC']}";
}
//run query and collect result
$result = $connection->query($query);
Related
I am hoping this title represents this question well. I am attempting to build a dynamic query based on multiple $vars existing. I am attempting to make this work using a simple if/ifelse/else block but can't seem to get it to work correctly. The first if statements execute accordingly but the third fails. I am new to PHP so I am assuming this a beginner mistake. I also believe there is most likely a far more eloquent way to achieve the desired results.
Basically the user enters a few inputs into multiple text fields. Only one field, out of the 3 needs to contain a value, but 2 or all 3 can as well. If the value does not exist in a field it should generate a Query based on the values provided. I am validating and a creating a variable for each input than checking to see if those variables contain a value or exist.
//////////////////////////////////////////////////////
if(isset($_POST['inputName']) && $_POST['inputName'] != ""){
$inputName = preg_replace('#[^a-z 0-9?!]#i', '', $_POST['inputName']);
}
if(isset($_POST['inputState']) && $_POST['inputState'] != ""){
$inputState = preg_replace('#[^a-z 0-9?!]#i', '', $_POST['inputState']);
}
if(isset($_POST['inputCost']) && $_POST['inputCost'] != ""){
$inputCost = preg_replace('#[0-9]#i', '', $_POST['inputCost']);
}
///////////////////////////////////////////////////////
if (!empty($inputName) AND !empty($inputState) AND !empty($inputCost)){
$sqlCommand = "SELECT * FROM hciproject WHERE school_name LIKE '%$inputName%' AND school_state LIKE '%$inputState%' AND school_cost < '$inputCost'";
}
elseif (!empty($inputName) AND !empty($inputState)){
$sqlCommand = "SELECT * FROM hciproject WHERE school_name LIKE '%$inputName%' AND school_state LIKE '%$inputState%'";
}
elseif (!empty($inputName) AND !empty($inputCost)){
$sqlCommand = "SELECT * FROM hciproject WHERE school_name LIKE '%$inputName%' AND school_cost < '$inputCost'";
}
elseif (!empty($inputState) AND !empty($inputCost)){
$sqlCommand = "SELECT * FROM hciproject WHERE school_state LIKE '%$inputState%' AND school_cost < '$inputCost'";
}
else{
$searchOut .= "0 Results Found";
}
// Connect to DB
include_once("database_connection.php");
$query = mysql_query($sqlCommand) or die(mysql_error());
$count = mysql_num_rows($query);
///////////////////////////////////////////////////////
Additionally I was going to create elseif statements containing only one variable.
Any help with this would be greatly appreciated.
try this:
$inputName = preg_replace('#[^a-z 0-9?!]#i', '',& $_POST['inputName']);
$inputState = preg_replace('#[^a-z 0-9?!]#i', '',& $_POST['inputState']);
$inputCost = preg_replace('#[0-9]#i', '',& $_POST['inputCost']);
$selectCondition = 1;
if($inputName) $selectCondition.= " and school_name LIKE '%$inputName%' ";
if($inputState ) $selectCondition.= " and school_state LIKE '%$inputState%' ";
if($inputCost ) $selectCondition.= " and school_cost < $inputCos ";
Important:
& $_POST['inputName'] is equal to (isset($_POST['inputName']) && $_POST['inputName'] != "")
$users = explode(",", $particiTemp);
foreach($users as $user) {
echo "$user";
}
$checkSQL = mysql_query("SELECT * FROM this WHERE x>'$y' && v<'$z' && user IN ($particiTemp)");
while($checkData = mysql_fetch_array($checkSQL)){
}
I´m kinda stuck right here...
I want to check if $particiTemp (for example: $particiTemp = "2,23,11,4,") is in the field $checkData[user] ($checkData[user] = "5,22,11,23";).
I tried to explode both and tried mysql IN but I don´t know how to check if the field $checkData[user] CONTAINS one of the imploded $particiTemp
"In" clause need values as '2','23','11','4' instead of "2,23,11,4,"
so manipulate your array for result.
$innval = '';
foreach($users as $user) {
if($user != '')
$innval .= "'".$user."',";
}
$innval = substr($innval,0,-1); // to remove last extra ,
and now use this $innval variable in your query to get result
$checkSQL = mysql_query("SELECT * FROM this WHERE x>'$y' && v<'$z' && user
IN ($innval)");
Hope this helps
Idea: explode array to check, for each a mysql_query with INSTR.
Should work, trying it now.
I have some search functionality that works with 3 drop down boxes. Based on the criteria chosen, a profile is returned. The 3 drop downs are:
County
Constituency
Gender
Now I am trying to build a query but have just realised that actually a person does not have to choose an option from each drop down and nor do I want them to.
So for instance I do not want to disable the search button until an option is selected from each drop down.
Having chosen a value from any drop down, and possibly having no value selected from any drop down at all, and just clicking the search button, I am trying to understand how I can cope with the unknown combinations.
My first thought was that I could use something like a truth table but I imagine this is simply overkill and in fact this is a very common piece of functionality.
Then I thought maybe I could have something like:
$county = "$_GET['county'];";
$constituency = "$_GET['constituency'];";
$gender = "$_GET['gender'];";
Then I could check to see if they are empty and somehow use this value, e.g.
if($county !== '') {
???SOMEHOW MAKE USE OF THIS IN AN SQL QUERY???
PERHAPS PASS IT TO ANOTHER PARAMETER
$sqlparams = "county = '$county'";
}
SELECT * FROM profile
WHERE {$sqlparams};
I think I'm on the right tracks but could use some guidance.
All help is greatly appreciated.
This should do want you want, I think.
<?php
$tooLookFor = array("county", "constituency", "gender");
foreach($tooLookFor as $key){
if(isset($_GET[$key]) && strlen($_GET[$key])>0){
$queryParams[] = $key.'="'.$_GET[$key].'"';
}
}
$query = "SELECT * FROM profile WHERE ".implode(' AND ', $queryParams);
?>
You could do something like:
$county = $_GET['county'];
$constituency = $_GET['constituency'];
$gender = $_GET['gender'];
$sqlparams = array();
if($county !== '') {
$sqlparams[] = "county = '$county'";
}
if($constituency !== '') {
$sqlparams[] = "constituency = '$constituency'";
}
if($gender !== '') {
$sqlparams[] = "gender = '$gender'";
}
$query = "SELECT * FROM profile";
if (count($sqlparams) > 0) {
$query .= " WHERE " . implode(" AND ", $sqlparams);
}
You can do that with something like this:
$where = array();
//repeat as needed
$where[$column] = $value;
$where2 = array();
foreach($where as $key => $value){
$where2[] = "$key = '$value'";
}
$where_string = implode(' AND ', $where2);
$where_string will have the string to insert after WHERE.
Yes, you are on the right track, you're just not at the right switch yet. ;)
You can't build the query until you know what you have to work with. So first, in your validation, determine (as you are doing) with the key words actually are and what fields they represent. Presumably these map to fields in tables, maybe 3 tables? Point is, your query will need to be dynamically built.
Ok, i have a problem here...
I am sending values of drop down lists via ajax to this PHP file.
Now I want to search a mysql database using these values, which I have managed to do, BUT, only if I set the values to something...
Take a look:
$query = "SELECT * FROM cars_db WHERE price BETWEEN '$cars_price_from' AND '$cars_price_to' AND year BETWEEN '$cars_year_from' AND '$cars_year_to' AND mileage BETWEEN '$cars_mileage_from' AND '$cars_mileage_to' AND gearbox = '$cars_gearbox' AND fuel = '$cars_fuel'";
now, what if the user doesnt select any "price_from" or "year_from"... The fields are only optional, so if the user doesnt enter any "price from" or "year from", then the user wants ALL cars to show...
Do I have to write a query statement for each case or is there another way?
I do something similar to davethegr8 except I put my conditions in an array and then implode at the end just so I don't have to worry about which conditions got added and whether I need to add extra AND's.
For example:
$sql = "SELECT * FROM car_db";
// an array to hold the conditions
$conditions = array();
// for price
if ($car_price_from > 0 && $car_price_to > $car_price_from) {
$conditions[] = "(price BETWEEN '$cars_price_from' AND '$cars_price_to')";
}
elseif ($car_price_from > 0) {
$conditions[] = "(price >= '$cars_price_from')";
}
elseif ($car_price_to > 0) {
$conditions[] = "(price <= '$cars_price_from')";
}
else {
//nothing
}
// similar for the other variables, building up the $conditions array.
// now append to the existing $sql
if (count($conditions) > 0){
$sql .= 'WHERE ' . implode(' AND ', $conditions);
}
You could simply detect which parameters are missing in your PHP code and fill in a suitable default. eg
if (!isset($cars_mileage_to))
$cars_mileage_to = 500000;
You can build you query, adding the "where" part only if your variables are different from "".
or if you're using mysql 5.x, you can also use subselects:
http://dev.mysql.com/doc/refman/5.0/en/subqueries.html
don't forget to validate the input. It's trivial with firebug, for example, to inject some tasty sql.
This seems like such a simple task, but I'm having a hard time finding a solution that I like for this. I can't find anything I would consider anything other than clunky. Here's what I'm working with:
There is a search form that posts variables to the processing script. These variables are the filters for the data being queried. Depending on the rights of the user, there may be more or less variables coming in, depending on the filters they have access to. Each filter refers to a field in the table the results are coming from, basically. One option for each filter is "ANY" as well, so no WHERE clause is needed.
What's a good way to build the query string. Let's say there's four variables coming back: $firstname, $lastname, $age, $dob. But only some users have access to filter by $age and $dob.
$query = "SELECT * FROM people";
if(($firstname != 'ANY' && !empty($firstname)) ||
($lastname != 'ANY' && !empty($lastname)) ||
($age != 'ANY' && !empty($age)) ||
($dob != 'ANY' && !empty($dob))) {
$query .= " WHERE";
}
if($firstname != 'ANY' && !empty($firstname)) {
$query .= " firstname='$firstname'";
}
if($lastname != 'ANY' && !empty($lastname)) {
if($firstname != 'ANY' || !empty($firstname)) {
$query .= " AND";
}
$query .= " lastname='$lastname'";
}
...
And so on. But that just looks dumb, horrible, and ridiculously inefficient to me. I'm using a slightly modified MVC pattern, so would it make sense to build out methods in the search model for each possible filter?
I'd go for this:
$query = "SELECT * FROM people";
$whereClause = " WHERE 1 = 1 ";
if($firstname != 'ANY' && !empty($firstname)) {
$whereClause .= " AND firstname='$firstname' ";
}
if($lastname != 'ANY' && !empty($lastname)) {
$whereClause .= " AND lastname='$lastname' ";
}
$query .= $whereClause;
You could alternatively collect all statements into an array and just go:
if (count($arr)>0) {
$query = "$query
WHERE ". implode(" AND ",$arr);
}
You can extend this:
http://code.google.com/p/mysql-query-builder/
here's some code that will pull all posted variables and string them together.
foreach($_POST as $name=>$value){
$arrFields[] = $name." = '".$value."'";
}
$sSql = "SELECT * FROM people WHERE 1 AND ".implode(" AND ",$arrFields);
OR if your field names are not the same as your table names, or if you want to treat the fields differently in your SQL, you can use a switch.
foreach($_POST as $name=>$value){
switch($name){
case "firstname":
$arrFields[] = "fName = '".$value."'";
break;
case "lastname":
$arrFields[] = "lName = '".$value."'";
break;
case "age":
$arrFields[] = "bioAge >= ".$value;
break;
}
}
$sSql = "SELECT * FROM people WHERE 1 AND ".implode(" AND ",$arrFields);