Go Back   CodingForums.com > :: Server side development > PHP
Reload this Page PHP - working with multiple sql where clauses

Before you post, read our: Rules & Posting Guidelines

Reply
 
Thread Tools Rate Thread
Enjoy an ad free experience by logging in. Not a member yet? Register.
Old 05-03-2006, 06:21 PM   PM User | #1
memprog
New Coder

 
Join Date: Jul 2005
Posts: 16
Thanks: 0
Thanked 0 Times in 0 Posts
memprog is an unknown quantity at this point
PHP - working with multiple sql where clauses
I am writing a small php application that returns results based on information a user can enter into multiple text fields.

here is what I have:

search.php
-------------
Order Info ID:
<INPUT type="text" maxLength=100 size=17 name=orderId>
TELEPHONE:
<INPUT type="text" maxLength=20 size=14 name=phone>
PON:
<INPUT type="text" maxLength=100 size=27 name=ponValue>


results.php
----------------
<?
$pon = $_POST['ponValue'];
$telephone = $_POST['phone'];
$order = $_POST['orderID'];

$select = "select * from orderinfo and day <>'' " ;
$whereClause = "";
$res = $db_connection->Execute($select);


?>

<?
//this is what I don't know how to do.
//I need to add the where clause to the sql statement if the user
//..has entered a value into any of the text fields

if($pon !="")
{
whereClause = " and pon = ".'$pon';
echo $res->Fields['$pon']->Value;
}
?>

How can I add this where clause to my sql statment based on what value the user has entered?

please help.

thanks,
Mark
memprog is offline   Reply With Quote
Old 05-03-2006, 07:18 PM   PM User | #2
GJay
Senior Coder

 
Join Date: Sep 2005
Posts: 1,791
Thanks: 5
Thanked 36 Times in 35 Posts
GJay is on a distinguished road
PHP Code:
$select "select * from orderinfo and day <>'' " ;
$whereClause "";
if(isset($pon))
  $where.='pon='.mysql_real_escape_string($pon).' AND';
if(isset($telephone))
  $where.='telephone='.mysql_real_escape_string($telephone).' AND';
if(isset($order))
  $where.='order='.mysql_real_escape_string($order).' AND';
if($where!='')
  $where=' WHERE '.substr($where,0,-4);
$select.=$where;
$res $db_connection->Execute($select); 
GJay is offline   Reply With Quote
Old 05-04-2006, 02:46 AM   PM User | #3
phpfr33k
New to the CF scene

 
Join Date: May 2006
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
phpfr33k is an unknown quantity at this point
hmmm,
Quote:
Originally Posted by GJay
PHP Code:
$select "select * from orderinfo and day <>'' " ;
$whereClause "";
if(isset($pon))
  $where.='pon='.mysql_real_escape_string($pon).' AND';
if(isset($telephone))
  $where.='telephone='.mysql_real_escape_string($telephone).' AND';
if(isset($order))
  $where.='order='.mysql_real_escape_string($order).' AND';
if($where!='')
  $where=' WHERE '.substr($where,0,-4);
$select.=$where;
$res $db_connection->Execute($select); 

Don't want to sound pushy, but there are a couple of other ways to do this.

PHP Code:
$select "select * from orderinfo and day <>'' " ;
$whereClause "";
if(!empty($pon))
  $where.='pon='.mysql_real_escape_string($pon).' AND';
if(!empty($telephone))
  $where.='telephone='.mysql_real_escape_string($telephone).' AND';
if(!empty($order))
  $where.='order='.mysql_real_escape_string($order).' AND';
if($where!='')
  $where=' WHERE '.substr($where,0,-4);
$select.=$where;
$res $db_connection->Execute($select); 

by using the empty function you stop someone from entering blank characters in a form which would not get caught by isset, and would trigger an error.
Although, If your a fan of arrays... You might try this.


PHP Code:

$select "select * from orderinfo and day <>'' " ;

if(count($_GET) > 3){

exit; // Someone is trying to inject get variables!

}
elseif(count($_GET) > 1){

foreach($_GET as $x => $y){

$arr_where[] = "(`" $x "` LIKE '" $y "')";

}

$str_where implode(" AND ",$arr_where);

$select .= " WHERE " $str_where;


This would allow for scalability. If suddenly you need to ask for more information, It is all still optional just change the 3 in the first if statement to the total number of items your form should return.
phpfr33k is offline   Reply With Quote
Old 05-04-2006, 04:42 PM   PM User | #4
memprog
New Coder

 
Join Date: Jul 2005
Posts: 16
Thanks: 0
Thanked 0 Times in 0 Posts
memprog is an unknown quantity at this point
phpfr33k,

I am giving the user the option of either entering 1, multiple or, no values. Will the empty function still work?
memprog is offline   Reply With Quote
Old 05-04-2006, 05:07 PM   PM User | #5
memprog
New Coder

 
Join Date: Jul 2005
Posts: 16
Thanks: 0
Thanked 0 Times in 0 Posts
memprog is an unknown quantity at this point
I neglected to mention something, I have this in a while loop so basically it looks like this....

search.php
-------------
Order Info ID:
<INPUT type="text" maxLength=100 size=17 name=orderId>
TELEPHONE:
<INPUT type="text" maxLength=20 size=14 name=phone>
PON:
<INPUT type="text" maxLength=100 size=27 name=ponValue>


results.php
----------------
<?
$pon = $_POST['ponValue'];
$telephone = $_POST['phone'];
$order = $_POST['orderID'];

$select = "select * from orderinfo and day <>'' " ;
$whereClause = "";
$res = $db_connection->Execute($select);


?>

<?
//this is what I don't know how to do.
//I need to add the where clause to the sql statement if the user
//..has entered a value into any of the text fields

while(!res->EOF)
{

if($pon !="")
{
whereClause = " and pon = ".'$pon';
echo $res->Fields['$pon']->Value;
}
}
?>


So where would I add the code if it's in a while loop?
memprog is offline   Reply With Quote
Reply

Bookmarks

Jump To Top of Thread


« Previous Thread | Next Thread »
Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +1. The time now is 11:35 AM.
Advertisement
Log in to turn off these ads.