Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- SELECT * FROM `database` WHERE `brand` LIKE "%' . $brand . '%" AND `type` LIKE "%' . $type. '%" AND `price` LIKE "%' . $price . '%"
- AND `price` LIKE "*";
- <?php
- $sql = 'SELECT * FROM `database`';
- $where = array();
- if ($brand !== '') $where[] = '`brand` LIKE "%'.$brand.'%"';
- if ($type !== '') $where[] = '`type` LIKE "%'.$type.'%"';
- if ($price !== '') $where[] = '`price` LIKE "%'.$price.'%"';
- if (count($where) > 0) {
- $sql .= ' WHERE '.implode(' AND ', $where);
- } else {
- // Error out; must specify at least one!
- }
- // Run $sql
- <?php
- $fields = array(
- // Form // SQL
- 'brand' => 'brand',
- 'type' => 'type',
- 'price' => 'price',
- );
- $sql = 'SELECT * FROM `database`';
- $comb = ' WHERE ';
- foreach($fields as $form => $sqlfield)
- {
- if (!isset($_POST[$form]))
- continue;
- if (empty($_POST[$form]))
- continue;
- // You can complicate your $fields structure and e.g. use an array
- // with both sql field name and "acceptable regexp" to check input
- // ...
- // This uses the obsolete form for mysql_*
- $sql .= $comb . $sqlfield . ' LIKE "%'
- . mysql_real_escape_string($_POST[$form])
- . '"';
- /* To use PDO, you would do something like
- $sql .= $comb . $sqlfield . 'LIKE ?';
- $par[] = $_POST[$form];
- */
- $comb = ' AND ';
- }
- // Other SQL to go here
- $sql .= " ORDER BY brand;";
- /* In PDO, after preparing query, you would bind parameters
- - $par[0] is value for parameter 1 and so on.
- foreach($par as $n => $value)
- bindParam($n+1, '%'.$value.'%');
- */
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
