creating a sql query dynamically

Question

I want to create sql queries dynamically depending upon the data I receive from the user.

Code:

$test = $_POST['clientData']; //It can be an array of values
count($test); //This can be 2 or 3 or any number depending upon the user input at the client

$query = "select * from testTable where testData = ".$test[0]." and testData = ".$test[1]." and . . .[This would vary depending upon the user input]"

Is it possible to achieve the above scenario. I am relatively new in this area.Your guidance would be helpful.

Answer 1

$q="select *from table where ";
    $a=count($test)-1;
    $b=0;
    while($element = current($test)) {
        $key=key($array);
        if($b!=$a){
            $q.=$key."=".$test[$key]." and ";
        }
        else {
            $q.=$key."=".$test[$key];
        }
        next($array);
        $b=$b+1;
    }

for this your array must contain columnname as key for example

$test['name'],$test['lastname']

then it will return

$q="select * from table where name=testnamevalue and lastname=testlastnamevalue";

hope it works

Answer 2

$test=$_POST['clientData'];//It can be an array of values
    $dValuesCount = count($test);//This can be 2 or 3 or any number depending upon the user input at the client

    $query="select *from testtable ";  


    if ($dValuesCount > 0 ){
        $query .= " WHERE ";

        for ($dCounter = 0; $dCounter <= $dValuesCount ; $dCounter++){

            $query .= "testData=" . $test[$dCounter];
            if ($dCounter != ($dValuesCount - 1)){

            $query .= " AND ";
            }

        }


    }

Answer 3

$test=$_POST['clientData'];
$query="select * from testtable where testData='".$test[0]."' and testData='".$test[1]."' and . . .[This would vary depending upon the user input]";
$result = mysql_query($query);

Answer 4

Use:

<?php

$test=$_POST['clientData'];//It can be an array of values

$query = "select *from testtable where 1 ";
foreach($test as $value) {
    $query .= " AND testData='" . $value . "'";
}

echo $query;

?>

Answer 5

This is very much pseudo code as I don't really know PHP, but could you not do something like this

$query = "select * from testable";

$count = count($test);

if($count  > 0)
{ 
    $query .= " where ";

    for ($x=0; $x<=$count; $x++)
    {
        if($x > 0)
        {
              $query .= " and ";
        }

        $query .= " testData='" . $test[x] . "'";
    } 
}

Answer 6

$data = $_POST['data'];

$query = "SELECT";

if ( is_set($data['columns']) )
   $query .= " ".implode(',',$data['columns']);
else
   $query .= "*";

if ( is_set($data['table']) )
$query .= " ".$data['table'];

and ...

Answer 7

Rishi that's a very long chapter.

If you want to search into a single field then you can try to do:

<?php
$test = $_POST[ 'clientData' ];
if( is_array( $test ) ){
    $select = implode( ",", $test );
} else { 
    $select = $test;

}

$query=select *from testtable where testData IN ( $select );
?>

This is valid only for searches into a specific field. If you want to create searches on multiple fields then you need to do a lot of more work, having an associative mapping which can create a relation variable name -> field_to_search

Answer 8

Use prepared statements:

$query = $dbh->prepare("SELECT * FROM testtable WHERE testData=:test0 and testData=:test1");
$query ->bindParam(':test0', $test0);
$query ->bindParam(':test1', $test0);

$test0 = $test[0];
$test1 = $test[1];

$query->execute();