search query in php

Question

I am creating search query in php by passing variable through GET method. When the variable is null then it's passing the query like,

SELECT * FROM table WHERE column_name = null.

And it's showing error (obvious). I want to create query like. If user don't select anything from search options then it should fetch all the data from that column.

What's the correct logic for that? Thanks.

Code:

if(isset($_GET['selPetType']) && $_GET['selPetType'] != '')
{
     $searchParams['petType'] = $_GET['selPetType'];
     $queryStr .= " PetType='" .$_GET['selPetType']. "'";
}

if(isset($_GET['txtPetBreed1']) && !empty($_GET['txtPetBreed1']))
{
    $searchParams['breed'] = $_GET['txtPetBreed1'];
    $queryStr .= " AND PetBreed1 ='". $_GET['txtPetBreed1'] . "'";
}


$clause1 = "SELECT * FROM pet WHERE $queryStr ORDER BY `Avatar` ASC LIMIT $startLimit, $pageLimit";
$totalRun1 = $allQuery->run($clause1);

Answer 1

Maybe something like this:

    $get['param1'] = 'foo';
    $get['param3'] = null;
    $get['param2'] = '';
    $get['param4'] = 'bar';

    $where = null;

    foreach ($get as $col => $val) {
        if (!empty($val)) {
            $where[] = $col . ' = "' . $val . '"';
        }
    }

    $select = 'SELECT * FROM pet ';
    if ($where) {
        $select .= 'WHERE ' . implode(' AND ', $where);
    }
    $select .= ' ORDER BY `Avatar` ASC LIMIT $startLimit, $pageLimit';

Edit: I added if to remove empty values and added 2 new values to example so you can see this values will not be in query.

Answer 2

For example :

<?php
    $userSelectedValue = ...;

    $whereCondition = $userSelectedValue ? " AND column_name = " . $userSelectedValue : "" ; 

    $query = "SELECT * FROM table WHERE 1" . $whereCondition; 

?>

Then consider it's more safe to use prepared statements.

Answer 3

if(isset($_GET['your_variable'])){
  $whr = "column_name = $_GET['your_variable']";
}
else{
$whr = "1 = 1";
}

$qry ="SELECT * FROM table WHERE ".$whr;