Select statement with or operator

Question

Let say if i've database row settings [id,user,pass,sos]

I've the following mysql statement

$username and $password could be anything whatever

$query = mysql_query ("SELECT * FROM `settings` WHERE user='$username' AND pass='$password'")

i want to say

SELECT * FROM `settings` WHERE user='$username' AND pass='$password' or sos=$username and sos=$password

so my question is how to use or within select statement

like i wanna say

user='$username'
pass='$password'
or
sos = both $username and $password

Thanks for helping

Answer 1

Does it not work exactly like that? I would write

WHERE (user = '$username' AND pass = '$password')
OR ('$username' = '$password' AND sos = '$username');

Answer 2

I think you need parenthesis

SELECT * FROM `settings` WHERE (user='$username' AND pass='$password') or (sos=$username and sos=$password)

Answer 3

Use parentheses:

SELECT * 
FROM `settings` 
WHERE 
   (user='$username' AND pass='$password')
   OR
   (sos='$username' AND sos='$password')

Answer 4

You just need some parenthetical groups. I added single quotes in the second group, where you were initially missing them.

SELECT * 
FROM `settings`
WHERE 
  (user='$username' AND pass='$password')
  OR (sos='$username' AND sos='$password')

Answer 5

You could do

SELECT * 
FROM `settings` 
WHERE (user='$username' AND pass='$password') or (sos='$username' and sos='$password')

Answer 6

You need to use some brackets to make sure you are correctly matching on related username/password pairs:

SELECT * 
FROM `settings` 
WHERE (user='$username' AND pass='$password') 
    or (sos='$username' and sos='$password')

However, you really need to use parameterized queries as the above is subject to SQL injection attack. See here for some examples on how to do this:

How can I prevent SQL injection in PHP?