Michael Carney Michael Carney - 6 months ago 14
PHP Question

Dynamically Building PHP PDO MySQL query

I am converting old-style MySQL/PHP queries on a site. I have a page that has a series of checkboxes. This is submitted, and a query is built based on what checkboxes are checked (there are at least 6 like the following):

if (xxxxx) {
$furthersort=$furthersort."AND age_birth='yes' ";
}
if (xxxxx) {
$furthersort=$furthersort."AND age_three='yes' ";
}

...

$prequery = "SELECT id from products WHERE product_categories LIKE '%$catid%' ".$furthersort."ORDER BY product_name ASC";


I'm trying to move the second part this over to PHP like this:

$query = $objDb->prepare("SELECT id from products WHERE product_categories LIKE ? ? ORDER BY product_name ASC");
$params3 = array('%$catid%',$furthersort);
$query->execute($params3);
while ($row = $query->fetch(PDO::FETCH_ASSOC));


But it's not working. The variables created by the if's are correct, so I'm sure it's because I am missing an understanding of how the prepare portion interprets the information, but I need a push in the right direction.

Answer

You have two problems. First you can only have one bound argument for the LIKE condition, so you have to state that and the subsequent conditions:

$query = $objDb->prepare("SELECT id from products WHERE product_categories LIKE ?  AND age_three = ? ORDER BY product_name ASC");

Now you can send two values in the array

$furthersort = 'yes';
$params3 = array("%$catid%", $furthersort);

Now, given that we do not know how you set $furthersort it is hard to come up with something exact for you to use but suffice it to say for each condition you add to the query, you have to add another bound parameter if you plan to continue along the lines of creating dynamic queries. the logic for doing that is much more complex than I have demonstrated here.

Comments