How to insert where condition in mysql query

Question

I will pass the query into this function query("SELECT * FROM table_name");

And the function is

public function query($sql) {

        $resource = mysql_query($sql, $this->link_web);

        if ($resource) {
            if (is_resource($resource)) {
                $i = 0;

                $data = array();

                while ($result = mysql_fetch_assoc($resource)) {
                    $data[$i] = $result;

                    $i++;
                }

                mysql_free_result($resource);

                $query = new stdClass();
                $query->row = isset($data[0]) ? $data[0] : array();
                $query->rows = $data;
                $query->num_rows = $i;

                unset($data);

                return $query;  
            } else {
                return true;
            }
        } else {
            trigger_error('Error: ' . mysql_error($this->link_web) . '<br />Error No: ' . mysql_errno($this->link_web) . '<br />' . $sql);
            exit();
        }
    }

I want to add tenent_id = '1' in SELECT query also for INSERT query. Likewise I need to do it for UPDATE .

I want to bring the query like this

SELECT * FROM table_name WHERE tenent_id = 1 and user_id = 1

INSERT INTO table_name('tenant_id, user_id') VALUE('1','1')

UPDATE table_name SET user_id = 1 WHERE tenant_id = '1'

Can anyone give me the idea about how to insert tenant_id in select, insert and update

Thanks in advance

Answer 1

It's better practice to use the correct mysql functions rather than just a query function.

For example, if you want to cycle through many items in a database, you can use a while loop:

$query = mysql_query("SELECT * FROM table WHERE type='2'");
while($row = mysql_fetch_array($query)){
    echo $line['id'];
}

This would echo all the IDs in the database that have the type 2.

The same principle is when you have an object, using mysql functions, you can specify how you want the data to return. Above I returned it in an array. Here I am going to return a single row as an object:

$query = mysql_query("SELECT * FROM table WHERE id='1'");
$object = mysql_fetch_object($query);
echo $object->id;
echo $object->type;
echo $object->*ANY COLUMN*;

This would return as: 1. 2. Whatever the value for that column is .

---

To insert your data, you don't need to do "query()". You can simple use mysql_query($sql). It will make life much easier further down the road.

Also, its best to run one query in a function, that way you can handle the data properly.

mysql_query("INSERT...");
mysql_query("UPDATE...");
mysql_query("SELECT...");

Hope this helps.

Answer 2

The simple answer is: just add the condition to your query. Call query("SELECT * FROM table_name WHERE tenant_id = 1 and user_id = 1") .

If you're concerned about escaping the parameters you pass to the SQL query (which you should be!), you can either do it yourself manually, eg

$query = sprintf("SELECT * FROM table_name WHERE tenant_id = %d", intval($tenant_id));
query($query);

Or better use prepared statement offered by mysqli extension (mysql_query is deprecated anyway):

$stmt = $mysqli->prepare("SELECT * FROM table_name WHERE tenant_id = ?");
$stmt->bind_param("i", $tenant_id);
$stmt->execute();
$result = $stmt->get_result();
while ($row = $result->fetch_array(MYSQLI_ASSOC)) {
    // ...
}

---

If I still haven't answered your question, you can use a library to handle your queries, such as dibi :

$result = dibi::query('SELECT * FROM [table_name] WHERE [tenant_id] = %i', $id);
$rows = $result->fetchAll(); // all rows

The last option is what I would use , you don't need to write your own query-handling functions and get query parameter binding for free. In your case, you may utilize building the query gradually, so that the WHERE condition is not part of your basic query:

$query[] = 'SELECT * FROM table_name';
if ($tenant_id){
    array_push($query, 'WHERE tenant_id=%d', $tenant_id);
}
$result = dibi::query($query);