Finding rows from table from values in Commas separated string

Question

I am trying to write a query and is a php starter

$minPrice = trim($_REQUEST['minPrice']);
            $maxPrice = trim($_REQUEST['maxPrice']);
            $minCarat = trim($_REQUEST['minCarat']);
            $maxCarat = trim($_REQUEST['maxCarat']);
            $color    = trim($_REQUEST['color']);
            $cut      = trim($_REQUEST['cut']);
            $clarity  = trim($_REQUEST['clarity']);
            $type  = trim($_REQUEST['type']);

type, clarity and cut are Strings separated by commans

eg $type = "1000,1002,1001";

$statement = $conn->prepare('SELECT * FROM diamondsList WHERE price >= :minPrice AND price <= :maxPrice AND carat >= :minCarat AND carat <= :maxCarat AND cut IN(' . $cut . ') AND clarity IN ('.$clarity.') AND color IN ('. $color.') AND type IN (' . $type.')');

Error is

{"error":"SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ') AND clarity IN () AND color IN () AND type IN ()' at line 1"}

Firstly I am not sure the query is giving error at IN(' . $cut . ') What is wrong with syntax?

Secondly is query correct if syntax fixed?

after fixing i have query like this searchDiamonds&minPrice=0&maxPrice=10000&minCarat=0&maxCarat=5&color=2000,2001&type=1000,1001&cut=3000,3001&clarity=4000,4001

Two entries of table is listed as below

price carat type   color cut   clarity  
2000  2     1000   2000  3000  4000

However Nothing gets selected and i always get 0 result.

What should the query be

Answer 1

you can't use empty string in IN . you need to check if for example $cut is set and change your query if its empty. like this:

$statement = $conn->prepare('SELECT * FROM diamondsList WHERE price >= :minPrice AND price <= :maxPrice AND carat >= :minCarat AND carat <= :maxCarat ' . (!empty($cut) ? ('AND cut IN(' . $cut . ')') : '') . ' AND clarity IN ('.$clarity.') AND color IN ('. $color.') AND type IN (' . $type.')');

I tested your query in sqlfiddle and it should work fine IF formatted correctly in php:

SELECT * FROM diamondsList 
WHERE price >= 0
AND price <= 10000 
AND carat >= 0 
AND carat <= 5 
AND cut IN(3000,3001) 
AND clarity IN (4000,4001) 
AND color IN (2000,2001) 
AND type IN (1000,1001)

Answer 2

Something like this might be what you want, but I didn't test it.

$minPrice = trim($_REQUEST['minPrice']);
$maxPrice = trim($_REQUEST['maxPrice']);
$minCarat = trim($_REQUEST['minCarat']);
$maxCarat = trim($_REQUEST['maxCarat']);
$color    = trim($_REQUEST['color']);
$cut      = trim($_REQUEST['cut']);
$clarity  = trim($_REQUEST['clarity']);
$type  = trim($_REQUEST['type']);

$query = "SELECT * FROM diamondsList WHERE price >= $minPrice AND price <= $maxPrice AND carat >= $minCarat AND carat <= $maxCarat");

$field_info = array('cut' => $cut, 'clarity' => $clarity, 'color' => $color, 'type' => $type);
foreach($field_info as $f, $q) {
    if (!empty($q)) {
        $query .= " AND $f IN ($q)";
    } 
}

$statement = $conn->prepare($query);