stackoom
  简体   繁体   中英

SQL Query 'WHERE EXISTS' if a column returns empty

 原文  2015-04-28 19:10:14       php/ mysql/ sql

Question

I am using this sql query as part of a PHP script to take user input (being applied to variables $condition1-$condition4) and compare it against a MySQL database and return relevant results.

My problem is that not all the forms on the site output a $condition4 value so it is not always inputted into the script/query.

I tried using the EXISTS predicate within the SQL query but could not get it to work.

Here is the query as i have it working: 

 $sql = "SELECT columnXYZ
    FROM table_1
    WHERE condition1 = '" .$condition1."'
    and condition2 = '" .$condition2."'
    and condition3 = '" .$condition3."'
    and condition4 = '".$condition4."'";

Do I need to determine whether $condition4 was inputted before i run the query or is there a way to use the WHERE EXISTS predicate to achieve this?

The whole script: (var_dump to see the results of the query) 

<?php
$condition1 = $_POST['condition1'];
$condition2 = $_POST['condition2'];
$condition3 = $_POST['condition3'];
$condition4 = $_POST['condition4'];
$dbhost = 'localhost';
$dbuser = 'admin';
$dbpass = 'pwd';
$conn = mysql_connect($dbhost, $dbuser, $dbpass);

if(! $conn )
{
  die('Could not connect: ' . mysql_error());
}
$sql = "SELECT columnXYZ
        FROM table_1
        WHERE condition1 = '" .$condition1."'
        and condition2 = '" .$condition2."'
        and condition3 = '" .$condition3."'
        and condition4 = '".$condition4."'";

mysql_select_db('database_1');
$retval = mysql_query( $sql, $conn );
if(! $retval )
{
  die('Could not get data: ' . mysql_error());
}
while($row = mysql_fetch_array($retval, MYSQL_ASSOC))
{
    $columnXYZ = $row['columnXYZ'];
    var_dump($columnXYZ);   
} 



mysql_close($conn);
?>

The query works fine when $condition4 is inputted, as a work around for forms that do not have a $condition4 i have just been directing to a similar php script that has the $condition4 removed.

To clarify my question: Can i use the EXISTS predicate in a SQL query to determine if an input has a value or do i need to do so with PHP or some other method beforehand?

2 answers

solution1
 4 ACCPTED  2015-04-28 19:15:30

Just check if $condition4 is empty() before adding that part to your SQL query. 

$sql = "SELECT columnXYZ
    FROM table_1
    WHERE condition1 = '" .$condition1."'
    and condition2 = '" .$condition2."'
    and condition3 = '" .$condition3."'";

if !(empty($condition4)){
    $sql .= "' and condition4 = '".$condition4."'";
}

As Seth mentions, google for 'SQL injection' if you're going to put this anywhere near the public internet.

solution2
 1  2015-04-28 19:19:31

When using empty() to check, the value of $condition4 might be null since empty allows for NULL values. I'm still learning PHP; however, would isset() be a better approach? Otherwise there might be condition4 = null

Also as that person commented on your post, please remember to validate all user input before you place it in a sql query or other places.

http://php.net/manual/en/function.isset.php

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Laravel query builder returning empty where direct SQL returns results PHP SQL query for WHERE {column} IS NOT NULL returns rows with null in column SQL query returns empty result sql query WHERE equal or empty Cakephp returns empty but sql query has results Html table returns empty after SQL query Laravel query builder returning empty where phpmyadmin returns results MySQL query with “WHERE title like %post%” returns an empty resultset Laravel Eloquent Select Where Query Returns Empty Array SQL Where NOT Exists Insert
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM