Simple php sql question

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Iermalito
    New Member
    • May 2019
    • 1
    #1

    Simple php sql question

    I need some help. I want to know using php sql to use OR in a query.

    Let me explain in detail:

    I have a html form which asks the user for country,state,c ity,zip_code

    I will use these values to query the database for specific data for those specific inputs.

    I want the city and zip_code to be logicly use as OR. Meaning that the user only needs to select a city or type the exact zip_code. Either one should still be able to grab the data from the database.

    Here is the code I used:
    Code:
    Code:
    SELECT * 
FROM postings  
WHERE state ='".$state."' AND Country ='".$country."' 
  AND city ='".$city."' OR zipcode ='".$zipcode."'
  AND item ='".$item."' 
LIMIT $s,$limit"
    I tried to use Where(first values goes here meaning with city value) Or (value of zip code);

    when I tried that code concept. I get a white screen with an error saying the syntax is wrong where limit starts at.


    The query is supposed to grab all data based on that users form inputs. I am creating a paging effect. That is why I use the limit code.

    Yet I want the user to input either the city name or zip_code.

    how should I be doing this? I played around with the code but got nothing right now.

    Currently the code only works when you input the country,state,c ity name. It won't allow to have the city name blank and use a zip code.
    Last edited by zmbd; May 17 '19, 12:06 PM. Reason: [z{stepped SQL so it can be read w/o scrolling :) }]
    Tags: None
    • Luuk
      Recognized Expert Top Contributor
      • Mar 2012
      • 1043
      #2
      "when I tried that code concept. I get a white screen with an error saying the syntax is wrong where limit starts at."
      It would be nice if you showed the statement that you actually tried, and the error it gave.

      You are using 'item' in your where clause, and you are not referring to in in your question above.

      Next solution might be what you are looking for (given above 'notes'):
      Code:
      SELECT * FROM postings  
WHERE 
  (
    (
      ( state ='".$state."' AND 
        Country ='".$country."' AND 
        city ='".$city."' 
      )
      OR 
        zipcode ='".$zipcode."' 
    )
    AND 
      item ='".$item."' 
   )
LIMIT $s,$limit"

        Comment

        • miranor
          New Member
          • May 2019
          • 6
          #3
          You can use 'mysqli_error' (or similar) PHP function to get a more meaningful error message. Given the limited information in your question I can't be sure where the error comes from, but here are a few possibilities:

          1. 'item' is not an SQL column. If so, then you need to remove it from the query.

          2. Either $s or $limit variable does't actually contain a valid number.

          3. The $item variable contains a string with a quote mark in it. If so, then you need to at least replace "'" with "\'" in that string, e.g: $s=str_replace( "'","\\'",$ s). And in general, you should do this (and more) for every string you get from a user, otherwise an attacker can hack your entire database by filling your form with SQL injection code.

          On a more general note, you should require the 'country' column even if zip is provided instead of a city, since different countries can have identical zip codes for different cities, so a zip code is't sufficient to identify a country and a city.

            Comment

            Previous template Next
            Working...