I have a lessons table that contains the following fields:
id title type language level
The user through the interface can select witch lesson he wants to open.
He will start selecting the language, then the type and finally the level.
During this process I want to query the database using a single sql statement, but of course the first query will have only the language field. I came up with this syntax but it does not work:
function queryLessonList (language, type, level){
const values = [language, type, level];
const sql = "SELECT * FROM lessons WHERE (language=?) AND (? is null OR type=?) AND (? is null OR level=?)";
return query(sql, values);
}
How can I make it work?
To reduce the complexity of checking variables and building out the query, instead you can pass the function an object to match, what you want and the columns you want returning etc (as * is not ideal).
So something like:
function queryLessonList (where = {}, columns = ['*']) {
let keys = Object.keys(where)
let values = Object.values(where)
columns = !columns.length || columns[0] === '*' ?
'*': columns.map(e => '`'+e+'`').join(',')
let sql = `
SELECT ${columns}
FROM lessons
${keys.length ? 'WHERE \`'+keys.join('` = ? AND `')+'\` = ?' : ''}
`
return query(sql, values)
}
/*
SELECT *
FROM lessons
WHERE `language` = ? AND `type` = ?
*/
queryLessonList({
language: 'en',
type: 'foo'
}, [])
/*
SELECT `id`
FROM lessons
*/
queryLessonList({}, ['id'])
/*
SELECT *
FROM lessons
*/
queryLessonList()
Related
I am trying to obtain results for a given member where status is pending or accepted doing the below:
$status1 = "Pending";
$status2 = "Attended";
$query = $conn->prepare('SELECT * FROM members WHERE member_id=:mID AND status=:status1 OR status=:status2');
$query->execute(array(':mID' => $mID,':status1' => $status1, ':status2' => $status2));
if ($query->rowCount() > 0) {
//start to create my table
while ($row = $query->fetch(PDO::FETCH_ASSOC)) {
//create variable, loop through and fill the table etc
}
}else{
echo "something";
}
This displays data - however, it even obtains results not specific to the member id (mID). Meaning other members data too!
I'm clearly missing something and or my query is wrong but struggling to find anything..
Any help appreciated.
You need to look at operator precedence for your database. You're doing this:
SELECT * FROM members WHERE member_id = :mID AND status = :status1 OR status = :status2;
Which most likely results in this:
SELECT * FROM members WHERE (member_id = :mID AND status = :status1) OR status = :status2;
But that's not what you want, so you will have to explicitly use parens like this:
SELECT * FROM members WHERE member_id = :mID AND (status = :status1 OR status = :status2);
Alternatively, you can use IN so that there's no OR:
SELECT * FROM members WHERE member_id = :mID AND status IN (:status1, :status2);
I am working on a query that has an optional filter, so lets assume the table name is products and the filter is the id (primary key)
If the filter is not present I would do something like this:
SELECT * FROM products;
If the filter is present I would need to do something like this:
SELECT * FROM products WHERE id = ?;
I have found some potential solutions that can mix the 2 in sql rather than doing conditions in the back-end code itself
SELECT * FROM products WHERE id = IF(? = '', id, ?);
OR
SELECT * FROM products WHERE IF(? = '',1, id = ?);
I was just wondering which one would be faster (In the case of multiple filters or a very big table) Or is there a better solution to handle this kind of situation?
A better approach is to construct the WHERE clause from the parameters available. This allows the Optimizer to do a much better job.
$wheres = array();
// Add on each filter that the user specified:
if (! empty($col)) { $s = $db->db_res->real_escape_string($col);
$wheres[] = "collection = '$s'"; }
if (! empty($theme)) { $s = $db->db_res->real_escape_string($theme);
$wheres[] = "theme = '$s'"; }
if (! empty($city)) { $s = $db->db_res->real_escape_string($city);
$wheres[] = "city = '$s'"; }
if (! empty($tripday)) { $s = $db->db_res->real_escape_string($tripday);
$wheres[] = "tripday = '$s'"; }
// Prefix with WHERE (unless nothing specified):
$where = empty($wheres) ? '' :
'WHERE ' . implode(' AND ', $wheres);
// Use the WHERE clause in the query:
$sql = "SELECT ...
$where
...";
Simplest approach is OR:
SELECT *
FROM products
WHERE (? IS NULL OR id = ?);
Please note that as you will add more and more conditions with AND, generated plan will be at least poor. There is no fit-them-all solution. If possible you should build your query using conditional logic.
More info: The “Kitchen Sink” Procedure (SQL Server - but idea is the same)
Problem: Searching employees based on document numbers.
Input: List of document nos. and document types
Expected result: list of employees for corresponding document nos AND types.
tables I have:
Table 1:employee
empID - person
Table 2:document
docNo - docType - id
Please note: employee.person.id = doc.parent.id - this is true by database design
Wrote the query like:
SELECT employee
from Employee employee, Document doc
WHERE doc.docType IN :docTypeList
and doc.docNo IN :docNoList
and employee.person.id = doc.parent.id
I know it wont work, because of "doc.docType IN :docTypeList and doc.docNo IN :docNoList", but couldn't think alternative. Any leads to modify the query so that I can handle both docTypeList and docNoList to find employees that matches both of them.
Looks like you just need to join the tables on the ID value and add the right values in your select clause:
SELECT a.employee, b.docType, b.docNo
FROM employee a JOIN document b
ON a.empID=b.id
here is an example using the naming conventions(sort of) you have in your original question:
SELECT emp.employee, doc.docType, doc.docNo
FROM Employee emp JOIN document doc
ON emp.empID=doc.id
Unrelated to your question but when using tablename aliases you should probably shorten the alias otherwise you can just type out the name of the table everytime. The point of an alias is to make your code cleaner and easier to type by using shortened tablenames. See above - I changed employee alias to "emp"
I'm more SQL server so presuming your list parameters are like tableTypes....
SELECT employee
from Employee employee
INNER JOIN Document doc ON doc.parent.id = employee.person.id
WHERE
doc.docType IN ( Select doctype FROM :docTypeList )
and doc.docNo IN (Select doc no FROM :docNoList )
When you need to pass a list of parameters to IN(), the solution is to break down your list and pass each item as a separate parameter to the SQL statement.
Assuming MySQL + PDO:
$paramCount = 0;
$params = []; // holds parameter values
$typesParamNames = $numbersParamNames = []; // parameter names for each list
// document types
foreach ($docTypeList as $val)
{
++$paramCount;
$paramName = ":p{$paramCount}";
$params[$paramName] = $val;
$typesParamNames[] = $paramName;
}
// document numbers
foreach ($docNoList as $val)
{
++$paramCount;
$paramName = ":p{$paramCount}";
$params[$paramName] = $val;
$numbersParamNames[] = $paramName;
}
// build the SQL
$typesSqlFragment = implode(',', $typesParamNames);
$numbersSqlFragment = implode(',', $numbersParamNames);
$sql = "SELECT employee from Employee employee, Document doc WHERE doc.docType IN ($typesSqlFragment) and doc.docNo IN ($numbersSqlFragment) and employee.person.id = doc.parent.id";
$stmt = $dbh->prepare($sql);
// pass the collected parameters values to the prepared statement
foreach ($params as $name => $val) {
$stmt->bindParam($name, $val);
}
// run it
$stmt->execute();
I created a php function to fetch records from a sql table subscriptions, and I want to add a condition to mysql_query to ignore the records in table subscriptions that exists in table removed_items, here is my code;
function subscriptions_func($user_id, $limit){
$subs = array();
$sub_query = mysql_query("
SELECT `subscriptions`.`fo_id`, `subscriptions`.`for_id`, `picture`.`since`, `picture`.`user_id`, `picture`.`pic_id`
FROM `subscriptions`
LEFT JOIN `picture`
ON `subscriptions`.`fo_id` = `picture`.`user_id`
WHERE `subscriptions`.`for_id` = $user_id
AND `picture`.`since` > `subscriptions`.`timmp`
GROUP BY `subscriptions`.`fo_id`
ORDER BY MAX(`picture`.`since_id`) DESC
$limit
");
while ($sub_row = mysql_fetch_assoc($sub_query)) {
$subs [] = array(
'fo_id' => $sub_row['fo_id'],
'for_id' => $sub_row['for_id'],
'user_id' => $sub_row['user_id'],
'pic_id' => $sub_row['pic_id'],
'since' => $sub_row['since']
);
}
return $subs ;
}
My solution is to create another function to fetch the records from table removed_items and set a php condition where I call subscriptions_func() to skip/unset the records that resemble the records in subscriptions_func(), as the following
$sub = subscriptions_func($user_id);
foreach($sub as $sub){
$rmv_sub = rmv_items_func($sub[‘pic_id’]);
If($rmv_sub[‘pic_id’] != $sub[‘pic_id’]){
echo $sub[‘pic_id’];
}
}
This solution succeeded to skip the items in the table removed_items however this solution makes gaps in the array stored in the variable $sub which makes plank spots in the echoed items.
Is there a condition I can add to the function subscriptions_func() to cut all the additional conditions and checks?
Assuming id is the primary key of subscriptions and subs_id is the foreign key in removed_items, then you just have to add a condition to the WHERE clause. Something like this should work :
...
AND `subscriptions`.id NOT IN (SELECT `removed_items`.subs_id FROM `removed_items`)
...
Not related to your problem :
Your code seems vulnerable to SQL injection : use prepared statement to prevent this.
The original Mysql API is deprecated, it is highly recommended to switch to Mysqli instead.
I've been trying to look for a solution where you can fetch database with one prepared statement and execute it with an array value
Typically I do this with my statement:
$search = $db->prepare("SELECT * FROM table WHERE name = ?");
$search->execute(array($name));
But what if i have an array like so:
Array (
[0] => Array
(
[name] => Burger Joint
)
[1] => Array
(
[name] => Burger Joint
)
[2] => Array
(
[name] => Burgers
)
[3] => Array
(
[name] => Meats
)
)
I'd like to somehow go through my database with either of the values in the array WHERE name=? in the statement. However, sometimes there's going to be multiple similar names, is there a way to condense the array before hand or what would be the best practice in a situation like this?
Thanks!
You can do this in a number of ways, but since you mentioned OR, let's use that:
First, your array of possible values. Let's take your array and mold it into an array of unique values:
$values_array = array_unique(
array_map(
function($element) {
return $element['name'];
},
$original_array
)
);
// $values_array now contains array('Burger Joint', 'Burgers', 'Meats')
Now, we build the prepared query by introducing as many placeholders as you have possible values:
$query = sprintf('SELECT * FROM table WHERE %s',
implode(
' OR ',
array_fill(
'name = ?',
count($values_array)
)
)
);
// $query now contains 'SELECT * FROM table WHERE name = ? OR name = ? OR name = ?'
and execute it:
$search = $db->prepare($query);
$search->execute($values_array);
Alternatively, you could use IN instead, building your query like so:
$query = sprintf('SELECT * FROM table WHERE name in (%s)',
implode(
', ',
array_fill(
'?',
count($values_array)
)
)
);
// $query now contains 'SELECT * FROM table WHERE name in (?, ?, ?)'
$search = $db->prepare($query);
$search->execute($values_array);
This will have the same effect, and it's slightly more clear what's going on by looking at the code.
Try name IN instead of name = .
First, you need IN. field IN (1,2) is equal to field=1 OR field=2.
Next, you need some sort of helper function, to put all that mess of technical details of creating correct SQL statements away from application business code. To make it in ONE line, not 50.
$data = $db->getAll("SELECT * FROM table WHERE name IN (?a)",$names);
Finally, it seems you're getting your names from another query.
In this case you have to run only single query using JOIN. You may ask another question under [mysql] tag providing both your queries.
To get only names into array you have to use another helper function (though you have to create it yourself or get somewhere first):
$names = $db->getCol("here goes your query to get names");