Conditional SQL Formatting

Question

I was wondering if it was possible and surely it must be. I'd like to basically create a dymanic SQL statement conditionally based on user input from (well for this example, we'll use 3 textbox inputs):

var firstname = document.getElementById('firstname').value
var middle = document.getElementById('middle').value
var lastname = document.getElementById('lastname').value
var SQL

(if all 3 fields are filled out...)

SQL = "SELECT * FROM TABLE WHERE [Firstname] = '" + firstname + "' AND [Middle] = '" + middle + "' AND [Lastname] = '" + lastname + "'"

(if 2 of the 3 fields are filled out...)

SQL = "SELECT * FROM TABLE WHERE [Firstname] = '" + firstname + "' AND [Lastname] = '" + lastname + "'"

Is there a better way to be doing this? Something shorter? or will I have to evaluate text in each field and then define the SQL?

Just was wondering, but it never hurts to ask.

Jay

Francois · Accepted Answer · 2012-11-01T15:41:48.043

Something like that should work...

SQL = "SELECT * FROM TABLE WHERE 

  1 =
  (
  case
     when LEN('" + firstname + "') > 0  and LEN('" + lastname + "') > 0 and LEN('" + middle + "') > 0 then ([Firstname] = '" + firstname + "' AND [Lastname] = '" + lastname + "' AND [Middle] = '" + middle + "')
     when LEN('" + firstname + "') = 0  and LEN('" + lastname + "') > 0 and LEN('" + middle + "') > 0 then ([Lastname] = '" + lastname + "' AND [Middle] = '" + middle + "')
     ...
  end
  )

Or better:

SQL = "SELECT * FROM TABLE WHERE 
(
  (LEN('" + firstname + "') > 0 AND [FirstName] = '" + firstname + "') 
 OR 
   LEN('" + firstname + "') = 0
) 
AND (same for secondName) 
AND (same for middle)"

score 0 · Answer 2 · answered Nov 01 '12 at 15:40

If you able to pass the values in as parameters into the query then

SQL = " SELECT * 
    FROM TABLE 
    WHERE (@firstName is null OR [FirstName] = @firstName) 
      AND (@middle is null OR [Middle] = @middle)
          AND (@lastName is null OR [Lastname] = @lastName"

This will also stop the query cache from being spammed as you'll only be storing 1 query plan in the cache.

score 0 · Answer 3 · edited May 23 '17 at 10:32

0

Please don't ever do this. Parameterized queries are your friend.

edited May 23 '17 at 10:32

Community

1
1

answered Nov 01 '12 at 15:45

Matt Brock

5,337
1
27
26

Conditional SQL Formatting

3 Answers3