MySQL WHERE results based on a previous WHERE clause

Question

Sorry if there is a simple Mysql way to do this, but I find it hard to word to get any meaningful search results.

I'm making a search for my site, and the search works fine until I try to have it search via a word based on a selected genre from a drop down.

This query that best represents what I'm trying to do:

SELECT *
FROM Books
JOIN bookauthor ON books.BookID = bookauthor.BookID 
JOIN authors ON bookauthor.AuthorID = authors.AuthorID 
JOIN bookgenre ON books.BookID = bookgenre.BookID 
JOIN genre ON bookgenre.GenreID = genre.GenreID 
WHERE genre.Genre = 'Fantasy' 
WHERE books.BookName LIKE '%$variable%' OR authors.Forename LIKE '%$variable%' OR authors.Surname LIKE '%$variable%' 
GROUP BY books.BookName ORDER BY authors.AuthorID

I want to select all books which have the genre chosen, then from them do the other checks, as right now having the OR overrides the other checks and just ends up spitting every record out.

I'm guessing I might have to have one query selecting all the books of the genre, then running another query to select from that previous query. Only I have never done that before and I need to incorporate it into my search function...

This is my current search code, which works fine apart from when trying to search for something with a genre other than "All" selected, if you select just a genre and type nothing it will display the books of that genre, just not if you also type a search word in as well.

if(isset($_POST['search']))
            {
                if($_POST['genre']!="All")
                    {
                    $where3 = "WHERE genre.GenreID = '".$_POST['genre']."'";        
                    }
                if($_POST['field'] == "All")
                    {
                        if(str_word_count($_POST['find'])>=2)
                        {
                        $findEx = explode(' ', $_POST['find']);
                        $where2 = "OR authors.Forename LIKE  '%".($findEx[0])."%' AND authors.Surname LIKE  '%".$findEx[1]."%'";
                        }
                    $where = "
                    WHERE books.BookName LIKE  '%".($_POST['find'])."%'
                    OR  authors.Forename LIKE  '%".($_POST['find'])."%' OR authors.Surname LIKE  '%".($_POST['find'])."%'
                    $where2
                    ";
                    }
                else if($_POST['field'] == "Books")
                    {
                    $where = "WHERE books.BookName LIKE  '%".($_POST['find'])."%'";
                    }
                else if($_POST['field'] == "Authors")
                    {
                    if(str_word_count($_POST['find'])>=2)
                        {
                        $findEx = explode(' ', $_POST['find']);
                        $where = "WHERE authors.Forename LIKE  '%".($findEx[0])."%' AND authors.Surname LIKE  '%".$_POST[1]."%'";
                        }
                    else
                        {
                        $where = "WHERE authors.Forename LIKE  '%".($_POST['find'])."%' OR authors.Surname LIKE  '%".($_POST['find'])."%'";
                        }
                    }                       
                    $sql = "SELECT * FROM Books
                        JOIN bookauthor ON books.BookID        = bookauthor.BookID
                        JOIN authors    ON bookauthor.AuthorID = authors.AuthorID
                        JOIN bookgenre  ON books.BookID        = bookgenre.BookID
                        JOIN genre      ON bookgenre.GenreID   = genre.GenreID
                        ".$where3."
                        ".$where."
                        GROUP BY books.BookName                                
                        ORDER BY authors.AuthorID"; 
                        echo $sql;
            }

I'm still fairly new to all this, so sorry if my search code looks like a nightmare, it does what I need in the smallest amount of code, though any tips are welcomed.

All help appreciated -Tom

I hate to shout, but YOU HAVE TO USE ESCAPING! YOUR WHOLE QUERY IS INSECURE. PLEASE READ HOW TO USE PREPARED STATEMENTS OR ESCAPE VARIABLES FOR SQL. http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php — Sven, Dec 04 '13 at 20:49

score 0 · Answer 1 · answered Dec 04 '13 at 19:53

0

Maybe

SELECT *
FROM Books
JOIN bookauthor ON books.BookID = bookauthor.BookID 
JOIN authors ON bookauthor.AuthorID = authors.AuthorID 
JOIN bookgenre ON books.BookID = bookgenre.BookID 
JOIN genre ON bookgenre.GenreID = genre.GenreID 
WHERE genre.Genre = 'Fantasy' 
AND books.BookName LIKE '%$variable%' (OR authors.Forename LIKE '%$variable%' OR authors.Surname LIKE '%$variable%') 
GROUP BY books.BookName ORDER BY authors.AuthorID

answered Dec 04 '13 at 19:53

Mihai

26,325
7
66
81

Got a working query, now its just getting my php search to work with it. – Vereonix Dec 04 '13 at 20:08

MySQL WHERE results based on a previous WHERE clause

1 Answers1