Creating a select query that fetches records according to multiple variables

Question

I need to create a select query which fetches records according to multiple variables like:

<?PHP

@$task=$_REQUEST['task'];
@$Country=$_REQUEST['Country'];
@$City =$_REQUEST['City'];
@$MosqName =$_REQUEST['txtMsqName'];
@$PostCode =$_REQUEST['txtPostalCode'];

$sql_serch="SELECT  Country="."'".$Country."'", " City="."'".$City."'"." FROM job_mosqu";
?>

It is not working.

Answer 1

Don't forget to escape your input! NEVER put user-inputted variables (such as those from $_REQUEST) directly into SQL queries. Either use parametrized queries or escape the input using either mysql_real_escape_string, mysqli::real_escape_string or PDO::quote depending on what you're querying with...

Some reading on the subject:

1. PHP MySQL by example
2. StackOverflow question on it
3. Coding Horror

And to answer your actual question, use the WHERE clause.

SELECT * FROM job_mosqu WHERE Country = ? AND City = ? ...

There's plenty to read out there on using the where clause, just do some searching if you're not comfortable with it...

1. Tutorial on WHERE in mysql
2. Another Tutorial
3. And yet another

Answer 2

You are looking for AND

SELECT * FROM job_mosqu WHERE Country='$country' AND City= '$City'

Etc...

Answer 3

SELECT * FROM job_mosqu WHERE Country='$country' AND City= '$City' AND task = '$task' AND $MosqName = '$MosqName';

Answer 4

It is incorrect query. It is very bad query. May be you want next?

$task=$_REQUEST['task']; 
$Country =$_REQUEST['Country']; 
$City =$_REQUEST['City']; 
$MosqName =$_REQUEST['txtMsqName']; 
$PostCode =$_REQUEST['txtPostalCode'];

$sql_serch="SELECT `Country`, `City` FROM `job_mosqu` WHERE `City`='" . $City. "' AND `Country`='" . $Country . "'";