Dynamic php mysqli SQL statement

Asked Mar 10 '18 at 08:22

Active Mar 10 '18 at 08:37

Viewed 27 times

Using mysqli prepared statement to prevent SQL injection, how to dynamically bind SQL statement?

There a few combinations of the SQL that concerned: If user select one or more items, the SQL string will use IN clause, if user did not select any item (empty), the SQL string will use LIKE clause:

Condition 1

select category,uom,product 
from tbl_product 
where category like '%'
and uom like '%'
and product like '%'

Condition 2

select category,uom,product 
from tbl_product 
where category in ('Soft Drinks','Liquor')
and uom in ('Can','Bottle')
and product in ('Pepsi','Coca Cola','Budweiser')

Condition 3

select category,uom,product 
from tbl_product 
where category in ('Soft Drinks','Liquor')
and uom in ('Can','Bottle')
and product like '%'

PHP Code

For single value I am using below code

$sql_product = $conn->prepare("select * from tbl_product where category = ?");
$sql_product->bind_param('s', $category);
$sql_product->execute();

edited Mar 10 '18 at 08:37

asked Mar 10 '18 at 08:22

Isaac

My requirements are different, have a look at *Condition 3* where the uom and product could be in and like respectively. – Isaac Mar 10 '18 at 08:35
Matching via `LIKE` and `IN` are simply different, so you need different queries for that. What is the "dynamically" you want there? – Ulrich Eckhardt Mar 10 '18 at 08:43

Dynamic php mysqli SQL statement

0 Answers0