问题
$randomvariable=$_GET['randomvariable'];
$search="SELECT * from objects
WHERE transactiontype='$randomvariable'
order by id DESC";
Now if $randomvariable is empty (nothing), I would like it to return all rows. Currently if it's empty it returns nothing, because it basically searches for nothing from all of the rows.
回答1:
$randomvariable = ESACPE_MYSQL_STRING($_GET['randomvariable']);
$search =
"SELECT * FROM objects " .
(empty($randomvariable) ? "" : "WHERE transactiontype='$randomvariable' ") .
"ORDER BY id DESC";
Where ESCAPE_MYSQL_STRING is the relevant function for escaping strings for whatever MySQL driver you're using.
Another, more modular way:
$search = array(
"select" => "SELECT * FROM objects",
"where" => "WHERE transactiontype='$randomvariable'",
"order" => "ORDER BY id DESC"
);
if (empty($randomvariable)) {
unset($search["where"]);
}
$search = implode(' ', $search);
The nice thing about this is that you can add, remove or alter the query for any situation easily, having easy access to any part of the query.
You could also do this with CASE() in SQL, but it's somewhat cumbersome and you shouldn't expect good performance either:
SELECT * FROM objects
WHERE transactiontype LIKE
CASE WHEN '$randomvariable' = '' THEN
'%'
ELSE
'$randomvariable'
END CASE
ORDER BY id DESC
回答2:
Try as below
$randomvariable=mysql_real_escape_string($_GET['randomvariable']);
$where = '';
if($randomvariable){
$where .= "WHERE transactiontype='{$randomvariable}'";
}
$search="SELECT * from objects ".$where." order by id DESC";
回答3:
Another approach:
if ($_GET['randomvariable'] != "") {
$where = "transactiontype = " . $randomvariable;
} else {
$where = "1";
}
$search = "SELECT * from objects WHERE " . $where . " ORDER BY id DESC";
回答4:
There are some great answers here. I have one to add for a simple solution.
I sometimes run into this issue when I don't need a WHERE clause since none of my conditions to build my WHERE clause are met. A simple trick I like to use is something like this:
$sql_statement = "SELECT * FROM ".$table_names." WHERE 1 = 1 ";
if ($array) {
foreach ($array as $key => $value){
$sql_statement .= " AND ".$key." = '".$value."' ";
}
}
This way, you don't need any tricky logic or string manipulation because 1 always equals 1 in your WHERE clause and you can keep your looped string concats the same format. You can obvious extend this concept to do more, but for the purposes of this question, this psuedocode is just a simple way to achieve the goal.
回答5:
You can use the IN operator to indicate many values for the WHERE clause and include all possible values for transactiontype as the default parameter.
回答6:
Split it in 2 queries:
$randomvariable = $_GET['randomvariable'];
if($randomvariable)
$search="SELECT * from objects WHERE transactiontype='$randomvariable' order by id DESC";
else
$search="SELECT * from objects order by id DESC";
回答7:
If you really need to do it in SQL and not in your language, you can do this:
$search="SELECT * from objects WHERE ("" = '$randomvariable' or transactiontype='$randomvariable') order by id DESC";
This will not perform well, however, and an IF/ELSE in your language should be preferred.
回答8:
Add a simple if statement checking if $randomvariable is null. If it is then change the query to return all rows.
来源:https://stackoverflow.com/questions/13045351/when-mysql-where-clause-is-empty-return-all-rows