I'm assuming that you're going to be setting this up as a form, so it will take user input before showing the final query. I would wrap the whole page like this:
include "../scripts/connection.php";
if (!$conn)
{
die( 'Could not connect: ' . mysql_error() );
}
mysql_select_db($db, $conn);
if(isset($_POST['Submit'])){
$query = "SELECT * FROM database";
if(sizeof($_POST) > 1) { $query.=" WHERE"; }
for($i=0;$i<sizeof($_POST);$i++)
{
if($_POST == "Submit") { continue(); }
if(value($_POST[$i]) == '') { continue(); } else {
$query.= " ".key($_POST[$i])." = '".value($_POST[$i])."'";
if($i+1 < sizeof($_POST)) { $query.=" AND"; }
}
}
echo $query;
// - Uncomment this after the query looks right: $result = mysql_query($query) or die(mysql_error());
} else {
$sql="SELECT DISTINCT (loginid), albumname FROM orders"; //GENERATES A DROPDOWN OF ALBUM NAMES
$sql2="SELECT DISTINCT DATE_FORMAT(orderdate, '%M') AS month, month(orderdate) AS monthnum FROM orders ORDER BY monthnum asc"; //GENERATES A DROPDOWN OF MONTHS IN USE
$sql3="SELECT DISTINCT YEAR(orderdate) AS year FROM orders ORDER BY orderdate asc"; //GENERATES A DROPDOWN OF YEARS IN USE
$sql4="SELECT DISTINCT (status) FROM orders ORDER BY status desc"; //GENERATES A DROPDOWN OF STATUS IN USE
$sql5="SELECT * FROM album WHERE login = '$albumname'";
$sql10="SELECT * FROM orders WHERE loginid = '$albumname' ORDER BY orderdate desc "; //THIS IS THE ONE I WAS TRYING TO WORK ON
$result=mysql_query($sql)or die( "<strong>Query Error</strong>: " . mysql_error() . "<br><strong>Query</strong>: $sql<br><br>" );
$result2=mysql_query($sql2)or die( "<strong>Query Error</strong>: " . mysql_error() . "<br><strong>Query</strong>: $sql2<br><br>" );
$result3=mysql_query($sql3)or die( "<strong>Query Error</strong>: " . mysql_error() . "<br><strong>Query</strong>: $sql3<br><br>" );
$result4=mysql_query($sql4)or die( "<strong>Query Error</strong>: " . mysql_error() . "<br><strong>Query</strong>: $sql4<br><br>" );
$result5=mysql_query($sql5)or die( "<strong>Query Error</strong>: " . mysql_error() . "<br><strong>Query</strong>: $sql5<br><br>" );
$result10=mysql_query($sql10)or die( "<strong>Query Error</strong>: " . mysql_error() . "<br><strong>Query</strong>: $sql10<br><br>" );
// form code goes here, ending with a submit button called "Submit"
}
I updated the code with the dynamic query...it should search your $_POST variable (that comes from the form) and will add the field name and it's value, providing that the field value is anything other than '' and it will also keep putting in an "AND" until we reach the end of the $_POST variable. At the end, it will echo out the query, so we can make sure it does it correctly.
Again, I didn't get a chance to test this, so it may not work at all, but give it a shot and see what happens.