Creating a filter

[brown2005]

SELECT * 
FROM table1,table2,table3,table4,table5 
WHERE table1_f = table2_id
AND table1_g = table3_id  
AND table4_p = table1_id
AND table5 _m = table4_id
ORDER BY RAND() 
LIMIT 1

 

Right, Now What I want to do, is have a filter form, which posts to the above, and if:

 

$filter1 = "";

 

it wont be include in the above code

 

$filter1 = "word";

 

then i want to include

 

AND table3_n = '$filter1';

 

in the above code

 

thanks in advance.

[brown2005]

$word = $_GET['word'] ? $_GET['word'] : "";

if($word == ""){$crap = "";}else{	$crap = "AND table3_n = $word'';}					


SELECT * 
FROM table1,table2,table3,table4,table5 
WHERE table1_f = table2_id
AND table1_g = table3_id  
AND table4_p = table1_id
AND table5 _m = table4_id
$crap
ORDER BY RAND() 
LIMIT 1 

 

this is what i mean above. so if there is no word it shows all results, but if there is a word, it will only show results with that word.

 

is this code correct?

 

Thanks in advance

[PaulRyan]

Should always validate incoming data, not doing so is a major security risk.

Use mysql_real_escape_string(); on the data before actually using it.

 

Regards, PaulRyan.

[brown2005]

Hi, sorry I already have that done, I am just trying to work out if that query is the correct way to do what I am trying to achieve.