brown2005 Posted February 5, 2011 Share Posted February 5, 2011 SELECT * FROM table1,table2,table3,table4,table5 WHERE table1_f = table2_id AND table1_g = table3_id AND table4_p = table1_id AND table5 _m = table4_id ORDER BY RAND() LIMIT 1 Right, Now What I want to do, is have a filter form, which posts to the above, and if: $filter1 = ""; it wont be include in the above code $filter1 = "word"; then i want to include AND table3_n = '$filter1'; in the above code thanks in advance. Quote Link to comment Share on other sites More sharing options...
brown2005 Posted February 5, 2011 Author Share Posted February 5, 2011 $word = $_GET['word'] ? $_GET['word'] : ""; if($word == ""){$crap = "";}else{ $crap = "AND table3_n = $word'';} SELECT * FROM table1,table2,table3,table4,table5 WHERE table1_f = table2_id AND table1_g = table3_id AND table4_p = table1_id AND table5 _m = table4_id $crap ORDER BY RAND() LIMIT 1 this is what i mean above. so if there is no word it shows all results, but if there is a word, it will only show results with that word. is this code correct? Thanks in advance Quote Link to comment Share on other sites More sharing options...
PaulRyan Posted February 5, 2011 Share Posted February 5, 2011 Should always validate incoming data, not doing so is a major security risk. Use mysql_real_escape_string(); on the data before actually using it. Regards, PaulRyan. Quote Link to comment Share on other sites More sharing options...
brown2005 Posted February 5, 2011 Author Share Posted February 5, 2011 Hi, sorry I already have that done, I am just trying to work out if that query is the correct way to do what I am trying to achieve. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.