MySQL where clause equals anything (SELECT * WHERE col = ANY_VALUE)

Question

I\'d like to create a query in MySQL that has an optional value. When the value is specified the query is filtered by that value, when the value is not all rows are returned

Answer 1

Better way to do this is first generate sql query from the parameter you need to bother on, and then execute.

function doQuery($params) {
    $query = 'SELECT * FROM mytable ';
    if (is_array($params) // or whatever your condition ) { 
        $query .= 'WHERE item = ' . $params[0];
    }
    $query .= ' ;';

    // execute generated query
    execute($query);
}

Answer 2

As far as I know, no such "any" placeholder exists.

If you can use LIKE, you could do

SELECT * FROM table WHERE item LIKE '%'

if you can append a condition, you could nullify the item clause like this:

SELECT * FROM table WHERE item = ? OR 1=1

(won't work in your example though, because you are passing "item" as a parameter)

That's all the options I can see - it's probably easiest to work with two queries, removing the WHERE clause altogether in the second one.

This would probably work, but I*m not sure whether it's a good idea from a database point of view.

public function doQuery($item = 'ANY_VALUE') {
  $query = "SELECT * FROM table WHERE item = ? OR 1 = ?";
  db->fetchAll($query,array($item, ($item == 'ANY_VALUE' ? 1 : 0))
  ...
}

Answer 3

You cannot get distinct results without giving distinct query strings.

Using $q = "... WHERE item = '$item'" you DO create distinct query strings depending on the value of $item, so it is not that different from using $q = "..." . ($item=='ANY_VALUE' ? something : s_th_else);.

That said I see two or three options:

• use function doQuery($item = "%") { $query = "SELECT ... WHERE item LIKE '$item'"; ...}
  But then callers to that function must know that they must escape a '%' or '_' character properly if they want to search for an item having this character literally (e.g. for item = "5% alcoholic solution", giving this as argument would also find "50-50 sunflower and olive oil non alcoholic solution".
• use function doQuery($item = NULL) { $query = "SELECT ..."; if ($item !== NULL) $query .= " WHERE item = '$item' "; ...} (where I use NULL to allow any other string or numerical value as a valid "non-empty" argument; in case you also want to allow to search for NULL (without quotes) you must choose another "impossible" default value, e.g., [], and you must anyway use a distinct query without the single quotes which however are very important in the general case), or even:
• use function doQuery($item = NULL) { if($item === NULL) $query = "SELECT ..."; else $query = "SELECT ... WHERE item = '$item' "; ...}, which is more to type but probably faster since it will avoid an additional string manipulation (concatenation of the first and second part).

I think the 2nd & 3rd options are better than the first one. You should explain why you want to avoid these better solutions.

PS: always take care of not forgetting the quotes in the SQL, and even to properly escape any special characters (quotes, ...) in arguments which can depend on user input, as to avoid SQL injections. You may be keen on finding shortest possible solutions (as I am), but neglecting such aspects is a no-no: it's not a valid solution, so it's not the shortest solution!