I have created a dynamic query for my site. The query is done using this:
$sql='SELECT CONCAT(issues.type,"0",issues.kbid) as KBID,issue_tasks.PARENTID as Parent,issues.issuesummary as Summary,products.productdescription as Product,organizations.shortname as Organization,issue_priorities.description as Priority,date_format(issues.createddate, "%d/%m/%Y") as Reported,date_format(issues.lastupdated, "%d/%m/%Y") as Updated,issue_status.statusdescription as Status,issue_resolutions.resdescription as Resolution,users.logon as Assigned FROM issues
INNER JOIN issue_priorities ON issue_priorities.VALUE = issues.PRIORITY - 1
INNER JOIN issue_resolutions ON issue_resolutions.RESID = issues.RESOLUTION
INNER JOIN users ON users.ID = issues.ASSIGNEDUSERID
INNER JOIN products ON products.PRODUCTID = issues.PRODUCTID
INNER JOIN organizations ON organizations.orgid = issues.creatingorg
INNER JOIN issue_status ON issue_status.STATUSID = issues.STATUS
LEFT JOIN issue_tasks ON issue_tasks.CHILDID = issues.KBID
WHERE ';
if(isset($_SESSION['summ']))
{
$sql.= sprintf('issues.issuesummary REGEXP "%s"', implode('|', $words));
}
EDIT : My full SQL query:
SELECT CONCAT(issues.type,"0",issues.kbid) as KBID,issue_tasks.PARENTID as Parent,issues.issuesummary as Summary,products.productdescription as Product,organizations.shortname as Organization,issue_priorities.description as Priority,date_format(issues.createddate, "%d/%m/%Y") as Reported,date_format(issues.lastupdated, "%d/%m/%Y") as Updated,issue_status.statusdescription as Status,issue_resolutions.resdescription as Resolution,users.logon as Assigned FROM issues INNER JOIN issue_priorities ON issue_priorities.VALUE = issues.PRIORITY - 1 INNER JOIN issue_resolutions ON issue_resolutions.RESID = issues.RESOLUTION INNER JOIN users ON users.ID = issues.ASSIGNEDUSERID INNER JOIN products ON products.PRODUCTID = issues.PRODUCTID INNER JOIN organizations ON organizations.orgid = issues.creatingorg INNER JOIN issue_status ON issue_status.STATUSID = issues.STATUS LEFT JOIN issue_tasks ON issue_tasks.CHILDID = issues.KBID WHERE issues.issuesummary REGEXP "sabre|rtf"
But I keep getting an error like so:
SQLSTATE[42000]: Syntax error or access violation: 1139 Got error 'empty (sub)expression' from regexpSQLSTATE[42000]: Syntax error or access violation: 1139 Got error 'empty (sub)expression' from regexpCould not execute query!!!
I am not sure why I get an encapsulation error in this.
Assuming that $words contains the words you want to use in your regular expression, you can simplify the code:
if (isset($_SESSION['summ']) && count($words)) {
$sql .= sprintf('issues.issuesummary REGEXP "%s"', implode('|', $words);
}
The error that you have encountered, ER_REGEXP_ERROR, is an error generated by the MySQL server when the regular expression pattern that you have provided cannot be parsed. In other words, your regular expression is syntactically incorrect.
The message given in your particular case, "empty (sub)expression", suggests that the regular expression contains a subexpression that is empty. Without seeing the final regular expression that your code generates, it's impossible to say for sure—but since you combine a number of subexpressions with the | alternation operator, it would be a reasonable guess that one or more of those subexpressions is empty: this would happen if at least one of the elements of your $words array is (converted to) the empty string ''.
All this said, it's not at all clear why you are using regular expressions here at all. If $words contains regular expression patterns, then it may be a reasonable approach—although in that case one really ought to place each subexpression in brackets when joining them (in order to avoid any operators that have lower precedence than alternation messing with your intention). On the other hand, if $words just contains literal values that you wish to match exactly, MySQL's IN() operator would be more efficient, appropriate and correct:
WHERE issues.issuesummary IN ('abc', 'xyz', ...)
This could be achieved with the following PHP code:
$sql .= "issues.issuesummary IN ('".implode("','", $words)."')";
However, note that the elements of $words must first be escaped in order to avoid bugs with certain characters (that would also give rise to SQL injection vulnerabilities)! Better yet, you could parameterise each literal.
How to do either of these things will depend on which MySQL API you're using—since you have not indicated any in your question, I think specific examples are beyond the scope of this answer.