I have a search function that lets you input into different type boxes of the last, first and middle names. I don't have any problems with the code, but does anyone know how to optimize it?
The code has multiple if statements that finds out what textbox is unempty and that is then used in the WHERE as you can see below:
$where1 = $_POST['firstname'];
$where2 = $_POST['midname'];
$where3 = $_POST['lastname'];
if(!empty($where1) && empty($where2) && empty($where3)){
$result = $connection->query("SELECT * FROM senior WHERE firstname = '$where1'");
} else if(!empty($where1) && !empty($where2) && empty($where3)){
$result = $connection->query("SELECT * FROM senior WHERE firstname = '$where1' AND midname = '$where2'");
} else if(!empty($where1) && !empty($where2) && !empty($where3)){
$result = $connection->query("SELECT * FROM senior WHERE firstname = '$where1' AND midname = '$where2' AND lastname = '$where3' ");
} else if(!empty($where1) && empty($where2) && !empty($where3)){
$result = $connection->query("SELECT * FROM senior WHERE firstname = '$where1' AND lastname = '$where3' ");
} else if(empty($where1) && !empty($where2) && !empty($where3)){
$result = $connection->query("SELECT * FROM senior WHERE lastname = '$where3' AND midname = '$where2' ");
} else if(empty($where1) && !empty($where2) && empty($where3)){
$result = $connection->query("SELECT * FROM senior WHERE midname = '$where2'");
} else if(empty($where1) && empty($where2) && !empty($where3)){
$result = $connection->query("SELECT * FROM senior WHERE lastname = '$where3'");
}
My suggestion for you
$where = '';
if($where1) $where .= ($where ? " AND " : " ")."firstname = '$where1'";
if($where2) $where .= ($where ? " AND " : " ")."midname = '$where2'";
if($where3) $where .= ($where ? " AND " : " ")."lastname = '$where3'";
$query = "SELECT * FROM senior".($where ? " WHERE ".$where : "");
$result = $connection->query($query);
First of all, I encourage you to use Prepared Statements in order to improve security among other things.
Related with the code you write above you can try something like this:
$query = "SELECT * FROM senior";
$firstcondition = true;
if (!empty($where1))
addConditon($query, "firstname = ".$where1);
if (!empty($where2))
addConditon($query, "midname = ".$where2);
if (!empty($where3))
addConditon($query, "lastname = ".$where3);
$result = $connection->query($query);
function addCondition($query, $condition) {
if (!$firstcondition)
$query.= " AND ";
else {
$firstcondition = false;
$query.= " WHERE ";
}
$query.= $condition;
}
Just a suggestion: why not use LIKE, because it is a search query?
$where1 = $_POST['firstname'];
$where2 = $_POST['midname'];
$where3 = $_POST['lastname'];
$result = $connection->query("SELECT * FROM senior WHERE firstname LIKE '%".$where1."%' AND midname LIKE '%".$where2."%' AND lastname LIKE '%".$where3."%' ");