I am trying to set up an advanced search on my site, however when the user is submitting their search if there is an empty field it is send as NULL. Im not sure how to exclude the empty parameters.
Below is the form for the search:
<form>
<div class="form-group">
<div class="col-sm-2">
<label for="Author" class="control-label">Author</label>
</div>
<div class="col-sm-10">
<input type="text" class="form-control" id="author" placeholder="Author" name="author">
</div>
</div>
<div class="form-group has-feedback">
<div class="col-sm-2">
<label for="isbn" class="control-label">ISBN</label>
</div>
<div class="col-sm-10">
<input type="text" class="form-control" id="isbn" placeholder="ISBN" name="isbn">
</div>
</div>
<div class="form-group">
<div class="col-sm-2">
<label for="genre" class="control-label">Genre</label>
</div>
<div class="col-sm-10">
<input type="text" class="form-control" id="genre" placeholder="Genre" name="genre">
</div>
</div>
<div class="form-group">
<div class="col-sm-2">
<label for="tags" class="control-label">Tags</label>
</div>
<div class="col-sm-10">
<input type="text" class="form-control" id="tags" placeholder="Tags" name="tags">
</div>
</div>
<div class="form-group">
<div class="col-sm-2">
<label for="location" class="control-label">Location</label>
</div>
<div class="col-sm-10">
<input type="text" class="form-control" id="location" placeholder="Location" name="location">
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<button type="submit" name="AdvancedSearch" value="Search" class="btn btn-block btn-lg btn-primary">Search</button>
</div>
</div>
</form>
Below is the query:
$sql = "select *
from Book_info
where user_id=$u_id
AND title like '%$_REQUEST[title]%'
AND location like '%$_REQUEST[location]%'
AND author like '%$_REQUEST[author]%'
AND tags like '%$_REQUEST[tags]%'
AND genre like '%$_REQUEST[genre]%'
OR ISBN='$_REQUEST[isbn]'";
First of all, I feel I should make a comment about preferring prepared statements over injecting request values directly into a query string.
The simplest solution to your issue would be something like this:
<?php
$sql="select * from Book_info where user_id=$u_id";
$title = $_REQUEST['title'];
$location = $_REQUEST['location'];
if($title != null) {
$sql .= " AND title like '%$title%'";
}
if($location != null) {
$sql .= " AND location like '%$location%'";
}
//and so on...
the idea being that you check if the value is null, and then append a new where clause to your query so long as the value is not null (or empty or whatever other predicates you want to add).