I like to store my where pieces in an array and then implode. I usually load my indexed columns first.
$where = array(); if ($_POST['house_id'] == "yes") { $where[] = 'id = '.intval($_POST['house_id']); } if ($_POST['fireplace'] == "yes") { $where[] = 'fireplace = 1'; } if (isset($_POST['garage'])) { $where[] = 'garage = "'.addslashes($_POST['garage']).'"; } $limit_clause = ' LIMIT 0,15 '; if (count($where)) { $where_clause = ' WHERE '.implode(' AND ',$where); } $sql = 'SELECT id, address, description FROM houses '. $where_clause. $limit_clause; olinux --- Ed Curtis <[EMAIL PROTECTED]> wrote: > > > To answer the question, $query_str.=" AND garage = > '$garage' "; > > > > BUT. If $garage is an id (numeric), then you > should use > > $garage=abs($garage) first in order to defeat SQL > injection. If it's a > > string, well, say so and we'll tell you what to do > (a lot to explain, > > and not useful if it's an ID). > > > > Bogdan > > All values pulled from $_POST are strings such as > $garage = "Attached 2 > Car" or "Detached 1 Car", etc. There are a few > options that will be based > on a checkbox. If the box is checked it means you > want that option > included in the query as well, i.e. (fireplace == > "yes".) If the box is > not checked it means no, i.e (fireplace == "no".) > > Thanks, > > Ed __________________________________ Do you Yahoo!? Free Pop-Up Blocker - Get it now http://companion.yahoo.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php