MySQL Forums
Forum List  »  Newbie

Re: Pass Complex Parameters | Your Suggestion Please
Posted by: Phillip Ward
Date: April 18, 2023 08:32AM

The best way to do this is to build the query dynamically, only adding where clauses for each element supplied by the user.
You would still use parameters for each user-supplied value, to prevent SQL Injection Attacks.

You might be able to do it purely in the query, but it would involve the use of 'OR's (to use the given value or not) which might very well make the resulting query perform [very] badly.

Regards, Phill W.

Options: ReplyQuote

Written By
Re: Pass Complex Parameters | Your Suggestion Please
April 18, 2023 08:32AM

Sorry, only registered users may post in this forum.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.