MySQL Forums
Forum List  »  Newbie

Re: Pass Complex Parameters | Your Suggestion Please
Posted by: Phillip Ward
Date: April 18, 2023 08:32AM

The best way to do this is to build the query dynamically, only adding where clauses for each element supplied by the user.
You would still use parameters for each user-supplied value, to prevent SQL Injection Attacks.

You might be able to do it purely in the query, but it would involve the use of 'OR's (to use the given value or not) which might very well make the resulting query perform [very] badly.

Regards, Phill W.

Options: ReplyQuote


Subject
Written By
Posted
Re: Pass Complex Parameters | Your Suggestion Please
April 18, 2023 08:32AM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.