The search should be simple, they'll be fields to enter search criteria for first name, last name, street address, city, state, etc. The user searching can enter all the criteria, or any subset of the criteria. If they only enter a first name and state for example, I'd do a query that searches for someone with the first name of whatever was entered AND with a state of whatever was entered.
This isn't negotiable, this is how the search must work.
My problem is how I'm going to build a PDO sql statement with the correct params when you never know what the user is going to enter.
I usually do my PDO statements like this, for example (note isn't code for my search, this is just some code I found to show how I do it):
$sql = "INSERT INTO siteContent (name, content, changer) VALUES ('titleContent', :content, :family)"; $result2 = $pdo->prepare($sql); $params = array( 'content' => strip_tags($_POST['changeTitle']), 'family' => $_SESSION['family'] ); $result2->execute($params);
Now though, the query is not set in stone, and even worse than that, the $params array is not set in stone.
What are my options? I can't wrap my head around how this can be done.
Thanks for the help!
EDIT: I DO know how I would do this without prepared statements. I would like to use them though and that's what I can't figure out.
This post has been edited by eZACKe: 27 October 2011 - 07:46 AM