Do more with
WHERE
(LEN(?) = 0 OR tblmembers.firstname = ?) AND
(LEN(?) = 0 OR tblmembers.surname = ?) AND
(LEN(?) = 0 OR and tblaccounts.postcode =?) AND
(tblcards.primarycard = 'primary')
In other words lose the 'if' statements and let the query do the checking of the parameter fields - if they are blank then that sub-clause returns TRUE due to the OR otherwise it will check the field against the variable.// Array to store parameters for query
$parameters = array();
if (strlen($firstname)>0){
$sql.= " and tblmembers.firstname = ?";
$parameters[] = $firstname;
}
if (strlen($surname)>0){
$sql.= " and tblmembers.surname = ? ";
$parameters[] = $surname
}
if (strlen($postcode)>0){
$sql.= " and tblaccounts.postcode = ? ";
$parameters[] = $postcode;
}
...
// Prepeare statement here (assuming PDO and $dbh already declared)
$sth = $dbh->prepare($sql);
$sth->execute($parameters);
Premium Content
You need an Expert Office subscription to comment.Start Free Trial