Hi IWeb,
Do you mean that a variable (call it 'query' for now) is being sent to a php
page (via a form or whatever) and the value will be something like the string ...
(Free AND SOFTWARE)OR(GPL OR (SOMETHING AND ELSEX))
If that's the case, then 'query' will be available via the $POST or $GET arrays.
// Prints something like ...
// (Free AND SOFTWARE)OR(GPL OR (SOMETHING AND ELSEX))
// ... to the page
echo $_GET['query'];
How 'formatted' can the original query be? For example, it would be easier to use something like underscores to really 'seperate' the operators, and no spaces between 'words' and operators ...
((Free_OR_Cheap)AND_SOFTWARE)OR(GPL_OR(SOMETHING_AND_ELSEX))
Now you can use preg_replace a few times for each possibility ...
// You'd normally do ...
// $where = $_GET['query'];
// But for example, if we've got ...
$where = '(Free_AND_SOFTWARE)_OR_(GPL_OR_(SOMETHING_AND_ELSEX))_OR_ANOTHERTHING';
echo '<pre>'.htmlspecialchars($where).'</pre><hr>';
// First deal with words just after '(' ...
$where = preg_replace("/\\(([^()_]+)/", "(K='\\\\1'", $where);
echo '<pre>'.htmlspecialchars($where).'</pre><hr>';
// First deal with words just after 'AND' or 'OR' ...
$where = preg_replace("/_(AND|OR)_([^()_]+)/", "_\\\\1_K='\\\\2'", $where);
echo '<pre>'.htmlspecialchars($where).'</pre><hr>';
// Then change underscores to spaces ...
$where = preg_replace("/_/", " ", $where);
echo '<pre>'.htmlspecialchars($where).'</pre><hr>';
$sql = '
SELECT xyz
FROM mytable
WHERE '.$where;
echo '<pre>'.htmlspecialchars($sql).'</pre><hr>';
If you don't know anything about regular expressions, then it does look pretty horrible but I would run the above with a few different queries in the browser before trying to understand it.
Also, if you haven't got any control of the format of the value sent to the page, then it will be more complicated.
Hope this helps!
Paul. 🙂
EDIT: Oops ... forgot that I've got to double-escape backslashes. P.
EDIT (2): Found another one!!
