I'm trying to build a page that selects multiple parameters in one url. But I only want options to show if certain ones are selected. I'm not sure what the best way is to do this. I'm using something like this - http://www.w3schools.com/php/php_ajax_database.asp and then in the parameter I was using php?id=1&other2= and then I was running the query as query select from item WHERE id=$id AND other=$other Is there a better way to do this?? should I use if statements?? what I come down to is you have someone that only selects id and doesn't select other or someone who selects just other..
You could use if statements to build your query, something like this: if(!empty($_POST['id']) && empty($_POST['other2'])){ $query = "SELECT * FROM item WHERE id=$_POST['id'] LIMIT 1"; } if(empty($_POST['id']) && !empty(['other2'])){ $query = "SELECT * FROM item WHERE other=$_POST['other2'] LIMIT 1"; } if(!empty['id']) && !empty(['other2'])){ $query = "SELECT * FROM item WHERE id=$_POST['id'] AND other2=$_POST['other2'] LIMIT 1"; } PHP:
Seriously do any of you so called developers actually understand the MSQL part of PHP is deprecated for a reason! Please read results from this search: https://www.google.co.uk/search?hl=en&q=php+mysql+depereceated&meta=&rlz=1I7ADRA_enGB341 And Ekim941 I would of expected better from you.
huggyStudios yea I know about that deprecated jazz.. With what he gave me I can still work with that. Its more of the thought or the idea.. And he gave me the idea. The idea was what I was looking for not the exact code. But I'm sure your post will help others. You have some hardcore php passion and there is nothing wrong with looking out for others
I'm not sure why. The question that was posted was about the if statements. The query is fine. Now, if the original poster had included a mysql_query() call, I would have changed it to mysqli_query() in my response. But I don't want to open the PDO vs mysqli can of worms.
Though PDO's ability to pass an array might be more useful than dealing with bindparams as you could build the parameter array first, simplifying the logic. $data = $where = []; if ( isset($_POST['id']) && !empty($_POST['id'] ) { $where[] = 'id = :id'; $data[':id'] = $_POST['id']; } if ( isset($_POST['other2'] && !empty($_POST['other2'] ) { $where[] = 'other = :other'; $data[':other'] = $_POST['other2']; } if (count($where)>0) { $stmt = $db->prepare(' SELECT * FROM item WHERE ' . implode('and', $where) . ' LIMIT 1 '); $stmt->execute($data); // handle processing the result here } else die('You failed to enter an ID or "other" value'); Code (markup): Honestly, even suggesting dumping $_POST directly into a query string is some serious herpaderp that should NEVER be encouraged... which of course is why that nube predator BS known as W3Schools advocates doing so even when they use mysqli -- which is some serious heavy duty whiskey-tango-foxtrot territory. But then there's a reason there's the intervention group... -- edit -- also a good idea to test if they are set BEFORE testing if they are empty -- avoid the warnings in the error log since some browsers will omit empty values from the submit. Also, shouldn't these be $_GET instead of $_POST since the OP said they're in the URI?
... and where did ANYONE in this thread use the mysql_ functions? mysqli, PDO or even the deprecated mysql_ functions the worry there is dumping $_POST values directly into the query string. Of course, you're saying the "Mysql part of php" without specifically stating JUST the mysql_ functions -- so I'm wondering if you even know the difference since even the W3Schools article (the only part showing a query being sent) is using mysqli. MySQL access in PHP is NOT deprecated, only the insecure functions that all start with mysql_ like mysql_connect or mysql_query... they are replaced by the mysqli object, mysqli_ function (which IMHO is some dumbass ****), or PDO interfaces -- To mysql in the case of the former, or a wide variety of database engines INCLUDING MySQL using PDO.
You're right, it should be $_GET instead of $_POST. I got thrown off by the mention of selecting options (which I assumed would be a form method="post"). My understanding was that this question was about the use and structure of the "if" statements, not about the MySQL part of the script.