variable select statement
This is a discussion on variable select statement within the PHP Language forums, part of the PHP Programming Forums category; I would like to have a form that gives the user choices for selection parameters for email, printing etc. A ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
10-04-2003
|
|||
|
|||
variable select statement
I would like to have a form that gives the user choices for selection
parameters for email, printing etc. A real simple example: Give me all ______ who ______ when _______ where _______ I can figure this out if all of the selections are filled, but NOT if they just decide to use only one of the selection choices. I'm sure this is idiotic, but I'm really new to php and my ideas are writing checks my programming skills can't cash. Thanks for any help, Mike 
|
|
10-04-2003
|
|||
|
|||
|
Re: variable select statement
"Karzy" <mkarr@mchsi.com> wrote in message
news:MPG.19e81ef4b7e2a9ac9896c7@netnews.mchsi.com. .. > I would like to have a form that gives the user choices for selection > parameters for email, printing etc. > > A real simple example: > > Give me all ______ who ______ when _______ where _______ > > I can figure this out if all of the selections are filled, but NOT if > they just decide to use only one of the selection choices. > > I'm sure this is idiotic, but I'm really new to php and my ideas are > writing checks my programming skills can't cash. > > Thanks for any help, > Mike > Here's something (untested): /* Checks all specified fields, and if they aren't empty, put the names and values into a string for a WHERE clause */ $fieldlist = array('user', 'email', 'printing'); //field names $selectlist = array(); //holds values for select statement foreach ($fieldlist as $field){ if ( $_POST[$field] != '' ) $selectlist[] = "$field = '{$_POST[$field]}'"; } $where = implode ( ' AND ', $selectlist ); $query = "SELECT * FROM table WHERE $where";
|
|
10-04-2003
|
|||
|
|||
|
Re: variable select statement
"Jason" <jsumner1@cfl.rr.com> wrote in message news:G%tfb.3871$qw.435077@twister.tampabay.rr.com. .. > "Karzy" <mkarr@mchsi.com> wrote in message > news:MPG.19e81ef4b7e2a9ac9896c7@netnews.mchsi.com. .. > > I would like to have a form that gives the user choices for selection > > parameters for email, printing etc. > > > > A real simple example: > > > > Give me all ______ who ______ when _______ where _______ > > > > I can figure this out if all of the selections are filled, but NOT if > > they just decide to use only one of the selection choices. > > > > I'm sure this is idiotic, but I'm really new to php and my ideas are > > writing checks my programming skills can't cash. > > > > Thanks for any help, > > Mike > > > > Here's something (untested): > > /* Checks all specified fields, and if they aren't empty, > put the names and values into a string for a WHERE > clause */ > > $fieldlist = array('user', 'email', 'printing'); //field names > $selectlist = array(); //holds values for select statement > > foreach ($fieldlist as $field){ > if ( $_POST[$field] != '' ) > $selectlist[] = "$field = '{$_POST[$field]}'"; > } > > $where = implode ( ' AND ', $selectlist ); > > $query = "SELECT * FROM table WHERE $where"; It would almost work (need an addslashes) but it opens a big hole in your security for injection attacks. For example if I entered a username into the form of "bob'; DELETE * FROM table; #" your query ends up saying; SELECT * FROM table WHERE user = 'bob'; DELETE * FROM table; #' On MySQL v4.x you'll then be able to wipe out the whole table, assuming you know the name. Paulus
|
Linear Mode
