I need to create filter function for this 3 information: Category, Price and Discount for users in order to filter either 1 of the information or any of the 2 information together, or all 3 information together.
I used this method to filter single information and it successfully displayed the results, but when I tried to use this method to filter any of the 2 or 3 information together, it failed to filter everything.
<?php
//filter category only
if (isset($_GET['f_category']) && $_GET['f_category'] != ""){
$f_category = $_GET['f_category'];
$sql = "SELECT * FROM post_ads WHERE sup_category='$f_category'";
}
//filter price only
if (isset($_GET['min_price']) && $_GET['min_price'] != "" && $_GET['max_price'] && $_GET['max_price'] != "") {
$min_price = $_GET['min_price'];
$max_price = $_GET['max_price'];
$sql = "SELECT * FROM post_ads WHERE sup_price>='$min_price' AND sup_price<='$max_price'";
}
// filter discount only
if (isset($_GET['f_discount']) && $_GET['f_discount'] != ""){
$f_discount = $_GET['f_discount'];
$sql = "SELECT * FROM post_ads WHERE sup_discount='$f_discount'";
}
//filter category and price
if (isset($_GET['f_category']) && $_GET['f_category'] != "" || $_GET['min_price'] && $_GET['min_price'] != "" && $_GET['max_price'] && $_GET['max_price'] != ""){
$f_category = $_GET['f_category'];
$min_price = $_GET['min_price'];
$max_price = $_GET['max_price'];
$sql = "SELECT * FROM post_ads WHERE sup_category='$f_category'
AND sup_price>='$min_price' AND sup_price<='$max_price'";
}
//filter category and discount
if (isset($_GET['f_category']) && $_GET['f_category'] != "" || $_GET['f_discount']
&& $_GET['f_discount'] != ""){
$f_category = $_GET['f_category'];
$f_discount = $_GET['f_discount'];
$sql = "SELECT * FROM post_ads WHERE sup_category='$f_category'
AND sup_discount='$f_discount'";
}
if(isset($sql)){
$result = mysql_query($sql, $con1);
while($rows=mysql_fetch_array($result))
{
//display results
}
}?>
Can I know what is the problem and how do I fix it?
You could add each clause to an array, based upon the criteria in original and combine them at the end perhaps..
<?php
$clauses=array();
if( isset( $_GET['f_category'] ) && !empty( $_GET['f_category'] ) ){
$clauses[] = "`sup_category` = '{$_GET['f_category']}'";
}
if ( isset( $_GET['min_price'], $_GET['max_price'] ) && !empty( $_GET['min_price'] ) && !empty( $_GET['max_price'] ) ) {
$clauses[]="`sup_price` >= '{$_GET['min_price']}'";
$clauses[]="`sup_price` <= '{$_GET['max_price']}'";
}
if ( isset( $_GET['f_discount'] ) && !empty( $_GET['f_discount'] ) ){
$clauses[]="`sup_discount` = '{$_GET['f_discount']}'";
}
$where = !empty( $clauses ) ? ' where '.implode(' and ',$clauses ) : '';
$sql = "SELECT * FROM `post_ads` " . $where;
echo $sql;
if(isset($sql)){
$result = mysql_query($sql, $con1);
while($rows=mysql_fetch_array($result)){
/*display results*/
}
}
?>
Running the above ( edited version ) with this url
https://locahost/stack/sql?f_category=bananas&min_price=200&max_price=500&f_discount=32
results in a query that looks like:
SELECT * FROM `post_ads` where `sup_category` = 'bananas'
and `sup_price` >= '200' and `sup_price` <= '500' and `sup_discount` = '32'
This all said - without care your code is very vulnerable to sql injection - the use of the mysql_*
suite of functions are deprecated and their use is strongly discouraged. Before getting in too deep, change over to mysqli
with prepared statements
- avoid the heartache '-)
I suppose your URL will be in the following format:
1> example.com?f_category=test // When only f_category filter is selected
2> example.com?f_category=test&min_price=50 // When f_category and min_price are filter are selected. And so on.....
So, you can simply code this as:
<?php $querySubString = "1 = 1"; if (isset($_GET['f_category']) && $_GET['f_category'] != ""){ $f_category = $_GET['f_category']; $querySubString .= " AND sup_category = '$f_category' "; } if (isset($_GET['min_price']) && $_GET['min_price'] != ""){ $min_price = $_GET['min_price']; $querySubString .= "AND sup_price >= '$min_price' "; } if (isset($_GET['max_price']) && $_GET['max_price'] != ""){ $max_price = $_GET['max_price']; $querySubString .= "AND sup_price <= '$max_price' "; } if (isset($_GET['f_discount']) && $_GET['f_discount'] != ""){ $f_discount = $_GET['f_discount']; $querySubString .= " AND sup_discount= '$f_discount' "; } $sql = "SELECT * FROM post_ads WHERE $querySubString "; if(isset($sql)){ $result = mysql_query($sql, $con1); while($rows=mysql_fetch_array($result)) { //display results } ?>
For simplicity's sake, rewrite your code so that it processes the input first and THEN build your query. This makes it a lot more readable for both of us and you will most likely resolve your issue along the way.
Additionally, please refrain of using mysql_
, it is unsafe and has been replaced by mysqli_
methods.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.