stackoom
  简体   繁体   中英

how can i configure/apply condition to my query to get the result?

 原文  2011-04-19 14:05:48       php/ mysql

Question

How can i configure to my query. 

$query_event ="SELECT * FROM event_list WHERE even_title='$EventTitle' AND even_loc='$EventLocation' ";

now suppose there is form which requires either put title or put location in the form or u can put both and for blank too so what will be the query?

Please help

thanks

2 answers

solution1
 1 ACCPTED  2011-04-19 14:13:56

Create a starting query, then add on where clauses 

$query_event = "Select * from event_list where 1";

if ( $EventTitle ) {
    $query_event .= " and even_title='$EventTitle'";
}

if ( $event_loc ) {
    $query_event .= " and even_loc='$EventLocation'";
}

solution2
 0  2011-04-19 14:19:56

If you pass your queries this way, you're going to be very vulnerable to SQL injection.

For example, if someone type "'; DELETE FROM EVENT_LIST" as an Event title in a search screen, he can delete your whole table.

Use these advices to protect your datas : https://www.owasp.org/index.php/PHP_Top_5#P3:_SQL_Injection

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How get the result of mysql query with condition How can i apply my custom catalog price rule condition in Magento 1? How can I optimize this query to get result from it faster? How can I get the entire result set of a query here? How can i get query result id in controller from Laravel? When i use if else condition in query based on condition, how can i get that value on view in PHP CODEIGNITER How to apply condition in mysqli query How to return result in condition that i have a query inside query How can I order a query result same as the id specified in the WHERE condition? How I can get my array result without quotes
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM