WHERE statement inside if condition in SQL

Question

Can I do a WHERE clause inside an IF statement?

Like I want something like this:

     $SQL = mysql_query("SELECT * FROM `table` ORDER BY `row` DESC");
     $rows = mysql_fetch_array($SQL);
     $email = $_SESSION['email_of_user'];

        if($rows["row"] == "1" WHERE `row`='$email' : ?> (Pulls the logged in user's email)
        Edit Server
        <?php  else : ?>
        Add Server
        <?php endif; ?>

Do I need (" where the WHERE statement is? Because I tried that and it didn't seem to work...

Or can I do it with an if condition inside of a where clause? Not sure of all these terms yet so correct me if I'm wrong...

Answer 1

You cannot mix up a query statement with PHP's statement. Instead write a query extracting desired results and check if there are any rows from that query.

I will show you an example:

$query = "SELECT * FROM `TABLE_NAME` WHERE `field` = '1' && `email`='$email'"; //Create similar query
$result = mysqli_query($query, $link); //Query the server
if(mysqli_num_rows($result)) { //Check if there are rows
    $authenticated = true; //if there is, set a boolean variable to denote the authentication
}

//Then do what you want
if($authenticated) {
     echo "Edit Server";
} else {
     echo "Add Server";
}

Since Aaron has shown such a effort to encourage safe code in my example. Here is how you can do this securely. PDO Library provides options to bind params to the query statement in the safe way. So, here is how to do it.

$dbh = new PDO('mysql:host=localhost;dbname=test', $user, $pass); //Create the connection

//Create the Query Statemetn
$sth = $dbh->prepare('SELECT * FROM `TABLE_NAME` WHERE field = :field AND email = :email');

//Binds Parameters in the safe way
$sth -> bindParam(':field', 1, PDO::PARAM_INT);
$sth -> bindParam(':email', $email, PDO::PARAM_STRING);

//Then Execute the statement
$sth->execute();

$result = $sth->fetchAll(); //This returns the result set as an associative array