CODEWITHSUNDEEP
phphtmlmysql
Synetrix
Synetrix

Reputation: 37

PHP Separate If Else Statement

<?php
    extract( $_GET );       
    $sql = "SELECT * FROM tablename order by Name DESC";
    $sql = "SELECT * FROM tablename where age = "31";
    $db = mysql_connect("localhost","root","password"); 
    if (!$db) {
    die("");
    }
    $db_select = mysql_select_db('databasename',$db);
    if (!$db_select) {
    die("");
    }
    if ( !( $result = mysql_query( $sql, $db ) ) ) {
    print( "Could not execute query! <br />" );
    die( mysql_error() . "</body></html>" );
    } // end if

    echo "<table>
    <tr>
    <th>Name</th>
    <th>Age</th>
    </tr>";

    while($row = mysql_fetch_array($result)){
        echo "<tr>";
        echo "<td>".$row['Name']."</td>";
        echo "<td>".$row['Age']."</td>";
    }
    echo "</table>";
    mysql_close( $db );
?>

Where should I add an if else statement for name and age that runs the sql statement when either the name or age is selected? Name and Age is from different column but in the same table

Upvotes: 0

Views: 407

Answers (3)

Jester
Jester

Reputation: 1408

<?php
    error_reporting(-1);

    $db = mysqli_connect("localhost","root","password","databasename"); 
    if (!$db) { 
        die( mysql_error() . "</body></html>" );
    }

    if(isset($_GET['age'])) {
        // You can use the $_GET['age'] variable in the query if you want to, this makes you vulnerable to sql injection though. if you don't use prepared statements or escape it (read link below
        $sql = 'SELECT * FROM tablename where age = "31"';
    } else if(isset($_GET['name'])) {
        // Same as for age but $_GET['name'] in this case of course.
        $sql = 'SELECT * FROM tablename order by Name DESC';
    }

    $result = mysqli_query($sql, $db)
    if (!result ) {
        print( "Could not execute query! <br />" );
        die( mysql_error() . "</body></html>" );
    } // end if

    echo "<table>
    <tr>
    <th>Name</th>
    <th>Age</th>
    </tr>";

    while($row = mysqli_fetch_array($result)){
        echo "<tr>";
        echo "<td>".$row['Name']."</td>";
        echo "<td>".$row['Age']."</td>";
        echo "</tr>";
    }
    echo "</table>";
    mysqli_close($db);
?>

the queries above are save as long as you don't use the $_GET variables in the query itself, if that is what you want you should read up on prepared statements: http://php.net/manual/en/mysqli.prepare.php

Upvotes: 0

Indrasis Datta
Indrasis Datta

Reputation: 8618

Looks like you need to check the key of $_GET.

Try this:

if (isset($_GET['Name']) && !empty($_GET['Name'])) {
     $sql = "SELECT * FROM tablename order by Name DESC";
} else if (isset($_GET['Age']) && !empty($_GET['Age'])) {
      $sql = "SELECT * FROM tablename where age = '".$_GET['Age']."'";
}

Hope this helps.

Upvotes: 0

Liren
Liren

Reputation: 400

if(isset($_GET['age'])) {
    $sql = 'SELECT * FROM tablename where age = ' . $_GET['age'];
} else if(isset($_GET['name'])) {
    $sql = 'SELECT * FROM tablename order by Name DESC';
}

Then you could use it for URLs like:

  • www.example.com?age=31
  • www.example.com?name

Just note that this is a very simplified example, you need to validate the input as well.

EDIT: You should not use mysql* (deprecated) functions, use mysqli* or PDO instead. For more information about mysql* functions read answers posted on this question.

Upvotes: 1

Related Questions