Professional Web Applications Themes

variable select statement - PHP Development

I would like to have a form that gives the user choices for selection parameters for email, printing etc. A real simple example: Give me all ______ who ______ when _______ where _______ I can figure this out if all of the selections are filled, but NOT if they just decide to use only one of the selection choices. I'm sure this is idiotic, but I'm really new to php and my ideas are writing checks my programming skills can't cash. Thanks for any help, Mike...

  1. #1

    Default variable select statement

    I would like to have a form that gives the user choices for selection
    parameters for email, printing etc.

    A real simple example:

    Give me all ______ who ______ when _______ where _______

    I can figure this out if all of the selections are filled, but NOT if
    they just decide to use only one of the selection choices.

    I'm sure this is idiotic, but I'm really new to php and my ideas are
    writing checks my programming skills can't cash.

    Thanks for any help,
    Mike
    Karzy Guest

  2. #2

    Default Re: variable select statement

    "Karzy" <mkarrmchsi.com> wrote in message
    news:MPG.19e81ef4b7e2a9ac9896c7netnews.mchsi.com. ..
    > I would like to have a form that gives the user choices for selection
    > parameters for email, printing etc.
    >
    > A real simple example:
    >
    > Give me all ______ who ______ when _______ where _______
    >
    > I can figure this out if all of the selections are filled, but NOT if
    > they just decide to use only one of the selection choices.
    >
    > I'm sure this is idiotic, but I'm really new to php and my ideas are
    > writing checks my programming skills can't cash.
    >
    > Thanks for any help,
    > Mike
    >
    Here's something (untested):

    /* Checks all specified fields, and if they aren't empty,
    put the names and values into a string for a WHERE
    clause */

    $fieldlist = array('user', 'email', 'printing'); //field names
    $selectlist = array(); //holds values for select statement

    foreach ($fieldlist as $field){
    if ( $_POST[$field] != '' )
    $selectlist[] = "$field = '{$_POST[$field]}'";
    }

    $where = implode ( ' AND ', $selectlist );

    $query = "SELECT * FROM table WHERE $where";


    Jason Guest

  3. #3

    Default Re: variable select statement


    "Jason" <jsumner1cfl.rr.com> wrote in message
    news:G%tfb.3871$qw.435077twister.tampabay.rr.com. ..
    > "Karzy" <mkarrmchsi.com> wrote in message
    > news:MPG.19e81ef4b7e2a9ac9896c7netnews.mchsi.com. ..
    > > I would like to have a form that gives the user choices for selection
    > > parameters for email, printing etc.
    > >
    > > A real simple example:
    > >
    > > Give me all ______ who ______ when _______ where _______
    > >
    > > I can figure this out if all of the selections are filled, but NOT if
    > > they just decide to use only one of the selection choices.
    > >
    > > I'm sure this is idiotic, but I'm really new to php and my ideas are
    > > writing checks my programming skills can't cash.
    > >
    > > Thanks for any help,
    > > Mike
    > >
    >
    > Here's something (untested):
    >
    > /* Checks all specified fields, and if they aren't empty,
    > put the names and values into a string for a WHERE
    > clause */
    >
    > $fieldlist = array('user', 'email', 'printing'); //field names
    > $selectlist = array(); //holds values for select statement
    >
    > foreach ($fieldlist as $field){
    > if ( $_POST[$field] != '' )
    > $selectlist[] = "$field = '{$_POST[$field]}'";
    > }
    >
    > $where = implode ( ' AND ', $selectlist );
    >
    > $query = "SELECT * FROM table WHERE $where";
    It would almost work (need an addslashes) but it opens a big hole in your
    security for injection attacks. For example if I entered a username into the
    form of "bob'; DELETE * FROM table; #" your query ends up saying;

    SELECT * FROM table WHERE user = 'bob'; DELETE * FROM table; #'

    On MySQL v4.x you'll then be able to wipe out the whole table, assuming you
    know the name.

    Paulus


    Paulus Magnus Guest

Similar Threads

  1. SP with Select statement
    By Gerald in forum ASP Database
    Replies: 3
    Last Post: November 27th, 03:38 PM
  2. Session variable in SELECT statement?
    By targa in forum ASP Database
    Replies: 2
    Last Post: September 23rd, 06:02 AM
  3. help with SELECT statement
    By Chris Hohmann in forum ASP
    Replies: 2
    Last Post: August 19th, 05:10 PM
  4. SELECT statement
    By Simon in forum Microsoft SQL / MS SQL Server
    Replies: 23
    Last Post: August 18th, 01:12 PM
  5. Select Statement Question (Again)
    By Largo SQL Tools in forum Microsoft SQL / MS SQL Server
    Replies: 9
    Last Post: July 14th, 05:02 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139