danjoe_15 Posted January 28, 2009 Share Posted January 28, 2009 Before I waste hours with something that will not work I was wondering if any body would be able to tell me if this looks like something which should work to filter results based on data entered on the previous page. <?php include 'common.php'; dbConnect(); $query = "SELECT * FROM customers WHERE 1=1 "; if ($_POST['LastName'] != "") { $query .= " AND last_name LIKE '%" . addslashes($_POST['LastName']) . "%' "; } if($_POST['State']!="") { $query .= " AND states LIKE '%" . addslashes($_POST['State']) . "%' "; } $customer = mysql_fetch_assoc($results[$query]); print_r($customer) ?> <head> <title> Filtered </title> </head> <html style="Background-color:BBBBBB"> <body> <table> <tr> <td><form action="EditCustomer.php" method="GET"> <input type="hidden" name="customer_id" value="<? echo $customer['customer_id'];?>"/> <input type="submit" style="height:50px" style="width:100px" name="Edit Record" value="Edit Record"/></form></td> <td> </td> <td>Customer ID <input type="text" readonly=true style="text-align:right" style="width:80px" name="customer_id" value="<?echo $customer['customer_id'];?>"/></td> Link to comment https://forums.phpfreaks.com/topic/142798-solved-should-this-query-work/ Share on other sites More sharing options...
rhodesa Posted January 28, 2009 Share Posted January 28, 2009 the PHP looks good...i would use mysql_real_escape_string() instead of addslashes() though Link to comment https://forums.phpfreaks.com/topic/142798-solved-should-this-query-work/#findComment-748490 Share on other sites More sharing options...
Mchl Posted January 28, 2009 Share Posted January 28, 2009 It could work, but you also could do it a lot better. Link to comment https://forums.phpfreaks.com/topic/142798-solved-should-this-query-work/#findComment-748491 Share on other sites More sharing options...
danjoe_15 Posted January 28, 2009 Author Share Posted January 28, 2009 How would you reccomend it be done? Link to comment https://forums.phpfreaks.com/topic/142798-solved-should-this-query-work/#findComment-748493 Share on other sites More sharing options...
rhodesa Posted January 28, 2009 Share Posted January 28, 2009 How would you reccomend it be done? one thing is for State. make that field a dropdown instead of a text field. then change that query part to: $query .= " AND states = '" . addslashes($_POST['State']) . "' "; using a LIKE with two wildcards will significantly slow down your queries Link to comment https://forums.phpfreaks.com/topic/142798-solved-should-this-query-work/#findComment-748500 Share on other sites More sharing options...
Mchl Posted January 28, 2009 Share Posted January 28, 2009 Using mysql_real_escape_string is definitely a way to go. Also using if (isset($_POST['LastName']) && !empty($_POST['LastName'])) would (IMO) be better than if ($_POST['LastName'] != "") If you're looking for exact matches, don't use LIKE, but =. if(isset($_POST['State']) && !empty($_POST['State'])) { $state = mysql_real_escape_string($_POST['State']); $query .= " AND states = '$state'"; } On the other hand, it's a nice trick with 1=1 as a starting condition Link to comment https://forums.phpfreaks.com/topic/142798-solved-should-this-query-work/#findComment-748517 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.