haribo83 Posted July 22, 2010 Share Posted July 22, 2010 I have a list that passes values to an sql statement to show relevant results. I have three options (All, Option One, Option Two) and cannot get the query to work. If I choose option one or option two then the results are fine but I cannot find a way to display all results. The code is below: SELECT * from details WHERE otype = '$listoption' Any help would be great. Quote Link to comment https://forums.phpfreaks.com/topic/208577-list-option-in-sql-query/ Share on other sites More sharing options...
haribo83 Posted July 22, 2010 Author Share Posted July 22, 2010 Have solved it I assigned the All in the list a value of 0 - don't know if it is best practice but have done the following: if ( $listoption == 0 ) { $query = "SELECT * from details";; } else { $query = "SELECT * from details WHERE otype = '$listoption'";; } Quote Link to comment https://forums.phpfreaks.com/topic/208577-list-option-in-sql-query/#findComment-1089792 Share on other sites More sharing options...
Brian Swan Posted July 22, 2010 Share Posted July 22, 2010 Heh...I was in the posting this reply just as you posted... I'm not sure I understand the scenario correctly, but I'll suggest code that is structured like this: if ($listoption == ALL) { Execute "SELECT * FROM details" } else { Execute "SELECT * FROM details WHERE otype = $listoption" } If that's not what you are looking for, post your relevant PHP code and describe in a bit more detail what isn't working...I'll look again. As a side note, I would avoid code that concatenates SQL with user input (but maybe you're just writing abbreviated code like I am and you're using parameterized queries in your real code). I have a blog post on this topic: http://blogs.msdn.com/b/brian_swan/archive/2010/03/04/what_2700_s-the-right-way-to-avoid-sql-injection-in-php-scripts_3f00_.aspx -Brian Quote Link to comment https://forums.phpfreaks.com/topic/208577-list-option-in-sql-query/#findComment-1089797 Share on other sites More sharing options...
awjudd Posted July 25, 2010 Share Posted July 25, 2010 If the selection returns a value from a select box or something similar, if you just send back an id and then map those ids to a particular value to add to your query, you should be safe. Or as Brian said ... use parameters. $query = 'SELECT * FROM `details` '; switch ( $listoption ) { case 1: $query .= 'WHERE otype = \'bugger\' '; break; case 2: $query .= 'WHERE otype = \'booger\' '; break; default: /* Do nothing (ALL) */ } /* Execute $query */ ~juddster Quote Link to comment https://forums.phpfreaks.com/topic/208577-list-option-in-sql-query/#findComment-1090986 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.