merkont Posted March 31, 2014 Share Posted March 31, 2014 Hey, Wrote I quick script to filter results from database. It kinda works but not sure if this is best or even secure way to do it. I know mysqli has function 'bind_params', but failed to make it work. <form action="" method="get"> <input type="checkbox" name="data" value="3" /> <input type="submit" /> <?php if( empty($_GET['data']) ) { die("GET empty"); } $mysqli = new mysqli('localhost', 'user', 'password', 'database'); $statement = "SELECT * FROM table1 WHERE id=" . $_GET['data']; $result = $mysqli->query($statement); while( $row = $result->fetch_assoc() ) { echo $row['id']; echo "<br/>"; echo $row['text']; if ($row['img'] != NULL) echo "<img src=" . $row['img'] . " > "; } ?> So just basic checkbox interface, when selected one of checkboxes and submitted, script queries database with matching ID from GET, returns results and loops through them. Inside loop checks for associated image src, if not present ignores field. I want to use this fucntions logic in my project but not sure if secure nor best/easiest way to do this. Obviously will improve interface, naming of variables etc. Link to comment https://forums.phpfreaks.com/topic/287418-mysqli-filtering-results/ Share on other sites More sharing options...
Psycho Posted March 31, 2014 Share Posted March 31, 2014 EDIT: NEVER put user entered data into a query (unless you are using prepared statements). In this case you can use intval() on the value $id = intval($_GET['data']); $statement = "SELECT * FROM table1 WHERE id={$id}"; As to your issue, MySQL does not return NULL for a NULL field. Just check if the value is not empty. Plus, there are no quotes around the value if (!empty($row['img'])) { echo "<img src=\"{$row['img']}\">"; } Link to comment https://forums.phpfreaks.com/topic/287418-mysqli-filtering-results/#findComment-1474524 Share on other sites More sharing options...
DavidAM Posted March 31, 2014 Share Posted March 31, 2014 While I agree that the test should be if (!empty($row['img'])); the manual says: Note: This function sets NULL fields to the PHP NULL value. for both mysql and mysqli http://php.net/manual/en/function.mysql-fetch-assoc.php http://php.net/manual/en/mysqli-result.fetch-assoc.php Link to comment https://forums.phpfreaks.com/topic/287418-mysqli-filtering-results/#findComment-1474528 Share on other sites More sharing options...
jazzman1 Posted March 31, 2014 Share Posted March 31, 2014 unless you are using prepared statements You should get an error message if you try to use superglobals along with prepared queries Link to comment https://forums.phpfreaks.com/topic/287418-mysqli-filtering-results/#findComment-1474530 Share on other sites More sharing options...
Psycho Posted March 31, 2014 Share Posted March 31, 2014 While I agree that the test should be if (!empty($row['img'])); the manual says: for both mysql and mysqli http://php.net/manual/en/function.mysql-fetch-assoc.php http://php.net/manual/en/mysqli-result.fetch-assoc.php I stand corrected. I could have sworn it did not do that. Link to comment https://forums.phpfreaks.com/topic/287418-mysqli-filtering-results/#findComment-1474532 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.