amirelgohary1990 Posted July 23, 2023 Share Posted July 23, 2023 Hello I need to find a way to close loop outside if condition like below example if(escape($_POST['jobCategory']) != "all-categories" && escape($_POST['countryId']) == "all-countries"): $query = mysqli_query($dbConnection,"SELECT jobs.id, jobs.job_title, jobs.salary, jobs.employer_id, employers.employer_name, employers.employer_logo FROM jobs LEFT JOIN employers ON jobs.employer_id = employers.employer_id WHERE job_status = '".mysqli_real_escape_string($dbConnection,'Active')."' AND id IN (".mysqli_real_escape_string($dbConnection,$job_id_imploded).") "); while($row = mysqli_fetch_assoc($query)){ // Start Loop $job_id = $row['id']; $job_title = $row['job_title']; endif; <div class="job-title"> <a href="job_post.php?job_id=<?php echo htmlspecialchars($job_id) ?>" class="job-title-link"><?php echo htmlspecialchars($job_title); ?></a> </div> } // End Of Loop Gives me error HTTP ERROR 500 Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted July 23, 2023 Share Posted July 23, 2023 22 minutes ago, amirelgohary1990 said: I need to find a way to close loop outside if condition why, exactly, do you think you need to do this? longer-version: you are telling us what you are trying to make work, not what the overall problem is that you are trying to solve. the point of looping over the result from a SELECT query is to use that data somehow. what does this have to do with the if() conditional statement? btw - using mysqli_real_escape_string() on the static string 'Active' is meaningless, and using it in a context that is not a literal string value, e.g. the IN (...) list of values, doesn't provide any protection against sql injection in the value, because there's no string to escape out of. to provide protection against sql injection in this case, you either need to cast each of the ids as integers, or more simply use a prepared query, since it provides protection for all data types, without needing you to use a different protection method for each type. you were using the much simpler and more modern PDO extension, with prepared queries. in one of your previous threads. why have you now devolved to using the overly complicated and inconsistent mysqli extension? if you read my last reply in that thread, you will find that you can use a single prepared query place-holder if you use FIND_IN_SET() instead of an IN() comparison, which requires a place-holder for each value in the list. Quote Link to comment Share on other sites More sharing options...
maxxd Posted July 24, 2023 Share Posted July 24, 2023 You're also ending the if statement in the middle of the loop - you can't do that. If the conditional applies to each row pulled from the database (it doesn't look like it does) then put the if statement inside the loop. Otherwise, end it after the loop. And as mac_gyver pointed out, you'll be better served going with PDO over mysqli. Quote Link to comment Share on other sites More sharing options...
amirelgohary1990 Posted July 24, 2023 Author Share Posted July 24, 2023 20 hours ago, mac_gyver said: you will find that you can use a single prepared query place-holder if you use FIND_IN_SET() instead of an IN() comparison, which requires a place-holder for each value in the list. I tried to use FIND_IN_SET() with prepared statement, but did work, do not return any result, or even errors, that's why I used normal query until study PDO then switch this query into PDO, I will open new case with my code with FIND_IN_SET() may be something wrong in my code Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.