PHP close loop outside if function

[amirelgohary1990]

Hello

I need to find a way to close loop outside if condition

like below example

if(escape($_POST['jobCategory']) != "all-categories" && escape($_POST['countryId']) == "all-countries"):

$query = mysqli_query($dbConnection,"SELECT jobs.id, jobs.job_title, jobs.salary, jobs.employer_id, employers.employer_name, employers.employer_logo FROM jobs LEFT JOIN employers ON jobs.employer_id = employers.employer_id WHERE job_status = '".mysqli_real_escape_string($dbConnection,'Active')."' AND id IN (".mysqli_real_escape_string($dbConnection,$job_id_imploded).") ");

while($row = mysqli_fetch_assoc($query)){  // Start Loop
 $job_id = $row['id'];
$job_title = $row['job_title'];

endif; 

<div class="job-title">
<a href="job_post.php?job_id=<?php echo htmlspecialchars($job_id) ?>" class="job-title-link"><?php echo htmlspecialchars($job_title); ?></a>
</div>

} // End Of Loop

 

Gives me error 

HTTP ERROR 500

[mac_gyver]

22 minutes ago, amirelgohary1990 said:

I need to find a way to close loop outside if condition

why, exactly, do you think you need to do this?

longer-version: you are telling us what you are trying to make work, not what the overall problem is that you are trying to solve.

the point of looping over the result from a SELECT query is to use that data somehow. what does this have to do with the if() conditional statement?

btw - using mysqli_real_escape_string() on the static string 'Active' is meaningless, and using it in a context that is not a literal string value, e.g. the IN (...) list of values, doesn't provide any protection against sql injection in the value, because there's no string to escape out of. to provide protection against sql injection in this case, you either need to cast each of the ids as integers, or more simply use a prepared query, since it provides protection for all data types, without needing you to use a different protection method for each type. you were using the much simpler and more modern PDO extension, with prepared queries. in one of your previous threads. why have you now devolved to using the overly complicated and inconsistent mysqli extension? if you read my last reply in that thread, you will find that you can use a single prepared query place-holder if you use FIND_IN_SET() instead of an IN() comparison, which requires a place-holder for each value in the list.

[maxxd]

You're also ending the if statement in the middle of the loop - you can't do that. If the conditional applies to each row pulled from the database (it doesn't look like it does) then put the if statement inside the loop. Otherwise, end it after the loop. And as mac_gyver pointed out, you'll be better served going with PDO over mysqli.

[amirelgohary1990]

20 hours ago, mac_gyver said:

you will find that you can use a single prepared query place-holder if you use FIND_IN_SET() instead of an IN() comparison, which requires a place-holder for each value in the list.

I tried to use FIND_IN_SET() with prepared statement, but did work, do not return any result, or even errors, that's why I used normal query until study PDO then switch this query into PDO,
I will open new case with my code with FIND_IN_SET() may be something wrong in my code