Jump to content

Recommended Posts

Hello

I need to find a way to close loop outside if condition

like below example

if(escape($_POST['jobCategory']) != "all-categories" && escape($_POST['countryId']) == "all-countries"):

$query = mysqli_query($dbConnection,"SELECT jobs.id, jobs.job_title, jobs.salary, jobs.employer_id, employers.employer_name, employers.employer_logo FROM jobs LEFT JOIN employers ON jobs.employer_id = employers.employer_id WHERE job_status = '".mysqli_real_escape_string($dbConnection,'Active')."' AND id IN (".mysqli_real_escape_string($dbConnection,$job_id_imploded).") ");

while($row = mysqli_fetch_assoc($query)){  // Start Loop
 $job_id = $row['id'];
$job_title = $row['job_title'];

endif; 

<div class="job-title">
<a href="job_post.php?job_id=<?php echo htmlspecialchars($job_id) ?>" class="job-title-link"><?php echo htmlspecialchars($job_title); ?></a>
</div>

} // End Of Loop

 

Gives me error 

HTTP ERROR 500

Link to comment
https://forums.phpfreaks.com/topic/317114-php-close-loop-outside-if-function/
Share on other sites

22 minutes ago, amirelgohary1990 said:

I need to find a way to close loop outside if condition

why, exactly, do you think you need to do this?

longer-version: you are telling us what you are trying to make work, not what the overall problem is that you are trying to solve.

the point of looping over the result from a SELECT query is to use that data somehow. what does this have to do with the if() conditional statement?

btw - using mysqli_real_escape_string() on the static string 'Active' is meaningless, and using it in a context that is not a literal string value, e.g. the IN (...) list of values, doesn't provide any protection against sql injection in the value, because there's no string to escape out of. to provide protection against sql injection in this case, you either need to cast each of the ids as integers, or more simply use a prepared query, since it provides protection for all data types, without needing you to use a different protection method for each type. you were using the much simpler and more modern PDO extension, with prepared queries. in one of your previous threads. why have you now devolved to using the overly complicated and inconsistent mysqli extension? if you read my last reply in that thread, you will find that you can use a single prepared query place-holder if you use FIND_IN_SET() instead of an IN() comparison, which requires a place-holder for each value in the list.

You're also ending the if statement in the middle of the loop - you can't do that. If the conditional applies to each row pulled from the database (it doesn't look like it does) then put the if statement inside the loop. Otherwise, end it after the loop. And as mac_gyver pointed out, you'll be better served going with PDO over mysqli.

20 hours ago, mac_gyver said:

you will find that you can use a single prepared query place-holder if you use FIND_IN_SET() instead of an IN() comparison, which requires a place-holder for each value in the list.

I tried to use FIND_IN_SET() with prepared statement, but did work, do not return any result, or even errors, that's why I used normal query until study PDO then switch this query into PDO,
I will open new case with my code with FIND_IN_SET() may be something wrong in my code

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.