I am trying to $_GET some variables that a user may enter (busy making a basic web-server):
$users= strval($_GET['user']);
$price= intval($_GET['price']);
$productID= intval($_GET['productid']);
This is my query:
$query = "SELECT * FROM `table` WHERE `user` = '" . $user . "' AND `price` <= " . $price . " AND `productID` = " . $productID;
(something like this)
Given this theoretical link:
www.example.com/api.php?price=300
And don't use the rest of the GET (user and productID) will automatically be filled with either 0 or '' (int/string).
So I thought I could use an if statement:
if(price == 0){
// change the query without the price as WHERE
}
But what if I have combinations of price and productID or productID and user as variables.
What is the best way to handle this? Maybe it's a stupid question but I can't figure it out.
You can use combined IF statements to build the appropriate query using the variables if they are supplied (and ignoring them if not)
$query = "SELECT * FROM `table` WHERE 1"; // WHERE 1 means "return all rows from table"
if ( isset( $_GET['price'] ) ){ // Only if price variable is set
$query .= " AND price <= '{$_GET['price']}'"; // Restrict results by price
}
if ( isset( $_GET['user'] ) ){ // Only if user variable is set
$query .= " AND user LIKE '{$_GET['user']}'"; // Restrict results by user
}
if ( isset( $_GET['productID'] ) ){ // Only if user variable is set
$query .= " AND productID = '{$_GET['productID']}'"; // Restrict results by productID
}
You can use ternary operator to make query string correctly, concatenating price clause when it is set.
$query = "select * from table where user = $user" . ($price ? " AND price <= $price" : "") . " AND productID = $productID";
Your english is poor, we are brazilians o/
$users = $_GET['user'] || "";
$price = $_GET['price'] || 0;
$productID = $_GET['productid'] || 0;
$query = "SELECT * FROM table WHERE 1";
$query .= (isset($_GET['user'))?"AND user = '{$users}'";
$query .= (isset($_GET['price'))?"AND price <= '{$price}'";
$query .= (isset($_GET['productid'))?"AND productID = '{$productID}'";
In case you want to use the variables for something else. This sets the values to 0 or "" (empty string) if they aren't set in the $_GET data.