Hello all,
I have a WHERE clause which includes 2 different conditions.
Is it possible to return data dependant on which condition is true?
The query includes some pseudo code:
WHERE first_name LIKE \\''.$_POST['name'].'%\\' OR last_name LIKE \\''.$_POST['name'].'%\\'';
$r = @mysqli_query($dbc, $q);
$num = mysqli_num_rows($r);
if ($num > 0) {
while ($row = mysqli_fetch_array($r, MYSQLI_ASSOC)) {
if (first_name LIKE \\''.$_POST['name'].'%\\') {
// echo content here
}
elseif(last_name LIKE \\''.$_POST['name'].'%\\') {
// echo other content here
}
}
}
Thanks in advance for any assistance.
In the PHP code you could use stristr I guess: http://www.php.net/manual/en/function.stristr.php
By the way, don’t use user input in a query without sanitizing it first. Take a look at this: http://it2.php.net/manual/en/mysqli.real-escape-string.php
or use prepared statements
Thanks Guido,
I’ll have to see if that will work.
By the way, don’t use user input in a query without sanitizing it first. Take a look at this: http://it2.php.net/manual/en/mysqli....ape-string.php
or use prepared statements
Yes, got to do that as well.
Hi all,
no luck yet.
What if I checked which column names are true and then echo out the content?
WHERE first_name LIKE \\''.$_POST['name'].'%\\' OR last_name LIKE \\''.$_POST['name'].'%\\'';
$r = @mysqli_query($dbc, $q);
$num = mysqli_num_rows($r);
if ($num > 0) {
while ($row = mysqli_fetch_array($r, MYSQLI_ASSOC)) {
if ($row['first_name']) {
// echo content here
}
elseif($row['last_name']) {
// echo other content here
}
}
}
I also tried the code below but I don’t know if I must first echo $row[‘first_name’] before I can use it in the in_array function.
while ($row = mysqli_fetch_array($r, MYSQLI_ASSOC)) {
if(in_array($row['first_name'], $first_names_array)) {
// echo content here
}
elseif(in_array($row['last_name'], $last_names_array)) {
// echo other content here
}
Surely there must be a way to do this?
Thanks.