0

I am trying to create a query string based on GET values passed to common vars:

if isset, gTipo = $_GET['tipo'] and others like this.

So, here is the code that is not working:

$sqlLista   =   'SELECT * FROM produtos';


if($gTipo <> 0 || $gLinha <> 0)
{
    if($gtipo <> 0 && $gLinha == 0 )
    {
        $sqlLista .= ' WHERE id_tipo = '.$gTipo.'';
    }
    if($gtipo <> 0 && $gLinha <> 0)
    {
        $sqlLista .= ' WHERE id_tipo = '.$gTipo.' AND id_linha = '.$gLinha.'';
    }
    if($gTipo == 0 && $gLinha <> 0)
    {
        $sqlLista .= ' WHERE id_linha = '.$gLinha.'';
    }
}

If i set my url as ?tipo=2&linha=4 , my script capture this GET vars and create the common var gTipo and gLinha. If any of this GET are not set, the gTipo or gLinha receive the '0' (zero) value.

When I run the script of query building, nothing is concatened to $sqlLista, except what is done outside the if ( $sqlLista = 'SELECT * FROM produtos'; ).

I am sure this must be a stupid thing that I cannot see. Please, help me =)

Improve this question
5
  • 1
    Please tell me that you've already sanitized the $gLinha and $gtipo variables against SQL injection.. Commented Sep 25, 2011 at 15:47
  • 1
    Depends on how you're running queries. Look at mysql_real_escape_string() if you are using the mysql functions, look at PDO prepared statements if you're using PDO. Also, if you're just expecting one of the variables to be integers, you can just typecast them to integer with $variable = (int) $variable; so that they can't be anything BUT an integer (which is recommended for integers, as it is much less processing). Commented Sep 25, 2011 at 15:50
  • tks man, I will use $variable = (int) $variable :) I will use just ids integers in this query. Commented Sep 25, 2011 at 15:52
  • Look: $gTipo = (int)$_GET['tipo'] or die ('The value is not a integer.'); Commented Sep 25, 2011 at 15:54
  • no need to die(). It will just force it to be 0 if it isn't a numeric value. Commented Sep 25, 2011 at 15:56

3 Answers 3

Reset to default
1

I think your problem is variable case:

if($gtipo <> 0...

should be

if($gTipo <> 0...

in 2 places.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

True, variables are case-sensitive. php -r '$Foo = 1; var_dump($foo);'
Gus, you are absolutelly right!!! I knew that should be a stupid detail that I wasnt seeing. Really tks man. Many hours over this keyboard are blurring my eyes and thoughts XD
1

dunno what's your problem but the code seems a bit bloated to me
I'd make it this way

$w = array();
$where = '';
if (!empty($_GET['tipo'])) $w[] = 'id_tipo = '.intval($_GET['tipo']);
if (!empty($_GET['linha'])) $w[] = 'id_linha = '.intval($_GET['linha']);
if ($w) $where = " WHERE ".implode(' AND ',$w);
$sqlLista = SELECT * FROM produtos'.$where;

hope you know what you're doing and you really need AND, not OR in the query.

if you have your validations already, the code would be even shorter

$w = array();
$where = '';
if ($gtipo) $w[] = "id_tipo = $gtipo";
if (gLlinha) $w[] = "id_linha = gLinha";
if ($w) $where = " WHERE ".implode(' AND ',$w);
$sqlLista = 'SELECT * FROM produtos'.$where;
Improve this answer

2 Comments

Tks for help Col. Shrapnel... but I will keep my original code structure. Simple and works.
I wouldn't call a bunch of useless operators "simple". your first condition is totally useless
0

Your variable names are inconsistent - $gTipo vs $gtipo.

This line will prevent your inner logic from executing. remove it.

if($gTipo <> 0 || $gLinha <> 0)

As a matter of style, you should use "else if" to prevent multiple "WHERE" lines from being appended if you make a logic error.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.