This list has helped me out alot and I hope it can do it one more time.
I need to build a MySQL query based on 11 different options from a form. Some options will have values others will be checkboxes to say include in the query.
How I thought about going at it was using a default query string and add additional strings to the default string based on results of the form.
$query_str = "SELECT * FROM listings WHERE id > 0 ";
if ($garage != "") {
$garage_str = "AND garage = '$garage' ";
//add $garage_str to $query_str//
}
This would continue through all eleven options then produce a query string with all included query options needed. Can this be done this way? If so, how do I add a string to a string?
Thanks,
Ed
To answer the question, $query_str.=" AND garage = '$garage' ";
BUT. If $garage is an id (numeric), then you should use $garage=abs($garage) first in order to defeat SQL injection. If it's a string, well, say so and we'll tell you what to do (a lot to explain, and not useful if it's an ID).
Bogdan
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
