Thanks for the reply, Greg,

I see how that is useful. I am confused as to how I would implement it here. Please bear with me as I am a newbie and am now perhaps more confused than ever!:

I'm trying to use the number given in the $_GET URL to build one piece of the sql:

If there is anything set in the $_GET field other than ?c=[valid int] or ?p=[valid int] or ?s=[valid int] then I want to bounce to a plain index. If it's a valid int (a positive int which corresponds to a valid row) then I want to set its value to the appropriate variable: either $c, $p or $s, and thus set the values of $fields, $from and $where.


<?php      //IF there is a valid query by cartoon, use $c to build the SQL
    $fields = 'SELECT art.*,publisher.*,subject.*';
    $from = 'FROM art,subject
        LEFT JOIN publisher
         ON publisher.publisher_id=art.publisher_id';
    $sort = "ORDER BY art.art_pub_date";
    $where = "WHERE art.art_id = '$c' AND
         subject.subject_id=art.subject_id";
?>

If that were instead a $p then I would do:

<?php   //IF there is a valid query by publisher, use $p to build the SQL
        $fields = "SELECT art.*,publisher.*,subject.*";
        $from = "FROM art,subject
        LEFT JOIN publisher
         ON publisher.publisher_id=art.publisher_id";
       $where = "WHERE publisher.publisher_id=art.publisher_id AND
         art.publisher_id = '$p' AND
         subject.subject_id=art.subject_id";

?>
If that were instead an $s then I would do:

<?php      //IF there is a valid query by subject, use $s to build the SQL
    $fields = "SELECT art.*,publisher.*,subject.*";
    $from = "FROM art,subject
        LEFT JOIN publisher
         ON publisher.publisher_id=art.publisher_id";
       $where = "WHERE publisher.publisher_id=art.publisher_id AND
         art.subject_id = '1' AND
         art.subject_id=subject.subject_id";
?>

I'm sure your method works ( ;) ). If I understand it, as my friend Darrell said about your suggestion:

'...We iterate through the array seeing if there's a submitted HTML form field name that matches the current database column name. If so, we add the column name and the value submitted in the form to a string that is being built into a database query.'

I'm trying to see how this code lets me do that. I know it's right in front of my face but I cannot see how to adapt it to the task. .


Thanks in advance!!






Greg Donald wrote:
On 6/2/05, Jack Jackson <[EMAIL PROTECTED]> wrote:

 I'd love some help with http://hashphp.org/pastebin?pid=3443 if anyone
can...

Basically I want to make it so that, if the get in the url specifies no
query or a query to a nonexistent row, send to vanilla index. If url
specifies c= then set $c=c and use the number to build the mysql query;
same for p= and s= - if they're valid build  the query, if not kick em out.

Can anyone offer any help?


I'd iterate over the $_GET array to build the query elements.  Then
implode those elements.

$array = array();

while( list( $k, $v ) = each( $_GET ) )
{
    if( $k == 'somekeynotindb' )
    {
        continue;
    }

    $array[] = $k . "='" . $v . "'";
}

if( $array )
{
    $and = implode( ', ', $array );
}

$sql = "
    SELECT *
    FROM table
    WHERE 1
    $and
";

$query = mysql_query( $sql );



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to