On 12/23/2010 10:39 AM, Ethan Rosenberg, PhD wrote:
Jim -
Thanks ever so much!
Here is the code I used, as you suggested.
==========
$query = "select * from Intake3 where ";
Maybe I missed it, but you need to have a 1 after the where part in your
select. So...
$query = "SELECT * FROM Intake3 WHERE 1 ";
$allowed_fields = array('Site', 'MedRec', 'Fname', 'Lname',
'Phone', 'Sex', 'Height');
Here you are using two different arrays. Yes, I know, they are
basically the same, but they are truly not the same. In your case, use
$_POST
if(isset($_Request['Sex'])&& trim($_POST['Sex']) != '' )
{
if ($_REQUEST['Sex'] == "0")
{
$sex = 'Male';
}
else
{
$sex = 'Female';
}
}
Looking again at what I sent you before, it would have given you a few
errors if ran like that. Here is a better version of it. For the
above, you can change the logic and get rid of the isset and trim.
Also, make sure when you do a comparison against "0" that it is type
strict using === and not ==. I could pass FALSE or NULL as the value
and it would get by your test. If you look at the definition of empty()
it tells you that if empty is passed: "", 0, "0", NULL, FALSE, array(),
or var $var; in a class that the return of empty will be false. So,
this tells me that I can replace the multiple if/else statements above
with a single as below.
if ( empty($_POST['Sex']) )
{
$_POST['Sex'] = 'Male';
} else {
$_POST['Sex'] = 'Female';
}
The above does the same but without the extra work involved. Once you
have that, the following will work fine.
foreach ( $allowed_fields AS $field )
{
if ( ! empty( $_POST[$field] ) )
{
$value = mysql_real_escape_string( $_POST[$field] );
$query .= " AND `{$field}` = '{$value}' ";
}
}
printf($query);
========
This is the result I get for the query:
select * from Intake3 where AND `Site` = 'AA'
I can't figure out what is happening.
Would you please help.
Thanks again.
Ethan
+++++++++++
Date: Tue, 21 Dec 2010 22:33:17 -0800
From: Jim Lucas<lists@xxxxxxxxx>
To: Ethan Rosenberg<ethros@xxxxxxxxxxxxx>
CC: "php-db-lists.php.net"<php-db@xxxxxxxxxxxxx>,
php-general@xxxxxxxxxxxxx
Subject: Re: goto - My comments
On 12/18/2010 9:17 PM, Ethan Rosenberg wrote:
Dear List -
Thanks to all for your EXCELLENT comments. I definitly agree that goto
is a command to be avoided at all costs. In this case, I could not
figure out how to acheive the desired result without the goto. So....
being a newbie, I humbly request that you show [and at the same time
teach] me how to rewrite the code to eleiminate the goto.
Additionally, would you please do the same for the code I list below.
This code runs perfectly.
==============
This is the form:
<form action="srchrhsptl2.php" method="post">
<center>Site:<input type="text" name="Site" value="AA" />
Record Number:<input type="text" name="MedRec" />
First Name:<input type="text" name="Fname" />
Last Name:<input type="text" name="Lname" /><br /><br />
Phone:<input type="text" name="Phone" />
Height:<input type="decimal" name="Height" /></input><br /><br />
Male<input type="radio" name="Sex" value = "0"></input>
Female<input type="radio" name="Sex" value = "1"></input><br /><br
/><br />
<input type="submit" /><br /><br />
<input type="reset" value = "Clear Form" /></center>
</form>
Not sure if you can change the values for the Sex field to 'Male'&
'Female' respectively, but it would simplify the following example.
Here is my rendition of how I would do it.
<?php
...
$query = "select * from Intake3 where 1 ";
$allowed_fields = array('Site', 'MedRe', 'Fname', 'Lname',
'Phone', 'Sex', 'Height');
# deal with the special case first
# Normally you do not want to modify the _POST/_GET/_REQUEST array, but
# in this case, it is used as an quick example of how to get the data
# passed along. if you can change the field values to Male/Female you
# could remove the following section and have just the foreach() loop.
if ( ! empty($_POST['Sex']) )
{
if ( $_POST['Sex'] === '1' )
$_POST['Sex'] = 'Female';
else
$_POST['Sex'] = 'Male';
}
# Now deal with the rest...
foreach ( $allowed_fields AS $field )
{
if ( ! empty( $_POST[$field] ) )
{
$value = mysql_real_escape_string( $_POST[$field] );
$query .= " AND `{$field}` = '{$value}' ";
}
}
in the end, you will end up with a nicely formatted SQL query to execute.
I would suggest cleaning up the output code some and use *_assoc()
instead of the *_array() function call. It gives you back the array
version of the output. This way instead of calling $row[0],
$row[...] you would call $row['Fname'] or $row['Lname'] instead.
Get rid of all those commented out sections and you will have a good
script to play with.
Let us know what comes of it...
==============
THANK YOU EVER SO MUCH FOR YOUR HELP.
Ethan
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
