I like to store my where pieces in an array and then
implode. I usually load my indexed columns first.
$where = array();
if ($_POST['house_id'] == "yes") {
$where[] = 'id = '.intval($_POST['house_id']);
}
if ($_POST['fireplace'] == "yes") {
$where[] = 'fireplace = 1';
}
if (isset($_POST['garage'])) {
$where[] = 'garage =
"'.addslashes($_POST['garage']).'";
}
$limit_clause = ' LIMIT 0,15 ';
if (count($where)) {
$where_clause = ' WHERE '.implode(' AND ',$where);
}
$sql = 'SELECT id, address, description
FROM houses '.
$where_clause.
$limit_clause;
olinux
--- Ed Curtis <[EMAIL PROTECTED]> wrote:
>
> > To answer the question, $query_str.=" AND garage =
> '$garage' ";
> >
> > BUT. If $garage is an id (numeric), then you
> should use
> > $garage=abs($garage) first in order to defeat SQL
> injection. If it's a
> > string, well, say so and we'll tell you what to do
> (a lot to explain,
> > and not useful if it's an ID).
> >
> > Bogdan
>
> All values pulled from $_POST are strings such as
> $garage = "Attached 2
> Car" or "Detached 1 Car", etc. There are a few
> options that will be based
> on a checkbox. If the box is checked it means you
> want that option
> included in the query as well, i.e. (fireplace ==
> "yes".) If the box is
> not checked it means no, i.e (fireplace == "no".)
>
> Thanks,
>
> Ed
__________________________________
Do you Yahoo!?
Free Pop-Up Blocker - Get it now
http://companion.yahoo.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
