Home/ Questions/Q 8711435
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-13T04:52:35+00:00

I am trying to $_GET some variables that a user may enter (busy making

  • 0

I am trying to $_GET some variables that a user may enter (busy making a basic web-server):

$users= strval($_GET['user']);
$price= intval($_GET['price']);
$productID= intval($_GET['productid']);

This is my query:

$query = "SELECT * FROM `table` WHERE `user` = '" . $user . "' AND `price` <= " . $price . " AND `productID` = " . $productID;

(something like this)

Given this theoretical link:

www.example.com/api.php?price=300

And don’t use the rest of the GET (user and productID) will automatically be filled with either 0 or ” (int/string).

So I thought I could use an if statement:

if(price == 0){
   // change the query without the price as WHERE
}

But what if I have combinations of price and productID or productID and user as variables.

What is the best way to handle this? Maybe it’s a stupid question but I can’t figure it out.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You can use combined IF statements to build the appropriate query using the variables if they are supplied (and ignoring them if not)

    $query = "SELECT * FROM `table` WHERE 1"; // WHERE 1 means "return all rows from table"

if ( isset( $_GET['price'] ) ){ // Only if price variable is set
    $query .= " AND price <= '{$_GET['price']}'"; // Restrict results by price
}

if ( isset( $_GET['user'] ) ){ // Only if user variable is set
    $query .= " AND user LIKE '{$_GET['user']}'"; // Restrict results by user
}

if ( isset( $_GET['productID'] ) ){ // Only if user variable is set
    $query .= " AND productID = '{$_GET['productID']}'"; // Restrict results by productID
}
    • 0