Home/ Questions/Q 8185955
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-07T02:02:08+00:00

I’m having a little trouble with my MYSQL query I have a DB full

  • 0

I’m having a little trouble with my MYSQL query

I have a DB full of products and I have a dropdown menu which lets a user select what time of day they’d like to get get results for :-

  • Dropdown
    • Breakfast
    • Lunch
    • Evening
    • Anytime

At the moment my statement is

SELECT * from DEALS WHERE timeofday='post data from form';

Now this works fine, but with the option for ‘Anytime’ I’d like the query to be able to search for results of all/any of the above.

I was thinking of perhaps doing an IF statement which fires off 2 separate queries, one which says if the $_POST['timeofday'] == 'Anytime' then fire off

SELECT * from DEALS where timeofday='Breakfast' 
OR timeofday='Lunch' OR timeofday='Evening';

otherwise just do the normal query, although wondered if it was possible to do this in just one statement.

Kind regards

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team
    $query = 'SELECT * from DEALS';
if ($_POST['timeofday'] != 'Anytime') {
    $query .= ' WHERE timeofday="' . $_POST['timeofday'] . '"';
}

    As DCoder mentioned, this approach is vulnerable to sql injection… You should check/sanitize the input or use prepared statements. In this case where there is a predefined set of values you can:

    $knownTimesOfDay = array('Breakfast', 'Lunch', 'Evening', 'Anytime');
if (!in_array($_POST['timeofday'])) {
    die('Unsuppotred time of day... Did it really come from the form?');
}
$query = 'SELECT * from DEALS';
if ($_POST['timeofday'] != 'Anytime') {
    $query .= ' WHERE timeofday="' . $_POST['timeofday'] . '"';
}
    • 0