|
|
Posted by Steve on 04/13/07 18:40
"strawberry" <zac.carey@gmail.com> wrote in message
news:1176488231.812171.25480@o5g2000hsb.googlegroups.com...
On Apr 13, 6:23 pm, Rami Elomaa <rami.elo...@gmail.com> wrote:
============
foreach ($_GET as $condition_key => $condition_value) {
$condition[] =" `$condition_key` = '$condition_value' ";
$condition_keys[] = "$condition_key";
$condition_values[] = "'$condition_value'";
}
if(is_null($condition)){
$conditionString = " 1 ";
}else{
$conditionString = implode('AND', $condition);
$conditionKeysString = implode(',',$condition_keys);
$conditionValuesString = implode(',',$condition_values);
============
have you thought of always having criteria of WHERE 1 = 1 ? that way you can
avoid having if/else logic. you can then always impode with AND. i'd also
recommend that you array_walk the columns ($cond_keys) and the values
($cond_values) so that you can back-tick the columns and escape the ticks
that may be present in the values. otherwise, you may have quite a volitile
little query. :)
i'd also watch out for treating $_GET as global AND trustworthy. it's better
to define the fields in your code and then set their prospective values from
$_GET/$_POST/$_REQUEST/whatever. array_walk is great for that as well.
if i wanted to hack and ruin your site (down your mysql instance), i could
introduce my own little condition and have it loop infinitely.
just a thought.
Navigation:
[Reply to this message]
|