I have three tables in my database, and I'm building an API to display the results back in JSON.
I currently have the API setup as follows:
api.php?type=tablename
I simply do:
$query = "SELECT * from `" . $_GET["type"] ."` ";
Simple enough. I also have in there an order type:
api.php?type=tablename&order=columnname
For the code, I do:
$query = "SELECT * from `" . $_GET["type"] ."` ";
if(isset($_GET["order"]))
$query .= "ORDER BY `" . $_GET["type"] . "`.`". $_GET["order"] ."` ASC";
Now this is fine, however I'd like to expand this so the user is able to specifically select the columns they would like using "select=columnname"
So my questions are:
- Whats the best way to have multiple selections in the URL, for example something like api.php?type=tablename&select=this|that|something
I could always explode the string and build a query that way? But is this the best method?
- Although the solution of having "
if isset" everywhere will work, to me it gets messy, and if I want to add other SQL statements into it, it won't be easy to edit.
I saw the suggestion of using %s to do this, however I can't for the life of me understand how I'd implement this.
Any suggests would be nice, without doing many if statements.
EDIT: Don't worry about whether the query fails, I have that done already.
