-3

I have a variable ($city) that pass through from other page and would like to select out from my database. However, I would only allow either one of the mysql_query to be selected when either of the condition is met but for my case it only work for the second condition. I apologize that I am lack of experience in php but would appreciate if anyone can assist here. thanks.

 $allcity = "AllCity";

 if (($city) == ($allcity))
 {
 $sql = mysql_query("SELECT * FROM upload WHERE allcity = '$city'");
 }
 else 
 {
 $sql = mysql_query("SELECT * FROM upload WHERE city = '$city'");
 }

 while ($row = mysql_fetch_array($sql))
 {
 echo $id = $row['id']; 
 echo $lat = $row['lati'];
 echo $long = $row['longi'];
 echo $name = $row['name']; 
 echo $country = $row['country'];
 echo $city = $row['city']; 
 echo $price = $row['price'];
 }
Saurabh Singh
  • 381
  • 5
  • 15
user3379528
  • 131
  • 1
  • 13
  • Do `echo $city;` and see what you're getting from *other page*. – Rajdeep Paul Oct 20 '16 at 17:25
  • try `if($city == $allcity)` – prasanth Oct 20 '16 at 17:26
  • 1
    ***Please [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php).*** [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really pretty easy](http://jayblanchard.net/demystifying_php_pdo.html). Quit killing kittens. – Jay Blanchard Oct 20 '16 at 17:27
  • [Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)***. Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! – Jay Blanchard Oct 20 '16 at 17:27
  • what are the row values for `allcity`? `AllCity` is case-sensitive here, so `allcity` won't work if that is the value for the row(s). Tell us, does anything echo at all? add echoes in each conditional and tell us what shows up. – Funk Forty Niner Oct 20 '16 at 17:32
  • use query `$sql = mysql_query("SELECT * FROM upload WHERE allcity = 'AllCity'");` also check field value case-sensitivity. – Veer Oct 20 '16 at 17:36
  • also if you dont want to restrict quert then use `$sql = mysql_query("SELECT * FROM upload");` – Veer Oct 20 '16 at 17:38
  • 3
    You need to get in the habit of [accepting answers](http://meta.stackexchange.com/questions/5234/how-does-accepting-an-answer-work) which help you to solve your issues. You'll earn points and others will be encouraged to help you. – Jay Blanchard Oct 20 '16 at 17:41
  • ok, whatever. Wait for a magic answer, I'm out of this rabbit hole. – Funk Forty Niner Oct 20 '16 at 17:41
  • I have echo the variable ($city). Result is AllCity. – user3379528 Oct 20 '16 at 17:48
  • I just want to know is the way to do if else statement for mysql select. Thanks you paul for the help. appreciate it i will check through again and change the mysql. Thanks – user3379528 Oct 20 '16 at 17:52

1 Answers1

0

As others have stated, stop using mysql_.

However, if the ($city == $allcity) doesn't match, you need to look at the $city-variable, to see if that contains spaces or other "hidden" characters breaking the match.

Do a var_dump($city)before the if/else, to check the string and see if it's actually 7 characters long. Also, to avoid capitalization errors, you might wanna do something like (strtolower($city) == strtolower($allcity)) and see if that works.

junkfoodjunkie
  • 3,168
  • 1
  • 19
  • 33