-1

I know that I can't use a WHERE clause in an insert statement, but I need to exclude certain entries from being inserted to my table. Here is what I'm working with:

foreach($json['Meetings'] as $meet) {
$add1 = $meet['AddressLine1'];
$add2 = $meet['AddressLine2'];
$cpid = $meet['CongressPersonID'];
$cpsd = $meet['CongressPersonStateDistrict'];
$start = $meet['Start'];
$end = $meet['End'];
$loc = $meet['Location'];
$meetwith = $meet['MeetingWith'];
$name = $meet['Name'];
$ph = $meet['PhoneNumber'];
$meetid = $meet['Id'];
$status = $meet['Status'];

$sql = "INSERT INTO Meetings (AddressLine1, AddressLine2, CongressPersonID, CongressPersonStateDistrict, End, Location, MeetingWith, Meeting_Id, Name, PhoneNumber, Start, Status)
        VALUES ('$add1', '$add2', '$cpid', '$cpsd', '$end', '$loc', '$meetwith', '$meetid', '$name', '$ph', '$start', '$status')";

I have a JSON file which I'm parsing through PHP and it's inserting just fine into my database.

The only bit of info I'm concerned with is Status. The value for that can be "Confirmed" or "NotRequested."

I only want to insert the row if Status = "Confirmed."

Really, I would like to exclude those entries that are not confirmed as early in the process as possible. I am just not very experienced in this yet.

One workaround I thought of was to insert everything, then immediately go in and remove any entry where Status != "Confirmed" but that seems like an innefficient way to do it.

AdamDallas
  • 67
  • 7
  • 4
    You can simply add a check like `if($meet['Status'] == 'Confirmed')`, – Agam Banga May 01 '17 at 17:37
  • 4
    Your code is likely vulnerable to [**SQL injection**](https://en.wikipedia.org/wiki/SQL_injection) attacks. You should use [**mysqli**](https://secure.php.net/manual/en/mysqli.prepare.php) or [**PDO**](https://secure.php.net/manual/en/pdo.prepared-statements.php) prepared statements with bound parameters as described in [**this post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). – Alex Howansky May 01 '17 at 17:38

2 Answers2

1

You can use the continue method like

foreach($json['Meetings'] as $meet) {
    if($meet['Status'] != 'Confirmed')
       continue;
    $add1 = $meet['AddressLine1'];
    $add2 = $meet['AddressLine2'];
    $cpid = $meet['CongressPersonID'];
    $cpsd = $meet['CongressPersonStateDistrict'];
    $start = $meet['Start'];
    $end = $meet['End'];
    $loc = $meet['Location'];
    $meetwith = $meet['MeetingWith'];
    $name = $meet['Name'];
    $ph = $meet['PhoneNumber'];
    $meetid = $meet['Id'];
    $status = $meet['Status'];
    $sql = "INSERT INTO Meetings (AddressLine1, AddressLine2, CongressPersonID, CongressPersonStateDistrict, End, Location, MeetingWith, Meeting_Id, Name, PhoneNumber, Start, Status)
        VALUES ('$add1', '$add2', '$cpid', '$cpsd', '$end', '$loc', '$meetwith', '$meetid', '$name', '$ph', '$start', '$status')";
Agam Banga
  • 2,708
  • 1
  • 11
  • 18
1

Using your code, I'd add a conditional inside your foreach loop to check the value of $meet['Status'].

foreach($json['Meetings'] as $meet) {
    if ($meet['Status'] == "Confirmed") {
        $add1 = $meet['AddressLine1'];
        $add2 = $meet['AddressLine2'];
        $cpid = $meet['CongressPersonID'];
        $cpsd = $meet['CongressPersonStateDistrict'];
        $start = $meet['Start'];
        $end = $meet['End'];
        $loc = $meet['Location'];
        $meetwith = $meet['MeetingWith'];
        $name = $meet['Name'];
        $ph = $meet['PhoneNumber'];
        $meetid = $meet['Id'];
        $status = $meet['Status'];

        $sql = "INSERT INTO Meetings (AddressLine1, AddressLine2, CongressPersonID, CongressPersonStateDistrict, End, Location, MeetingWith, Meeting_Id, Name, PhoneNumber, Start, Status)
        VALUES ('$add1', '$add2', '$cpid', '$cpsd', '$end', '$loc', '$meetwith', '$meetid', '$name', '$ph', '$start', '$status')";
    }
}
Al Bunch
  • 11
  • 1
  • 2