how to change field using decision control statement?

Question

code:

<?php
    if(isset($_POST['search']))
    {
      $college_id = $_POST['college_id'];
      $field = $_POST['field'];
      $city = $_POST['city'];
      $college_name = $_POST['college_name'];

      if($college_id == $_POST['college_id'])
      {
        $sql = "select * from all_colleges where college_id = '$college_id'";
        $result = mysqli_query($link,$sql) or die(mysqli_error($link));
        while ($fetch = mysqli_fetch_array($result,MYSQLI_BOTH)) 
        {
          echo "<tr>
                  <td>".$fetch['college_id']."</td>
                  <td>".$fetch['college_name']."</td>
                  <td>".$fetch['website']."</td>
                  <td>".$fetch['field']."</td>
                  <td>".$fetch['city']."</td>
                  <td>
                    <a class='view' title='view' href='view.php?id=".$fetch['college_id']."'>
                      <img src='gridview/view.png' alt='view' />
                    </a>

                    <a class='update' title='Update' href='update.php?id=".$fetch['college_id']."'>
                      <img src='gridview/update.png' alt='Update' />
                    </a>

                    <a class='delete' title='delete' href='delete.php?ad_id=".$fetch['college_id']."'>
                      <img src='gridview/delete.png' alt='delete' />
                    </a>
                  </td>
                </tr>";

        }  
      }

      elseif($field == $_POST['field'])
      {
        $sql = "select * from all_colleges where field = '$field'";
        $result = mysqli_query($link,$sql) or die(mysqli_error($link));
        while ($fetch = mysqli_fetch_array($result,MYSQLI_BOTH)) 
        {
          echo "<tr>
                  <td>".$fetch['college_id']."</td>
                  <td>".$fetch['college_name']."</td>
                  <td>".$fetch['website']."</td>
                  <td>".$fetch['field']."</td>
                  <td>".$fetch['city']."</td>
                  <td>
                    <a class='view' title='view' href='view.php?id=".$fetch['college_id']."'>
                      <img src='gridview/view.png' alt='view' />
                    </a>

                    <a class='update' title='Update' href='update.php?id=".$fetch['college_id']."'>
                      <img src='gridview/update.png' alt='Update' />
                    </a>

                    <a class='delete' title='delete' href='delete.php?ad_id=".$fetch['college_id']."'>
                      <img src='gridview/delete.png' alt='delete' />
                    </a>
                  </td>
                </tr>";

        }  
      }

      elseif($city == $_POST['city'])
      {
        $sql = "select * from all_colleges where city = '$city'";
        $result = mysqli_query($link,$sql) or die(mysqli_error($link));
        while ($fetch = mysqli_fetch_array($result,MYSQLI_BOTH)) 
        {
          echo "<tr>
                  <td>".$fetch['college_id']."</td>
                  <td>".$fetch['college_name']."</td>
                  <td>".$fetch['website']."</td>
                  <td>".$fetch['field']."</td>
                  <td>".$fetch['city']."</td>
                  <td>
                    <a class='view' title='view' href='view.php?id=".$fetch['college_id']."'>
                      <img src='gridview/view.png' alt='view' />
                    </a>

                    <a class='update' title='Update' href='update.php?id=".$fetch['college_id']."'>
                      <img src='gridview/update.png' alt='Update' />
                    </a>

                    <a class='delete' title='delete' href='delete.php?ad_id=".$fetch['college_id']."'>
                      <img src='gridview/delete.png' alt='delete' />
                    </a>
                  </td>
                </tr>";

        }  
      }

      elseif($college_name == $_POST['college_name'])
      {
        $sql = "select * from all_colleges where college_name = '$college_name'";
        $result = mysqli_query($link,$sql) or die(mysqli_error($link));
        while ($fetch = mysqli_fetch_array($result,MYSQLI_BOTH)) 
        {
          echo "<tr>
                  <td>".$fetch['college_id']."</td>
                  <td>".$fetch['college_name']."</td>
                  <td>".$fetch['website']."</td>
                  <td>".$fetch['field']."</td>
                  <td>".$fetch['city']."</td>
                  <td>
                    <a class='view' title='view' href='view.php?id=".$fetch['college_id']."'>
                      <img src='gridview/view.png' alt='view' />
                    </a>

                    <a class='update' title='Update' href='update.php?id=".$fetch['college_id']."'>
                      <img src='gridview/update.png' alt='Update' />
                    </a>

                    <a class='delete' title='delete' href='delete.php?ad_id=".$fetch['college_id']."'>
                      <img src='gridview/delete.png' alt='delete' />
                    </a>
                  </td>
                </tr>";

        }  
      }
    }
    else
    {
      $per_page=100;
      if (isset($_GET["page"])) 
      {
      $page = $_GET["page"];
      }
      else {
      $page=1;
      }
      $start_from = ($page-1) * $per_page;

      $sql="select * from all_colleges LIMIT $start_from, $per_page";
      $result = mysqli_query($link,$sql);
      while ($row = mysqli_fetch_array($result)) 
      {
      echo "<tr>
              <td>".$row['college_id']."</td>
              <td>".$row['college_name']."</td>
              <td>".$row['website']."</td>
              <td>".$row['field']."</td>
              <td>".$row['city']."</td>
              <td>
                <a class='view' title='view' href='view.php?id=".$row['college_id']."'>
                  <img src='gridview/view.png' alt='view' />
                </a>

                <a class='update' title='Update' href='update.php?id=".$row['college_id']."'>
                  <img src='gridview/update.png' alt='Update' />
                </a>

                <a class='delete' title='delete' href='delete.php?ad_id=".$row['college_id']."'>
                  <img src='gridview/delete.png' alt='delete' />
                </a>
              </td>
            </tr>";

      }
  }
  ?>

html code:

<form method="post">
  <div class="row">
    <label for="Producer_firstname">College Id</label>
    <input type="text" name="college_id" id="college_id" size="25" />   
  </div>

  <div class="row">
    <label for="Producer_firstname">Field</label>       
    <select name="field" id="field">    
      <option value="">Select Field</option>
      <option value='All'>All</option>  
      <option value='engineering'>Engineering</option>  
      <option value='law'>LAW</option>  
      <option value='medical'>Medical</option>  
      <option value='management'>Management</option>  
      <option value='pharmacy'>Pharmacy</option>
      <option value='hotel management'>Hotel Management</option>
      <option value='mass communication'>Mass Communication</option>
      <option value='agriculture'>Agriculture</option>
      <option value='architecture'>Architecture</option>
      <option value='education'>Education</option>
      <option value='paramedical'>Paramedical</option>
      <option value='design'>Design</option>
      <option value='commerce'>Commerce</option>
      <option value='film/tv/media'>Film /TV/ Media</option>
      <option value='General'>General</option>
    </select>
  </div>

  <div class="row">
    <label for="Producer_firstname">Location</label>
    <input type="text" name="city" id="city" size="25" />   
  </div>

  <div class="row">
    <label for="Producer_firstname">College Name</label>
    <input type="text" name="college_name" id="college_name" size="50" />   
  </div>

  <div class="row buttons">
    <button type="submit" name="search" id="search">Search</button> 
  </div>
</form>

In this code I want that when I post college_id it will run

select * from all_colleges where college_id = '$college_id'

and when I post field it will run

select * from all_colleges where field = '$field'

similarly for city and college_name. But it only run college_id query either I post college_id or field it remain run same query i.e.

select * from all_colleges where college_id = '$college_id'

How can I fix this problem please help ?

Thank You

Answer 1

if($college_id == $_POST['college_id']) this will always going to be true try this instead:

if(isset($_POST['college_id']) && !empty($_POST['college_id']))

Answer 2

When you submit your form all fields will be set you need to check there values and add in where condition like,

if(isset($_POST['search'])) {
    $where =[];
    if($_POST['college_id']){
        $where[] = ' college_id = "'.$_POST['college_id'].'"';
    }
    if($_POST['field']){
        $where[] = ' field = "'.$_POST['field'].'"';
    }
    if($_POST['city']){
        $where[] = ' city = "'.$_POST['city'].'"';
    }
    if($_POST['college_name']){
        $where[] = ' college_name = "'.$_POST['college_name'].'"';
    }
    // you are searching so I prefer OR in implode
    $where = !empty($where) ? ' WHERE '.implode(' OR ',$where) : '';
    $sql = "select * from all_colleges ".$where;
    $result = mysqli_query($link,$sql) or die(mysqli_error($link));
    while ($fetch = mysqli_fetch_array($result,MYSQLI_BOTH)) {
       ....
    } // end while
}// end if post search

Updated, as per @RiggsFolly comment you need to prevent your data from SQL attacks by using prepare and bind_param like(based on Gumbo's answer ),

if(isset($_POST['search'])) {
    $where =[],$values=[];
    if($_POST['college_id']){
        $where[] = ' college_id = ? ';
        $values['college_id']=$_POST['college_id'];
    }
    if($_POST['field']){
        $where[] = ' field = ? ';
        $values['field']=$_POST['field'];
    }
    if($_POST['city']){
        $where[] = ' city = ? ';
        $values['city']=$_POST['city'];
    }
    if($_POST['college_name']){
        $where[] = ' college_name = ? ';
        $values['college_name']=$_POST['college_name'];
    }
    // you are searching so I prefer OR in implode
    $where = !empty($where) ? ' WHERE '.implode(' OR ',$where) : '';
    $stmt = $mysqli->prepare($query);
    $params = array_merge(array(str_repeat('s', count($values))), array_values($values));
    call_user_func_array(array(&$stmt, 'bind_param'), $params);
    /* fetch result data */
    while ($stmt->fetch()) {
       // your code here
    }
} // end if