MySQL PHP Condition based Query

Question

I want to run different query as per ID received from table, Please help to resolve;

For example if $idcat == 5 Run query A and else if $idcat == 4 run query B

//include connection file 
    include_once("connection.php");

    $db = new dbObj();
    $connString =  $db->getConnstring();

    $params = $_REQUEST;

    $action = isset($params['action']) != '' ? $params['action'] : '';
    $empCls = new FillEmpty($connString);



    function insertFillEmpty($params) {
        $data = array();

        $catintid = "SELECT categoryinternalID FROM inhandemptystock";
        $results = mysqli_query($this->conn, $catintid);
        $raw = mysql_fetch_array($results);
        $idcat = $raw["categoryinternalID"];
        if ($idcat == "5") {

        $sqll = "INSERT INTO `testing` (goog) VALUES('" . $params["enteredBy"] . "');  ";
        echo $result = mysqli_query($this->conn, $sqll) or die("error to insert employee data");

} else {
            echo '<script language="javascript">';
            echo 'alert("Something is wrong")';
            echo '</script>';
        }


    }

Your code is vulnerable to [**SQL injection**](https://en.wikipedia.org/wiki/SQL_injection) attacks. You should use [**mysqli**](https://secure.php.net/manual/en/mysqli.prepare.php) or [**PDO**](https://secure.php.net/manual/en/pdo.prepared-statements.php) prepared statements with bound parameters as described in [**this post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). — Alex Howansky, May 08 '17 at 15:19
You're mixing mysql and mysqli. Don't use the `mysql_*` functions. They have been deprecated since v5.5 (Jun 2013) and removed since v7.0 (Dec 2015). Instead use the [**mysqli_***](https://secure.php.net/manual/en/book.mysqli.php) or [**PDO**](https://secure.php.net/manual/en/book.pdo.php) functions with [**prepared statements**](https://secure.php.net/manual/en/pdo.prepare.php) and [**bound parameters**](https://secure.php.net/manual/en/pdostatement.bindparam.php). — Alex Howansky, May 08 '17 at 15:19
Isn't what you describe exactly what you're already doing? What's the problem here? — David, May 08 '17 at 15:20
If it is not a typo, then the part of the code that uses `mysql_fetch_array()` is incorrect. We can't be switching between `mysqli_*()` and `mysql_*()` API functions for the same query / connection. As mentioned in the comments above, `mysql_*()` functions shouldn't be used in the first place. — Dhruv Saxena, May 08 '17 at 15:32

score 0 · Accepted Answer · answered May 08 '17 at 15:34

0

Here is a simple example of how you can achieve the desired result

<?php
$result = "";
$mysqli = new mysqli('localhost', 'root', '', 'auto') or die($mysqli->error);
$query = $mysqli->query("SELECT categoryinternalID FROM inhandemptystock") or die($mysqli->error);
while($rows = $query->fetch_array(MYSQL_ASSOC)){
    $id = $rows['categoryinternalID'];
    if($id == 5){
        do something
    }else{
        do something
    }
}

answered May 08 '17 at 15:34

Bhupesh Shrestha

248
3
17

Thanks for your advice and I will definitely use PDO. Let me try the code. – neohacksus May 08 '17 at 15:44

MySQL PHP Condition based Query

1 Answers1