How to select data with set condition $_POST is empty and has value

Question

I want to select data from my database using PHP and ajax call function. In the select function, I use $_POST from a textbox. I have made a PHP and ajax call function on my page but something is wrong. I use isset[] for checking the $_POST data that I get from my textbox. I use an if condition in there - when the $_POST is empty it selects all data without a where clause, and when a specific $_POST has a value, it will select data with a where clause.

The problem here is that when I use data in my textbox for rendering a string to my PHP $_POST, the else condition on my PHP doesn't run.

This is my code that I use:

JavaScript/jQuery:

$(document).ready(function(e) {
    var data = $("#report_all").serialize();  

    $('#all_report thead').empty();
    $('#all_report tbody').empty();
    $.ajax({
        data: data,
        type: "Post",
        url: "../php/report/report_all_wjm.php",
        success: function(data){
            var list = JSON.parse(data);
            var th = "";

            th += "<th>"+"<center>"+'No'+"</center>"+"</th>";
            th += "<th>"+"<center>"+'Storage Location'+"</center>"+"</th>";
            th += "<th>"+"<center>"+'Kode Material'+"</center>"+"</th>";
            th += "<th>"+"<center>"+'Nama Material'+"</center>"+"</th>";
            th += "<th>"+"<center>"+'No.Polisi'+"</center>"+"</th>";
            th += "<th>"+"<center>"+'Id Identifier'+"</center>"+"</th>";
            th += "<th>"+"<center>"+'Date'+"</center>"+"</th>";
            th += "<th>"+"<center>"+'Netto'+"</center>"+"</th>";
            th += "<th>"+"<center>"+'Uses'+"</center>"+"</th>";
            th += "<th>"+"<center>"+'Unit'+"</center>"+"</th>";
            th += "<th>"+"<center>"+'Payroll'+"</center>"+"</th>";

            th += "</th>";

            $("#all_report thead").append(th);
            for(var i = 0; i < list.length; i++){

                var tr = "<tr>";

                tr += "<td>" +(i+1)+"</td>";
                tr += "<td>" +list[i]['sloc']+"</td>";
                tr += "<td>" +list[i]['kode']+"</td>";
                tr += "<td>" +list[i]['nama']+"</td>";
                tr += "<td>" +list[i]['no_pol']+"</td>";
                tr += "<td>" +list[i]['id']+"</td>";
                tr += "<td>" +list[i]['date']+"</td>";
                tr += "<td>" +list[i]['netto']+"</td>";
                tr += "<td>" +list[i]['uses']+"</td>";
                tr += "<td>" +list[i]['unit']+"</td>";
                tr += "<td>" +list[i]['payroll']+"</td>";

                tr += "</tr>";

                $("#all_report tbody").append(tr);
                $("#all_report").show();
            }
            return false;
        }

    });
});

PHP:

<?php
include("../../Connections/koneksi.php");

$date_awal=$_POST['date_start'];
$date_akhir=$_POST['date_end'];
$kode=$_POST['kode_mat'];
$kode1=$_POST['kode_mat1'];
$sloc=$_POST['s_loc'];
$sloc1=$_POST['s_loc1'];
$type=$_POST['get_type'];
//Display all data
if (isset($date_awal) == "" || isset($date_akhir) == "" || isset($sloc)== "" || isset($sloc1)== "" || isset($kode)== "" || isset($kode1)== "" || isset($type)== "" ){
    $sql = "SELECT * FROM wjm ORDER by no asc";
    $query = mysqli_query($db,$sql);
    $rows = array();

    while($tmp= mysqli_fetch_assoc($query)) {
        $rows[] = $tmp;
    }
}
//Display all data by one date
else  {
    // Data for Titik1
    $sql = "SELECT * FROM wjm WHERE date='$date_awal' order by kode asc ";
    $query = mysqli_query($db,$sql);
    $rows = array();

    while($tmp= mysqli_fetch_assoc($query)) {
        $rows[] = $tmp;
    }

    echo json_encode($rows);
}

mysqli_close($db);
?>

Your code is vulnerable to [**SQL injection**](https://en.wikipedia.org/wiki/SQL_injection) attacks. You should use prepared statements with bound parameters, via either the [**mysqli**](https://secure.php.net/manual/en/mysqli.prepare.php) or [**PDO**](https://secure.php.net/manual/en/pdo.prepared-statements.php) drivers. [**This post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) has some good examples. — Alex Howansky, Aug 26 '17 at 16:00
@AlexHowansky hmmm.. let me ask something. is any syntax similiar with this `$stmt->execute` i dont know how to use `->` this syntax. and i have try using a syntax with `->` and i get error in there — Rob Sutan, Aug 26 '17 at 16:08
I find it truly odd that beginners get hung up on PHP objects or PHP OOP, but they're happy to use it all day long in javascript... — Lawrence Cherone, Aug 26 '17 at 16:13
`->` is the object reference operator. Google "php oop" for details. — Alex Howansky, Aug 26 '17 at 16:22

score 0 · Answer 1 · answered Aug 26 '17 at 16:09

0

you cannot check isset in variable. instead do like this

if ($date_awal == "" || $date_akhir == "" || $sloc == "" || $sloc1 == "" ||  $kode == "" || $kode1 == "" || $type == "" ){

}else{

}

answered Aug 26 '17 at 16:09

Anil Shrestha

1,180
11
16

i have try your code. and the code in my else function not working. – Rob Sutan Aug 26 '17 at 16:13
then your one of the variable is empty – Anil Shrestha Aug 26 '17 at 16:15
i think you want to do && instead of || – Anil Shrestha Aug 26 '17 at 16:15

score 0 · Answer 2 · answered Aug 26 '17 at 16:16

isset() returns a boolean, but you're comparing it to a string, so this doesn't make much sense:

if (isset($date_awal) == "") { ... }

It should be used like this:

if (isset($date_awal)) { ... }

However, you probably want to use empty() instead of isset(). If a variable exists and contains an empty string, isset() will still return true, which probably isn't what you want. You probably want this:

if (!empty($date_awal) || !empty(...) || !empty(...) ... ) {
}

Note:

$foo = '';
var_dump(isset($foo));
var_dump(empty($foo));

Outputs:

bool(true)
bool(true)

score 0 · Accepted Answer · answered Aug 26 '17 at 16:22

0

If you want to add where clause only when there is some value in variable $date_awal (ie $_POST['date_start'] ) then I would say to check it in if condition & other part should go in else part.. Also you can keep the mysqli_query & while loop outside the ifelse condition as those parts are same in both cases.

$rows = array();

if( date_awal != '' ){
 $sql = "SELECT * FROM wjm WHERE date='$date_awal' order by kode asc ";
}else{
$sql = "SELECT * FROM wjm ORDER by no asc";
}

$query = mysqli_query($db,$sql);

while($tmp= mysqli_fetch_assoc($query)) {
    $rows[] = $tmp;
}

echo json_encode($rows);

answered Aug 26 '17 at 16:22

AJM

119
3

nice this is that i want. thx AJM btw can you explain it to me? `date_awal != ' '` meaning has a value of `$date_awal` right? – Rob Sutan Aug 26 '17 at 16:34
i have try something like Anil said in the answer but i'm still getting the value of all select – Rob Sutan Aug 26 '17 at 16:34
i want to know `date_awal != ' '` function. because i want embed one condition again in there. with `else if ( date_awal != '' && kode !='')` i try it but i can't catch the function in this `else if` – Rob Sutan Aug 26 '17 at 17:03
date_awal is not a function it's your variable name.. I looks the $ got removed.. It should be like: if( $date_awal != '' ) And if you want to add more condition then your condition should work if you add "$" sign before your variables in the line ( date_awal != '' && kode !='') – AJM Aug 26 '17 at 19:02

How to select data with set condition $_POST is empty and has value

3 Answers3