0

I have a search query that returns a results page that works great, if it receives data from the form. But if a user goes directly to the results page (they bookmarked the page) I want them to see all the results. The search is by day of the week and area . Can I default the day to the current day date("l") and the Area variable to Entire City? Code is below:

require("dbinfo.php");

$Area=$_POST['Area'];
$Day=$_POST['Day'];
$ID=$_POST['ID'];


include("History.php");
$con = mysql_connect('localhost', $username, $password );
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
$db_selected = mysql_select_db($database, $con);
if (!$db_selected) {
die ('Can\'t use DB : ' . mysql_error());
}
$sql = "SELECT 
`ID`,`Name`,`Address`,`".$Day."`,`Area`,`PhoneNumber`,`logo`,`Website` FROM 
`JaxPlaces` WHERE (Area = '".$Area."' OR '".$Area."' = 'Entire City') and 
Status = 'active' and ".$Day." NOT LIKE 'NULL' ORDER BY Name;";
$result = mysql_query($sql);
if(!$result)
{

 }
Joseph Byrns
  • 1
  • You can default it to anything you wish. Just use a ternary if the POST is set or not. – IncredibleHat Jul 24 '18 at 15:45
  • Cookies comes to mind. – Funk Forty Niner Jul 24 '18 at 15:45
  • 1
    There is **no more support** for ``mysql_*`` functions, they are [**officially deprecated**](https://wiki.php.net/rfc/mysql_deprecation), **no longer maintained** and [**removed**](http://php.net/manual/en/function.mysql-connect.php#warning) in PHP 7.0.0. You should update your code with [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli) to ensure the functionality of your project in the future. – IncredibleHat Jul 24 '18 at 15:45
  • 1
    Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/). Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) instead. – IncredibleHat Jul 24 '18 at 15:46
  • All I really want to do is set $Day to date("l") and $Area to "Entire City" if you load the page without the form. But still have the page work if those variables are received from the form. I am very new to PHP I am also working on converting to MySQLi once I solve this issue. – Joseph Byrns Jul 24 '18 at 16:03

1 Answers1

1

Use the null-coalescing operator in PHP7+

$Area = $_POST['Area'] ?? 'City';
$Day = $_POST['Day'] ?? date("l");

Use a ternary operator in PHP5:

$Area = isset($_POST['Area']) ? $_POST['Area'] : 'City';
$Day = isset($_POST['Day']) ? $_POST['Day'] : date("l");
Devon Bessemer
  • 34,461
  • 9
  • 69
  • 95
  • *Hm....* not too sure about that. Read the question again. It took me a few times to understand what they want to do; I suggested cookies. – Funk Forty Niner Jul 24 '18 at 15:46
  • 1
    Side note: If you see a downvote, it would not have come from me. Just saying. – Funk Forty Niner Jul 24 '18 at 15:46
  • Yeah, I think this is ok. Seems like if it's a get request, they want to have default values, but if it's a post request, they want to use the submitted values. – Devon Bessemer Jul 24 '18 at 15:47
  • I dunno @FunkFortyNiner ... I re-read it a few times, and it sounds like he wants defaults if they just go straight to the page (cause passing in empty POST args is giving him something he doesn't want).... maybe I'm over-reading it. – IncredibleHat Jul 24 '18 at 15:48
  • 1
    @IncredibleHat The question's a bit too unclear/broad I feel. Defaults with ternary may very well work; sessions/cookies comes to mind also. – Funk Forty Niner Jul 24 '18 at 15:49
  • IncrediibleHat that is exactly what I am looking for ! I re-read it a few times, and it sounds like he wants defaults if they just go straight to the page (cause passing in empty POST args is giving him something he doesn't want). – Joseph Byrns Jul 24 '18 at 16:10
  • @JosephByrns so did my solution work for you? – Devon Bessemer Jul 24 '18 at 16:10
  • No @Devon it didn't work – Joseph Byrns Jul 24 '18 at 16:12
  • @JosephByrns why not? It should do exactly what you asked. You'll have to be more descriptive about why it didn't work. – Devon Bessemer Jul 24 '18 at 16:39
  • It gives me the no result option -- $result = mysqli_query($sql); if(!$result) { die('OppS - Please Select a Day and an Area'.mysqli_error()); } – Joseph Byrns Jul 24 '18 at 17:24