-1

I have an over time sheet that gets printed when there is over time from an employee. The overtime format goes like "B.Eng." And then the name of the employee. Now I need it to check the name of the employee (or id) to print either "B.Eng." Or "MR.", This because there is an employee (just one) that does not have a degree. I would think the answer would be an IF condition.

Here is my code:

 $db = mysql_select_db ("over_time");
 $strqry = "SELECT emp_name FROM contr_acces where id_emp='".$vp_idemp."';"; 
 $qry2 = mysql_query ($strqry);
 $row2 = mysql_fetch_object ($qry2);
 $vl_emp_name= "B.Eng. ".$row2->emp_name;
 print $vl_emp_name;
GrumpyCrouton
  • 8,486
  • 7
  • 32
  • 71
Therealguma
  • 5
  • 2
  • How do you know he has or has not a degree? – ARR Sep 27 '18 at 16:10
  • 3
    you are using mysql_* api that has been deprecated several years ago and has been discontinued a couple of years ago. Also your code is widely open to sql injectins. You should switch to mysqli_* or pdo and use prepared statements – Lelio Faieta Sep 27 '18 at 16:15
  • 1
    [Little Bobby](http://bobby-tables.com/) says [you may be at risk for SQL Injection Attacks](https://stackoverflow.com/q/60174/). Learn about [Prepared Statements](https://en.wikipedia.org/wiki/Prepared_statement) with [parameterized queries](https://stackoverflow.com/a/4712113/5827005). I recommend PDO, which [I wrote a class for](https://github.com/GrumpyCrouton/GrumpyPDO) to make it extremely easy, clean, and more secure than using non-parameterized queries. – GrumpyCrouton Sep 27 '18 at 16:16
  • Where does `$vp_idemp` come from? – Zoe Edwards Sep 27 '18 at 16:16
  • Usually they all have this degree, that's why the code always showed so, but now there's one employee that does not have a degree so in can not come out as "B.Eng. ", it must come out as "MR. " i thought i can identify him using an IF condition with his emp_name or id_emp, something like if (emp_name = "John Smith"){ $vl_emp_name= "MR. ".$row2->emp_name; print $vl_emp_name; } else {$vl_emp_name= "B.Eng.".$row2->emp_name; print $vl_emp_name;} ?> – Therealguma Sep 27 '18 at 16:20
  • I know this code is old, it has been used for several years now, my intention is not really to change the hole coding but just to make this adjustment... but ai am a little confused with what would i need for this, i thought an IF condition but i am not sure. – Therealguma Sep 27 '18 at 16:28

1 Answers1

0

you can do something like this

 $db = mysql_select_db ("over_time");
 $strqry = "SELECT emp_name FROM contr_acces where id_emp='".$vp_idemp."';"; 
 $qry2 = mysql_query ($strqry);
 $row2 = mysql_fetch_object ($qry2);
 $vl_emp_name= $row2->emp_name;
 if($vl_emp_name == 'name_without_the_degree){
    $vl_emp_name= "Mr. ".$vl_emp_name;
 }else{
    $vl_emp_name= "B.Eng ".$vl_emp_name;
 }
 print $vl_emp_name;

It is not the best solution since you are hardcoding the condition but without knowing more about the db structure is not possible to give you a better solution. The most efficient one would be to add a field to the db with the degree type for the users and retrieve it together with the name.

See my comment under your question for the api used and the sql injection risk that this soultion doesn't address

Lelio Faieta
  • 6,457
  • 7
  • 40
  • 74
  • I understand, i thought of that, to add a field with the degree and display it before the name, i wanted to know if there was another solution, i ended up changing the name in the name field (putting their degree before their name) with a CONCAT in the dababase... – Therealguma Sep 27 '18 at 16:51
  • this code answer yout request of how to parametrize the echo from the db. If you solved it in a different way it's ok too. If this solves your question please consider accepting the answer – Lelio Faieta Sep 27 '18 at 16:53
  • I see what you did there my friend, and it is the answer i was looking for (althought i know is not best option for what you told me) but it is the best answer for me at this point. Thank you very much for taking the time to explain this to me, i keep learning everyday from you guys. – Therealguma Sep 27 '18 at 17:18