If condition A execute 1 OR if condition B execute 2 return not as expected

Question

status stored has value 'LET, SALE, LET/SALE'

My php code does not return as expected, I wish if ($input['status'] = "SALE") will return 'SALE, LET/SALE' but it return only LET/SALE

I have tried to amend the code many ways, but can't work probably

if (!empty($input['status']))

{
{
    if ($input['status'] = "SALE");
    {

    if (is_null($where))
    {
            $where = "WHERE";
    }
    else {
            $where = "AND";
    }

$query .= " $where status LIKE '%".$input['status']."%' AND `selling` <= 
{$input['max_price']}";
    }
}
{

    if ($input['status'] = "LET");
    {

    if (is_null($where))
    {
            $where = "WHERE";
    }
    else {
            $where = "AND";
    }

$query .= " $where status LIKE '%".$input['status']."%' AND `rental` <= 
{$input['max_price']}";
    }
}   

}

I wish to query property LET or SALE at condition max_price. Lets say if query SALE with max 100,000 return results shall include SALE, LET/SALE with max_price less than 100,000

One of the problems is https://stackoverflow.com/questions/2063480/the-3-different-equals . — user202729, Aug 29 '19 at 03:04
aside from the fact that you're using `=` the assignment operator on your if conditions, you're injecting your values directly into the statement which makes it vulnerable to sql injection — Kevin, Aug 29 '19 at 03:31
and you really don't need another nest of `if` inside your filters, just put `WHERE 1=1` on the initial statement, so that you can continually append `AND` in your condition along the filters, less code — Kevin, Aug 29 '19 at 03:32
OK tq @Ghost, will apply prepared statement later, currently the system only few of our team are using. — player, Aug 29 '19 at 04:07
@user202729 thank you, the link you sent is very helpful to me. — player, Aug 30 '19 at 00:49

score 0 · Accepted Answer · answered Aug 29 '19 at 03:05

0

You are assigning a value in your "if" statement. Use == (is equal to) instead of = (equals). What's happening is that it reassigns the value each time and stays at the last choice, which was LET/SALE

Change to:

if ($input['status'] == "SALE");

and do that for all of your "ifs"

answered Aug 29 '19 at 03:05

nomistic

2,902
4
20
36

== works, but only for "SALE". I use exactly same to "LET", it return no records found – player Aug 29 '19 at 04:08
I analyse the results returned, the value with "0" in SALE or LET not called. (The default value for not for sale or not for rent is "0") Meaning if house A is for sale "100,000" and not for rent "0", house B is for sale "100,000" and for rent "1,500" then I call for SALE with max_price 100,000, the result return only house B. – player Aug 29 '19 at 06:43
this is not your only problem in your code. why are you nesting your if statement inside many { } brackets? You have extra unnecessary ones - clean it up. also, your second if statement (for LET) appears to be by itself? instead of `if ($input['status'] == "LET");` just use `else`. If there's a third level (which we don't see), then use else if. – nomistic Aug 29 '19 at 17:38
btw, you are also highly vulnerable to sql injection here. You should not be including your variables directly in your query. bind them and prepare them first. – nomistic Aug 29 '19 at 17:40
what do you mean "if statement (for LET) appears to be by itself ?" – player Aug 30 '19 at 00:50
if (!empty($input['status'])) {if ($input['status'] == "SALE"); { if (is_null($where)) {$where = "WHERE"; } else { $where = "AND"; } $query .= " $where status LIKE '%".$input['status']."%' AND selling <= '{$input['max_price']}'"; } else { if (is_null($where)) {$where = "WHERE"; } else { $where = "AND"; } $query .= " $where status LIKE '%".$input['status']."%' AND rental <= '{$input['max_price']}'"; } } – player Aug 30 '19 at 01:10
I remove extra {} brackets and replace if ($input['status'] == "LET"); by else......seems the code dont run and stuck at the "else" link according to the error log – player Aug 30 '19 at 01:12
1

Guys, I have solved the problem...... below is the amended code if (!empty($input['status']) && ($input['status'] == "SALE")) if (!empty($input['status']) && ($input['status'] == "LET")) others remain almost the same... – player Aug 30 '19 at 01:44
Thank you guys and I love you all. Cheers – player Aug 30 '19 at 01:45

If condition A execute 1 OR if condition B execute 2 return not as expected

1 Answers1