0

How can i reduce this code: this code was writing to sum tow record retrieved from sqlite table:

<?php
if (isset($_POST['rname'])) {
    $rname = $_POST['rname'];
    $query = "SELECT SUM(bill) AS totalSum FROM w_daily WHERE name='$rname'";
    $result = $db -> query($query);
    $row = $result->fetchArray();
    $totalSum = $row['totalSum'];
}
if (isset($_POST['rname']) && $totalSum ) {
    $rname = $_POST['rname'];
    $query = "SELECT SUM(bill) AS paidSum FROM w_paid WHERE name='$rname'";
    $result = $db -> query($query);
    $row = $result->fetchArray();
    $paidSum = $row['paidSum'];
    echo $totalSum - $paidSum;
}
?>
Barmar
  • 741,623
  • 53
  • 500
  • 612
gfares
  • 11
  • 5

3 Answers3

1

Use a nested if to test totalSum().

<?php
if (isset($_POST['rname'])) {
    $rname = $_POST['rname'];
    $query = "SELECT SUM(bill) AS totalSum FROM w_daily WHERE name='$rname'";
    $result = $db -> query($query);
    $row = $result->fetchArray();
    $totalSum = $row['totalSum'];
    if ($totalSum) {
        $query = "SELECT SUM(bill) AS paidSum FROM w_paid WHERE name='$rname'";
        $result = $db -> query($query);
        $row = $result->fetchArray();
        $paidSum = $row['paidSum'];
        echo $totalSum - $paidSum;
    }
}

You could also use a single query that joins the tables:

SELECT SUM(bill) AS totalSum, paidSum
FROM w_daily AS d
LEFT JOIN (
    SELECT name, SUM(bill) AS paidSum 
    FROM w_paid 
    WHERE name='$rname'
) AS p ON w.name = p.name
WHERE d.name = '$rname'

BTW, you should learn to use prepared statements to protect against SQL injection. See How can I prevent SQL injection in PHP?

Barmar
  • 741,623
  • 53
  • 500
  • 612
0

Try this:

if (isset($_POST[ 'rname' ])) {
    $rname = $_POST[ 'rname' ];
    $query = "
        SELECT ((SELECT SUM(bill) FROM w_daily WHERE name='$rname')
            - (SELECT SUM(bill) FROM w_paid WHERE name='$rname')) AS diffSum
            ";
    $result = $db->query($query);
    $row = $result->fetchArray();
    $diffSum = $row[ 'diffSum' ];
    echo $diffSum;
}
Pavel Musil
  • 504
  • 2
  • 12
0

you can create a class as utility of your project which gets , sanitizes and returns it's value , so you don't need to repeat your code every time .
for example here is my getParam class that i use , for getting GET & POST parameters .
this class returns an object containing status and parameter value 

class getparam
{

    public static function getParam($name, $method = 'POST', $encodeHTML = 0, $necessary = 1, $escape = 1)
    { 
        $result = (object) [];
        $result->status = 1;
        $method = strtoupper($method);
        $baseModelInstance = new baseModel();
        if ($method == "POST") {
            if (isset($_POST[$name])) {
                if (!is_array($_POST[$name])) {
                    $param = htmlspecialchars($_POST[$name]);
                    $param = stripslashes($param);
                    $param = $encodeHTML == 1 ? htmlentities($param, ENT_HTML5, 'UTF-8') : $param;
                    $param = trim($param);
                    $param = $escape == 1 ? $baseModelInstance->real_escape_string($param) : $param;
                } else {
                    $param = $_POST[$name];
                }
            } elseif ($necessary) {
                $result->status = 0;
                $result->message = "$name has not been setted";
                return $result;
            } else {
                $param = null;
            }
        } elseif ($method == "GET") {
            if (isset($_GET[$name])) {
                if (!is_array($_GET[$name])) {
                    $param = htmlspecialchars($_GET[$name]);
                    $param = stripslashes($param);
                    $param = $encodeHTML == 1 ? htmlentities($param, ENT_HTML5, 'UTF-8') : $param;
                    $param = trim($param);
                    $param = $escape == 1 ? $baseModelInstance->real_escape_string($param) : $param;
                } else {
                    $param = $_GET[$name];
                }
            } elseif ($necessary) {
                $result->status = 0;
                $result->message = "$name has not been setted";
                return $result;
            } else {
                $param = null;
            }
        } else {
            $result->status = 0;
            $result->message = "unknown method !";
            return $result;
        }


        if (is_null($param) && $necessary) {
            $result->status = 0;
            $result->message = "$name is null or empty";
            return $result;
        } else {
            $result->param = $param;
            return $result;
        }
    }
}

you can have your own class and methods base on how you need it

Iman Emadi
  • 421
  • 4
  • 14