0

Alright So I have my database and it can pull off foreign key to associate different players with different groups.

Now, I want to make 2 teams within the group off of data from the column "Golfer_handicap" and split the number of golfers equally, with the closest possible handicaps between the 2 teams (eg. Team 1 avg hadicap = 10.7, Team 2 avg Handicap 10.5). So essentially, I want to pull each golfer, only use them once, and sort them into equal teams.

What I can figure out: I need to sort golfers low value to high value (high value being the worst). I am newer into coding, all self taught, so I'm not sure how to sort SQL data yet. Here is my SQL to pull the data in general:

$sql = "SELECT golfer_name, golfer_handicap, golfer_ghin FROM golfers WHERE trip_name_table_ID = '$userid'";
$result = $mysqli->query($sql);

I'm thinking I may also have to use an AVG call too? I used it in a different capacity, which was to call the average handicap of all golfers in the group, and that worked great:

$sql2 = "SELECT CAST(AVG(golfer_handicap) AS DECIMAL (3,1)) AS handicap FROM golfers WHERE trip_name_table_ID = '$userid'";
$result2 = $mysqli->query($sql2);
$average = mysqli_fetch_array($result2);

Any help is great. Looking to use PHP to echo the results. Thanks

Note: I know about the SQL injections risk. When the time comes, before setting the site anywhere close to live, I will address that. This is to figure out how to answer the question I asked above. NOT about security.

Mike Dietrich
  • 15
  • 5
  • **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) – Dharman Dec 15 '20 at 22:19
  • @dharman I'm trying to figure out the basics first, then will go back and secure. Like i said in my post, I am self taught, and I know about the SQL injections. It's not a live site yet, and I will get that squared away when the time comes. For now, I am trying to understand how to do what is asked above. – Mike Dietrich Dec 15 '20 at 22:28
  • But you need to delete this code anyway. Why not start by doing it properly in the first place? Please note that a lot of problems are caused by not using parameter binding. – Dharman Dec 15 '20 at 22:29

0 Answers0