0

I have a PHP function with a query to the database.

function display_content($dish_type){
    $con = mysqli_connect("localhost", "root", "", "cookbook");
    
    $sort = isset($_POST["sort"]) ? $sort = $_POST["sort"] : "alphabet";
    $sql = "SELECT * FROM recipes WHERE type = $dish_type ORDER BY name";

    $order_query = "SELECT * FROM recipes WHERE concat(name, description, tags) LIKE '%$data[0]%'".$sqlloop." ".$tag_filter." AND type = $dish_type ORDER BY";

    switch ($sort) {
        case "alphabet":
            $sql = $order_query." name";
        break;

        case "alphabet_rev":
            $sql = $order_query." name DESC";
        break;
        
        // More...
    }

    $res = mysqli_query($con,$sql);

    while($row = mysqli_fetch_assoc($res)) {
        // Code...
    }

    mysqli_close($con);
}

I want to display the results based on the $dish_type (it's a select in HTML). Selecting a type works fine, the content is displayed on the page as it should. The problem is when I'm trying to display all of the dish types at once. Here is the php for calling the function:

// Display all results <-- the problematic part
function recipe_list_all(){
    ob_start();
    // ???
    $content = ob_get_contents();
    ob_end_clean();

    if(!empty($content)){
        // ???
    }
}

// Display results for "dishes"
function recipe_list_dishes(){
    ob_start();
    display_content(array("snacks", "dishes", "desserts", "other"));
    $content = ob_get_contents();
    ob_end_clean();

    if(!empty($content)){
        display_content("dishes");
    }
}

// Display results for "desserts"
function recipe_list_desserts(){
    ob_start();
    display_content("'desserts'");
    $content = ob_get_contents();
    ob_end_clean();

    if(!empty($content)){
        display_content("'desserts'");
    }
}

// Display results for "snacks"
function recipe_list_snacks(){
    ob_start();
    display_content("'snacks'");
    $content = ob_get_contents();
    ob_end_clean();

    if(!empty($content)){
        display_content("'snacks'");
    }
}

// Display results for "other"
function recipe_list_other(){
    ob_start();
    display_content("'other'");
    $content = ob_get_contents();
    ob_end_clean();

    if(!empty($content)){
        display_content("'other'");
    }
}

$food_type = isset($_POST["food_type"]) ? $food_type = $_POST["food_type"] : "all_types";

switch ($food_type){
    case "all_types":
        recipe_list_all();
    break;
    
    case "dishes":
        recipe_list_dishes();
    break;
        
    case "desserts":
        recipe_list_desserts();
    break;
        
    case "snacks":
        recipe_list_snacks();
    break;
        
    case "other":
        recipe_list_other();
    break;
}

I can't do something like this:

function recipe_list_all(){
    ob_start();
    recipe_list_dishes();
    recipe_list_desserts();
    recipe_list_snacks();
    recipe_list_other();
    $content = ob_get_contents();
    ob_end_clean();

    if(!empty($content)){
        recipe_list_dishes();
        recipe_list_desserts();
        recipe_list_snacks();
        recipe_list_other();
    }
}

because it will display the results separated. I have a sorting system, so the results will be sorted (for example) alphabetically a-z for dishes, then a-z for desserts, etc. I want to mix the results. How can I do that?

Astw41
  • 394
  • 3
  • 12
  • **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/32391315) – Dharman Dec 23 '22 at 20:17
  • What do you mean by "mixing up the results"? Doesn't it only get the results from list_other when you are requesting `$content = ob_get_contents()` in `function recipe_list_all()`? – Skip Dec 23 '22 at 22:35

0 Answers0