0

I am using PHP to connect to a MySql DB that is getting the whole database and the table rows look like this insert into users (id, first_name, last_name, email, country) values (1, 'Imojean', 'Nunnery', 'inunnery0@webeden.co.uk', 'Sweden'); and I want to only get the rows that have certain countries. I only want to grab the rows that have "United States", "Japan", "France", etc... How do I go about doing that? This is how I am connecting to my DB and bringing it in via PHP while using Vue JS on the front end.

PHP

<?php

$host = "localhost";
$user = "root";
$password = "root";
$dbname = "someDB";

$con = mysqli_connect($host, $user, $password,$dbname);

if (!$con) {
    die("Connection failed: " . mysqli_connect_error());
}

<?php

include "config.php";

$condition  = "1";
if(isset($_GET['userid'])){
    $userid = mysqli_real_escape_string($con,trim($_GET['userid']));
    $condition  = " id=".mysqli_real_escape_string($con,$_GET['userid']);
}
$userData = mysqli_query($con,"select * from users WHERE ".$condition );

$response = array();

while($row = mysqli_fetch_assoc($userData)){
    $response[] = $row;
}

echo json_encode($response);
exit;

HTML/Vue

 <script>
    var app = new Vue({
      el: '#app',
      data: {
        users: "",
        userid: 0
      },
      methods: {
        allRecords: function(){
          
          axios.get('config.php')
          .then(function (response) {
              app.users = response.data;
          })
          .catch(function (error) {
              console.log(error);
          });
        },
        recordByID: function(){
          if(this.userid > 0){
            
            axios.get('config.php', {
                params: {
                    userid: this.userid
                }
            })
              .then(function (response) {
                app.users = response.data;
              })
              .catch(function (error) {
                console.log(error);
              });
          }
          
        }
      }
    });
  </script>
ADyson
  • 57,178
  • 14
  • 51
  • 63
Justin
  • 416
  • 3
  • 9
  • 26
  • 2
    **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/32391315) – Dharman Jun 07 '23 at 22:54
  • 1
    `SELECT * FROM users WHERE country IN ('France', 'United States', 'Japan')` – ADyson Jun 07 '23 at 22:55
  • 1
    @Dharman Thank you for the security notes and ADyson that was exactly what I needed. Thank you. – Justin Jun 07 '23 at 23:24

0 Answers0