PHP query db in switch statement

Question

I am using a switch statement on a $_GET variable to produce the result I want on my page.

I am always questioning the best way to run queries in situations like this because I simply do not know the best practice or method. So I have some pseudo code below and I was wondering what the best method would be.

This very well could be a situation where is just doesn't matter in terms of performance, but if it does I want to make sure I do it right.

if(isset($_GET['type'])){
   $var = $_GET['type'];

  //run the query now and select everything needed from the DB for either switch case. 
  //view implications that involve pulled data
   switch($var){

   case '1':

  //Or do I run the query here, getting only what I need for this situation
  //view implications that involve pulled data
   break;

   case '2':

   //again run the query here, getting only what I need for this situation
   //view implications that involve pulled data

   break;


   }

}

Both cases share one or two similar pieces of data from the DB, but a majority of the content for each case is only needed in that situation.

Bottom line trying to perform the best and keep the code as clean and efficient as possible.

Thanks!

That depends on how your database is setup. If you can inline your query to handle `type` internally, that's great. If not, then you'll have to use separate queries. — Blender, Dec 03 '11 at 04:21
Well basically this is for a widgets page. I have ten different widgets all with ten different attributes. My original plan has been to simply pull the information I need from that table based on my $_GET variable, as determined by the switch statement. Would it be better to separate the data from the single table further into individual tables that could then be accessed through the type variable? I am trying to tackle getting better at PHP and using normalized data all at once...it can be overwhelming. Thanks for the help. — absentx, Dec 03 '11 at 04:32

score 4 · Accepted Answer · edited May 23 '17 at 12:03

4

Of course it will be better to only query for data that is relevant to you. There's no point in tying up the database, transferring more data over the network and then doing more work in PHP to filter out those that do not interest you. So certainly you should not query for "everything".

On the other hand, there's probably no reason to switch either. There has to be a way of rewriting your query such that you can inject the value of a variable into it and, depending on that value, it will return the data you want to in either case. This of course depends also on your database schema.

No matter what you decide to do, be careful to not expose yourself to SQL injection.

edited May 23 '17 at 12:03

Community

1
1

answered Dec 03 '11 at 04:21

Jon

428,835
81
738
806

I've used a switch before to determine which value to search for in the database. It feels like putting the query in the actual `switch` block would create repetitive statements, but I don't see anything wrong with using `switch` statements for validation in certain cases. – Jared Farrish Dec 03 '11 at 04:28
@JaredFarrish: In order to restrict a variable to a set of allowed values, I personally find it better to use an array of the values instead of a `switch`. – Jon Dec 03 '11 at 04:30
That's a good point. If it is not a one-to-one (meaning, more than just a match needs to happen), it just depends on the logic on the match. – Jared Farrish Dec 03 '11 at 04:32
The first book I read on PHP pounded mysqli_real_escape_string into my head, so it is kind of like a seat belt for me, I won't ride in a car without one. With that said, I always need to improve in terms of securing applications. – absentx Dec 03 '11 at 04:41

Pastor Bones · Answer 2 · 2011-12-03T04:30:38.053

3

It's hard to tell without seeing exactly what you're wanting in terms of data from the db, but sometimes I build a sql statement using if...then or switch and then execute the completed query.

$sql = 'SELECT * FROM myTable WHERE ';
switch($_GET['type']){
  case 1:
    $sql += 'somefield="' . mysql_real_escape_string($_GET['param1']) . '"';
  break;
  default:
  break; 
}

edited Dec 03 '11 at 04:30

answered Dec 03 '11 at 04:24

Pastor Bones

7,183
3
36
56

Danger, Will Robinson! SQL injection! – Jon Dec 03 '11 at 04:26
2

Make sure to clean that SQL query, or *someone* will pwn your webapp. – Blender Dec 03 '11 at 04:26
sorry, sometimes I get so excited writing examples I forget the most important things!!! (edited to escape data) – Pastor Bones Dec 03 '11 at 04:31
That's still not correct; there are no quotes around the escaped value. – Jon Dec 03 '11 at 04:31
@Jon - what would I do without you (Besides an extra 10 minutes of debugging) :P – Pastor Bones Dec 03 '11 at 04:34

score 1 · Answer 3 · answered Dec 03 '11 at 04:23

1

Of course, querying inside switch statement is better than querying before it.

It will cause less memory to be used in storing the query result, and perhaps less code to be executed (for example if you are iterating the query result).

answered Dec 03 '11 at 04:23

Tamer Shlash

9,314
5
44
82

PHP query db in switch statement

3 Answers3