8 Replies - 10093 Views - Last Post: 29 September 2011 - 09:26 AM Rate Topic: -----

#1 dbeaird727  Icon User is offline

  • D.I.C Head

Reputation: -2
  • View blog
  • Posts: 238
  • Joined: 13-December 10

using $_SESSION variable to help query database?

Posted 28 September 2011 - 11:28 PM

Let's say that I have an options menu and a "results" area that acts as a sort of search system on my page. The options menu contains two fields which consist of "location" and "type". (the location field lets the user select location by state(alabama, alaska, arkansas, etc..) and the type field lets the user select what type(police officer, firefighter, paramedic, etc..) and when these are selected it queries the database to display the correct results. The code that I have seems like it will work I am just asking if this is correct and for advice on making this work correctly :)

<?php
$currentType= $_SESSION['type'];  //corresponds to "name=type" in optionsMenu
$query= SELECT * FROM `db_table` WHERE `type` = "$currentType";
$result= mysql_query($query);
echo $result;

$currentLocation= $_SESSION['location'];  //corresponds to "name=location" in optionsMenu
$query= SELECT * FROM `db_table` WHERE `location` = "$currentLocation";
$result= mysql_query($query);
echo $result;
?>



Is This A Good Question/Topic? 0
  • +

Replies To: using $_SESSION variable to help query database?

#2 Dormilich  Icon User is offline

  • 痛覚残留
  • member icon

Reputation: 3530
  • View blog
  • Posts: 10,179
  • Joined: 08-June 10

Re: using $_SESSION variable to help query database?

Posted 28 September 2011 - 11:46 PM

your SQL should be a string, otherwise you’re in for quite a lot of parse errors.
Was This Post Helpful? 0
  • +
  • -

#3 dbeaird727  Icon User is offline

  • D.I.C Head

Reputation: -2
  • View blog
  • Posts: 238
  • Joined: 13-December 10

Re: using $_SESSION variable to help query database?

Posted 29 September 2011 - 06:13 AM

How exactly would I take the SQL I have and format it into a string?
Was This Post Helpful? 0
  • +
  • -

#4 CTphpnwb  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 2959
  • View blog
  • Posts: 10,183
  • Joined: 08-August 08

Re: using $_SESSION variable to help query database?

Posted 29 September 2011 - 06:25 AM

By putting it in quotes:

$query= 'SELECT * FROM `db_table` WHERE `type` = "'.$currentType.'"';



BTW, session variables can hold objects and arrays so you should only need one variable. You should also use prepared statements to avoid getting hacked.
Was This Post Helpful? 0
  • +
  • -

#5 dbeaird727  Icon User is offline

  • D.I.C Head

Reputation: -2
  • View blog
  • Posts: 238
  • Joined: 13-December 10

Re: using $_SESSION variable to help query database?

Posted 29 September 2011 - 06:36 AM

How would I translate this into a prepared statement? And An array would be easier! Thank you!
Was This Post Helpful? 0
  • +
  • -

#6 Dormilich  Icon User is offline

  • 痛覚残留
  • member icon

Reputation: 3530
  • View blog
  • Posts: 10,179
  • Joined: 08-June 10

Re: using $_SESSION variable to help query database?

Posted 29 September 2011 - 07:20 AM

the same SQL as Prepared Statement:
$query= 'SELECT * FROM `db_table` WHERE `type` = ?';

though the PHP code will have to adopt to it (usually by calling the prepare(), bind() and execute() methods of the according database code.

e.g.
// $pdo being the PDO connection object
// create the prepared statement
$ps = $pdo->prepare('SELECT * FROM `db_table` WHERE `type` = ?');
// bind the values
$ps->bindValue(1, $_SESSION['type'], PDO::PARAM_INT); // assuming integer type
// execute prepared statement
$ps->execute();
// fetch data
foreach ($ps as $row)
{
    // do whatever is to be done with the data
}

This post has been edited by Dormilich: 29 September 2011 - 07:22 AM

Was This Post Helpful? 0
  • +
  • -

#7 dbeaird727  Icon User is offline

  • D.I.C Head

Reputation: -2
  • View blog
  • Posts: 238
  • Joined: 13-December 10

Re: using $_SESSION variable to help query database?

Posted 29 September 2011 - 09:03 AM

Im not too familiar with object oriented php by any means.. Is this just any easier way of doing it or is it beneficial in other aspects as well?
Was This Post Helpful? 0
  • +
  • -

#8 CTphpnwb  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 2959
  • View blog
  • Posts: 10,183
  • Joined: 08-August 08

Re: using $_SESSION variable to help query database?

Posted 29 September 2011 - 09:20 AM

Get familiar with them. In the long run they are far easier.
http://www.dreaminco...-your-database/
http://www.dreaminco...duction-to-pdo/
Was This Post Helpful? 0
  • +
  • -

#9 Dormilich  Icon User is offline

  • 痛覚残留
  • member icon

Reputation: 3530
  • View blog
  • Posts: 10,179
  • Joined: 08-June 10

Re: using $_SESSION variable to help query database?

Posted 29 September 2011 - 09:26 AM

there are several features of object oriented programming, which show their advantage mainly when you’re working with code, like
  • data encapsulation (save your data from accidental modification)
  • abstraction (share what is common (behaviour), separate what is different (data). cf. Design Patterns, "object blueprints" (= class definitions))
  • code re-use

Was This Post Helpful? 0
  • +
  • -

Page 1 of 1