Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- // 1. read the request string values
- $category = $_REQUEST['category'];
- $location = $_REQUEST['location'];
- // 2. validate them
- // 3. build the basic query
- $query = 'SELECT * FROM TABLE';
- // 4. dynamic query parameters
- $categoryAdded = FALSE;
- $locationAdded = FALSE;
- if (!empty($category))
- {
- $query .= ' WHERE category = :category';
- $categoryAdded = TRUE;
- }
- if (!empty($location))
- {
- if ($categoryAdded)
- {
- $query .= ' AND';
- }
- else
- {
- $query .= ' WHERE';
- }
- $query .= ' WHERE location = :location';
- $locationAdded = TRUE;
- }
- $stmt= $db->prepare($query);
- if ($categoryAdded)
- {
- $db->bindValue(':category', $category, PDO::PARAM_STR);
- }
- if ($locationAdded)
- {
- $db->bindValue(':location', $location, PDO::PARAM_STR);
- }
- // then execute the query and do the rest.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement