The question title can be very vague but I didnt know what exactly to write so lets get to the point
I have a script that pull data from a Vicidial database to display it TV screen
Now it basically works well when there is only one Server involved cause it has only one Extension to handle, but the thing gets more complicated when there are two extensions. Better I show you the code :
$start_time = time();
$data = array();
$sql = "SELECT
extension,
vicidial_live_agents.user,
conf_exten,
vicidial_live_agents.status,
vicidial_live_agents.server_ip,
UNIX_TIMESTAMP(last_call_time) as last_call_time,
UNIX_TIMESTAMP(last_call_finish) as last_call_finish,
call_server_ip,
vicidial_live_agents.campaign_id,
vicidial_users.user_group,
vicidial_users.full_name,
vicidial_live_agents.comments,
vicidial_live_agents.calls_today,
vicidial_live_agents.callerid,
lead_id,
UNIX_TIMESTAMP(last_state_change) as last_state_change,
on_hook_agent,
ring_callerid,
agent_log_id
FROM
vicidial_live_agents,
vicidial_users
WHERE
vicidial_live_agents.user = vicidial_users.user";
$db = new mysqli("192.168.X.X", "cron", "XXXXXX", "asterisk");
$result = $db->query($sql);
$sql2 = "select callerid,lead_id,phone_number from vicidial_auto_calls";
$cidresult = $db->query($sql2);
$callerids = '';
while ($row = $cidresult->fetch_assoc()){
$callerids .= $row['callerid'] . "|";
}
while ($row = $result->fetch_assoc()){
$status = $row['status'];
if ($row['on_hook_agent'] == 'Y')
$status = 'RING';
// 3-way Check
if ($row['lead_id'] != 0){
$sql = "SELECT UNIX_TIMESTAMP(last_call_time) FROM vicidial_live_agents WHERE lead_id = '" . $db->escape_string($row['lead_id']) . "' AND status = 'INCALL' ORDER BY UNIX_TIMESTAMP(last_call_time) DESC";
$r2 = $db->query($sql);
if (!$r2){
printf("Error: %s\n", $db->error);
} else {
if ($r2->num_rows > 1){
$status = "3-WAY";
}
}
}
$epoch_sec = 0;
if (preg_match("/READY|PAUSED/i", $row['status'])){
$epoch_sec = $row['last_state_change'];
if ($row['lead_id'] > 0){
$status = 'DISPO';
}
} else {
$epoch_sec = $row['last_call_time'];
}
if (preg_match("/INCALL/i", $status)){
$sql4 = "SELECT UNIX_TIMESTAMP(parked_time) AS pt FROM parked_channels WHERE channel_group = '" . $db->escape_string($row['callerid']) . "'";
$q4 = $db->query($sql4);
if ($q4->num_rows > 0){
$status = 'PARK';
$rowP = $q4->fetch_assoc();
$epoch_sec = $rowP['pt'];
} else{
if (!preg_match("/" . $row['callerid'] . "\|/",$callerids)){
$epoch_sec = $row['last_state_change'];
$status = 'DEAD';
}
}
}
switch($status){
case 'DISPO':
$colour = '8e44ad';
break;
case 'QUEUE':
$colour = '9b59b6';
break;
case 'INCALL':
$colour = '3498db';
break;
case 'PARK':
$colour = 'e67e22';
break;
case 'DEAD':
$colour = '004D86';
$status = 'GONE';
break;
case '3-WAY':
$colour = '1abc9c';
break;
case 'RING':
$colour = '16a085';
break;
case 'PAUSED':
$colour = 'c0392b';
break;
case 'CLOSER':
$status = 'READY (C)';
case 'READY':
$colour = '27ae60';
break;
default:
$colour = 'D2BEAA';
break;
}
$data[$row['extension']] = array(
'user' => $row['user'],
'status' => $status,
'conf_exten' => $row['conf_exten'],
'seconds' => ( time() - $epoch_sec ),
'campaign_id' => $row['campaign_id'],
'user_group' => $row['user_group'],
'full_name' => $row['full_name'],
'calls_today' => $row['calls_today'],
'lead_id' => $row['lead_id'],
'colour' => $colour
);
}
Now for example when the Extension is SIP/P023 everything works all right, but since the users can use both extension SIP/P023 and SIP/B023 I need to find a wait that this you have the same output
Screenshot of what i have
Now i need to make a single square with the result of either one of the extension witch is active (they cant ever be active in the same time)
I dont know if i have explained myself but i hope at least
Have you tried the API? here: http://www.vicidial.org/docs/NON-AGENT_API.txt
Look for the agent_status section. That will give you realtime stats of the user. So all you have to do is set your script to refresh that at whatever interval you want. Let me know if you need more help with the api.
Related
My main problem is with that code in which when I click on submit buttons many times, it inserts duplication many times in the database in which I need to avoid that. Please help me to solve this problem. These are the two tables in which I am trying to insert. mat_ans_options_choose and mat_answer.
$val = $this->input->post(null, true);
$val['id'] = $this->input->post('id');
$val['sub_type'] = $this->input->post('sub_type');
$val['timeout'] = $this->input->post('timeout');
$val['level'] = $this->input->post('level');
$val['mat_category'] = $this->input->post('mat_category');
$option = $val['option'] = $this->input->post('option');
$type = $this->input->post('type');
$marks = [];
$uid = $this->session->userdata('id');
if (isset($val['id']) && isset($option)) {
$query = $this->db->query("SELECT * FROM mat_ans_options WHERE deleted=0 AND active=1 AND question=" . $val['id']);
$result = $query->result_array();
if ($query->num_rows() > 0) {
$count1 = 1;
foreach ($result as $res) {
if ($res['marks'] == 1) {
break;
} else {
$count1++;
}
}
}
// MAT answers options choose
$query1 = $this->db->query("SELECT * FROM mat_ans_options_choose WHERE deleted=0 AND active=1 AND uid=$uid AND q=" . $val['id']);
$result1 = $query1->result_array();
if ($query1->num_rows() > 0) {} else {
$data1 = [
'uid' => $uid,
'q' => $val['id'],
'option_chose' => $option,
'createdon' => $this->general_model->server_time(),
];
$this->db->insert('mat_ans_options_choose', $data1);
}
if ($count1 == $option) {
$marks = 1;
} else {
$marks = 0;
}
// if($marks==1 || $marks==0)
// {
// MAT answers
$query2 = $this->db->query("SELECT * FROM mat_answers WHERE deleted=0 AND active=1 AND uid=$uid AND q=" . $val['id'] . " AND type=" . $type . " AND sub_type=" . $val['sub_type'] . " AND level=" . $val['level']);
$result2 = $query2->result_array();
if ($query2->num_rows() > 0) {} else {
$data = [
'uid' => $uid,
'q' => $val['id'],
'type' => $type,
'level' => $val['level'],
'sub_type' => $val['sub_type'],
'mat_category' => $val['mat_category'],
'marks' => $marks,
'timeoutstatus' => $val['timeout'],
'createdon' => $this->general_model->server_time(),
];
$this->db->insert('mat_answers', $data);
}
// }
return 1;
} else {
return 0;
}
Use JS in which you disable the button after first click - it will work no matter if you are using AJAX or not.
You can use JS/jQuery to limit the number of requests made on the client side. For example by disabling the button on submit:
$("#my-button").prop("disabled", true);
But if the data is sensitive for duplicates (orders, user registration etc) you should make the request limit server side with PHP. You can achieve this by adding a unique index to the tables, either on user id or on a unique token that is submitted with the html form.
Create UNIQUE index in database for uid and q. The database will not insert same question's id from same user's id mulitple times.
I was not having any luck with searching so if this is a duplicate please let me know rather than downvoting.
I have a script for a game server that fills a database with the character data (name, level, userid and character type).
Rather than deleting the whole sql table each time and recreating it, I have it perform a check on the character data in the table and compare and only update whats different. it all works nicely.
However, A certain few character names are causing issues.
[09-Sep-2017 02:16:34 America/New_York] PHP Notice: Undefined index: 1OO4 in C:\Scripts\charlist.php on line 56
[09-Sep-2017 02:16:34 America/New_York] PHP Notice: Undefined index: 1zxx in C:\Scripts\charlist.php on line 56
That is this part of the script:
if ($current[$charName] !== $level) {
Where $current is an array of all the characters already in the database, I have it populate the array as Name => Level
The characters are in the database but they are not updating due to the error its throwing (as seen above) I tried wrapping $charName in "" but it did not work.
If anyone can provide advice it would be greatly appreciated.
entire script for reference, can see where i've fixed it in here.
<?php
$ClanServer = "";
$SodServer = '';
$UID = "";
$PWD = "";
$file = 'C:\account.txt';
$errlog = ini_get('php_errors');
$ConnInfo = array("UID"=>"$UID", "PWD"=>"$PWD", "CharacterSet" => "UTF-8");
$ClanConn = sqlsrv_connect($ClanServer, $ConnInfo);
$SodConn = sqlsrv_connect($SodServer, $ConnInfo);
if (!$SodConn) {
die('Connection Failed!');
} else {
echo "Connection Successful!<br />".PHP_EOL;
$query = "SELECT * FROM soddb.dbo.levellist";
$result = sqlsrv_query($SodConn, $query, array(), array('Scrollable' => 'buffered'));
$current = array();
$files = array();
while ($row = sqlsrv_fetch_array($result)) {
$name = $row['CharName'];
$current["'".$name."'"] = $row['CharLevel'];
}
$rootDir = realpath('C:/PT-Server/DataServer/userdata/');
$objects = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($rootDir), RecursiveIteratorIterator::SELF_FIRST);
foreach($objects as $name => $object){
if (substr($name, -4) == '.dat') {
$fOpen = fopen($name, "r");
$fRead = fread($fOpen,filesize($name));
/* details */
$charLevel = substr($fRead,0xc8,1);
$charClass = substr($fRead,0xc4,1);
$charName = trim(substr($fRead,0x10,16),"\x00");
$charID = trim(substr($fRead,0x2d0,16),"\x00");
$level = ord($charLevel);
#fclose($fOpen);
$files[] = $charName;
if ($charName == "")
{
unlink($name); // Delete char file with no name...
}
switch (ord($charClass)){
case 1: $class = 'Fighter'; break;
case 2: $class = 'Mechanician'; break;
case 3: $class = 'Archer'; break;
case 4: $class = 'Pikeman'; break;
case 5: $class = 'Atalanta'; break;
case 6: $class = 'Knight'; break;
case 7: $class = 'Magician'; break;
case 8: $class = 'Priestess'; break;
case 9: $class = 'Assassin'; break;
case 10: $class = 'Shaman'; break;
}
if (in_array("'".$charName."'",array_keys($current))) {
if ($current["'".$charName."'"] !== $level) {
$dbentry = "UPDATE soddb.dbo.levellist SET CharLevel='$level',CharClass='$class' WHERE CharName='$charName'";
$clanupdate = "UPDATE clandb.dbo.ul SET ChLv='$level' WHERE ChName='$charName'";
$enter = sqlsrv_query($SodConn, $dbentry);
sqlsrv_query($ClanConn, $clanupdate);
if ($enter) {
echo "Update $charName, $level successful!<br />".PHP_EOL;
}
}
} else {
$dbentry = "INSERT INTO soddb.dbo.Levellist ([ID], [CharName], [CharClass], [CharLevel]) VALUES ('$charID', '$charName', '$class', '$level') ";
$clanupdate = "UPDATE clandb.dbo.ul SET ChLv='$level' WHERE ChName='$charName'";
$enter = sqlsrv_query($SodConn, $dbentry);
sqlsrv_query($ClanConn, $clanupdate);
if ($enter) {
echo "Insert $charName, $level successful!<br />".PHP_EOL;
}
}
}
}
/* Remove deleted characters */
foreach ($current as $k => $v) {
if (!in_array($k, $files)) {
$query = "DELETE FROM soddb.dbo.levellist WHERE CharName='$k'";
sqlsrv_query($SodConn, $query);
}
}
sqlsrv_close($ClanConn);
sqlsrv_close($SodConn);
}
?>
I've worked it out,
where I push the names to the array ($current[$name] = $level;)
I encapsulated that with '' which treats its as a string number a number (where the name was starting with a number)
so its now $current["'".$name."'"] = $level; and i did the same further down
if (in_array("'".$charName."'",array_keys($current))) {
if ($current["'".$charName."'"] !== $level) {
do stuff
}
}
I've now run the script about 15 times to test and its not giving the issue at all.
i am very new to code igniter /php .
Before i was using randomly generated invoice number like
$invoice_no = rand(9999,9999999999);
But now i wanted to increment invoice number and add current year as a prefix to it . But somewhere i am doing wrong as this code failed execute . Can some one point me in the right direction .
My model is ...
function insertInvoice($data)
{
$this->db->trans_begin();
$invoice = array();
if(!empty($data['client_id']))
{
$invoice['invoice_client_id'] = $data['client_id'];
}else{
$client_data = array(
'client_name' => $data['customername'],
'client_address1' => $data['address1']
);
$this->db->insert('client_details', $client_data);
$insert_id = $this->db->insert_id();
$invoice['invoice_client_id'] = $insert_id;
}
$query = $this->db->query("SELECT * FROM invoice ORDER BY invoice_id DESC LIMIT 1");
$result = $query->result_array(0);
$result ++;
$curYear = date('Y');
$invoice_no = $curYear . '-' .$result;
$invoice['invoice_no'] = $invoice_no;
$invoice['invoice_subtotal'] = $data['subTotal'];
$invoice['invoice_tax'] = $data['tax'];
$invoice['invoice_tax_amount'] = $data['taxAmount'];
$invoice['invoice_total'] = $data['totalAftertax'];
$invoice['invoice_total_extra'] = $data['totalextra'];
$invoice['invoice_rent'] = $data['rent'];
$invoice['invoice_paid'] = $data['amountPaid'];
$invoice['invoice_due'] = $data['amountDue'];
$invoice['invoice_desc'] = $data['notes'];
$invoice['invoice_items_count'] = $data['item_count'];
$invoice['invoice_extra_count'] = $data['extra_count'];
$invoice['invoice_miscellaneous'] = $data['miscellaneous'];
$this->db->insert('invoice', $invoice);
$i=1;
do {
$items = array(
'invoice_no' => $invoice_no,
'item_name' => $data['invoice']['product_name'][$i],
'item_price' => $data['invoice']['product_price'][$i],
'item_qty' => $data['invoice']['product_qty'][$i],
'item_total' => $data['invoice']['total'][$i],
'item_noof_crate_wait' => $data['invoice']['noof_crate_wait'][$i],
'item_crate_wait' => $data['invoice']['crate_wait'][$i],
'item_choot' => $data['invoice']['choot'][$i],
'item_net_quantity' => $data['invoice']['net_qty'][$i]
);
$this->db->insert('invoice_items',$items);
$i++;
} while($i<$data['item_count']);
$j=1;
do {
$extraitems = array(
'invoice_no' => $invoice_no,
'extra_item_name' => $data['extra']['name'][$j],
'extra_item_qunatity' => $data['extra']['qty'][$j],
'extra_item_price' => $data['extra']['price'][$j],
'extra_item_total' => $data['extra']['total'][$j]
);
$this->db->insert('extra_items',$extraitems);
$j++;
} while($j<$data['extra_count']);
if ($this->db->trans_status() === FALSE)
{
$this->db->trans_rollback();
return FALSE;
}
else
{
$this->db->trans_commit();
return TRUE;
}
}
invoice_id is primary key in DB .
You're attempting to increment the result array but what you really need is to acquire and increment a field value.
//you only need one field so ask only for that
$query = $this->db->query("SELECT invoice_id FROM invoice ORDER BY invoice_id DESC LIMIT 1");
//you really should check to make sure $query is set
// before trying to get a value from it.
//You can add that yourself
//Asked for only one row, so only retrieve one row -> and its contents
$result = $query->row()->invoice_id;
$result ++;
...
I'm guessing you're getting an "Object conversion to String error" on line $invoice_no = $curYear . '-' .$result;
Since $result contains an object and you're using it as a string. Print the $result variable to check how to use the data assigned to it.
I'm having an issue preparing a SQL statement:
$statement = $conexion->prepare(
'SELECT * FROM celulares
WHERE (MARCA = :marca )
AND
(CATEGORIA = :categoria1 OR CATEGORIA = :categoria2 OR CATEGORIA = :categoria3)
AND
(CATEGORIA2 = :categoria1 OR CATEGORIA2 = :categoria2 OR CATEGORIA2= :categoria3)
AND
(CATEGORIA3 = :categoria1 OR CATEGORIA3 = :categoria2 OR CATEGORIA3 = :categoria3)');
Giving placeholders values with this:
$statement->execute(array(':categoria1' => $categoria1,
':categoria2' => $categoria2,
':categoria3' => $categoria3,
':marca' => $query
));
$query value may variate when my application begins depending on some results:
if ($entrada == "LG") {
if ($query == "") {
$query = "LG";
} else {
$query = $query . ' OR MARCA = "LG" ';
}
}
if ($entrada == "APPLE") {
if ($query == "") {
$query = "APPLE";
} else {
$query = $query . ' OR MARCA = "APPLE" ';
}
}
if ($entrada == "HUAWEI") {
if ($query == "") {
$query = "HUAWEI";
} else {
$query = $query . ' OR MARCA = "HUAWEI" ';
}
}
I tried a lot of things, but none of those worked out it returns an empty array, the only one who works was changing this line of my prepared statement:
WHERE (MARCA = :marca OR MARCA = :marca2 OR MARCA = :marca3 )
And as many "MARCA" as results, i think it's not the best way to do it
UPDATED:
Now trying with IN Statement in my Query (Thanks you all for helping me)
Now it looks like:
$marcas = array("LG", "HUAWEI"); (Static values for test)
$inQuery = implode(',', array_fill(0, count($marcas), '?'));
$statement = $conexion->prepare(
'SELECT * FROM celulares
WHERE (MARCA = IN (' . $inQuery . '))
AND
(CATEGORIA = :categoria1 OR CATEGORIA = :categoria2 OR CATEGORIA = :categoria3)
AND
(CATEGORIA2 = :categoria1 OR CATEGORIA2 = :categoria2 OR CATEGORIA2= :categoria3)
AND
(CATEGORIA3 = :categoria1 OR CATEGORIA3 = :categoria2 OR CATEGORIA3 = :categoria3)');
foreach ($marcas as $k => $marca) {
$statement->bindValue(($k+1), $marca);
}
$statement->bindValue(':categoria1', $categoria1);
$statement->bindValue(':categoria2', $categoria2);
$statement->bindValue(':categoria3', $categoria3);
$statement->execute();
Getting: Warning: PDOStatement::execute(): SQLSTATE[HY093]: Invalid parameter number: mixed named and positional parameters
Trying to fix it
You can simplify your query:
SELECT * FROM celulares
WHERE (MARCA = :marca )
AND (:categoria1,:categoria2,:categoria3)
IN (
(CATEGORIA,CATEGORIA2,CATEGORIA3),
(CATEGORIA,CATEGORIA3,CATEGORIA2),
(CATEGORIA2,CATEGORIA,CATEGORIA3),
(CATEGORIA2,CATEGORIA3,CATEGORIA),
(CATEGORIA3,CATEGORIA,CATEGORIA2),
(CATEGORIA3,CATEGORIA2,CATEGORIA)
)
This way you only pass in the categories once, and compare it against the six possible permutations of three categories.
That being said, this is a sign that your database is in very poor shape. Generally speaking having any kind of "column2", "column3" system is a sign that you need to restructure your database - the kind of queries you end up with, like the above, are only going to get worse.
Specifically, in this case, just adding CATEGORIEA4 would increase the amount of permutations you need to define from 6 to 24!!
EDIT: I completely missed the part about :marca and IN - I was too focussed on the bad state of the database with regard to categories, sorry!
Well, i fix it, probably it's not the best way to solve it but i have this now:
I fill array with entries from POST
$query = array();
$index = 0;
foreach ($_POST as $entrada) {
switch($entrada) {
case "SAMSUNG":
$query[] = "SAMSUNG";
break;
case "LG":
$query[] = "LG";
break;
case "APPLE":
$query[] = "APPLE";
break;
case "HUAWEI":
$query[] = "HUAWEI";
break;
}
}
$inQuery = str_repeat('?,', count($query) - 1) . '?';
Here's my new query: Problem was that i was mixing "?" with placeholders (:) which not is recommended
$statement = $conexion->prepare(
"SELECT * FROM celulares
WHERE ( MARCA IN($inQuery))
AND
(CATEGORIA = ? OR CATEGORIA = ? OR CATEGORIA = ?)
AND
(CATEGORIA2 = ? OR CATEGORIA2 = ? OR CATEGORIA2= ?)
AND
(CATEGORIA3 = ? OR CATEGORIA3 = ? OR CATEGORIA3 = ?)");
Then i bindValues like that
$c = 0;
foreach ($query as $q => $queries) {
$c++;
$statement->bindValue(($q+1), $queries);
}
$statement->bindValue($c+1, $categoria1);
$statement->bindValue($c+2, $categoria2);
$statement->bindValue($c+3, $categoria3);
$statement->bindValue($c+4, $categoria1);
$statement->bindValue($c+5, $categoria2);
$statement->bindValue($c+6, $categoria3);
$statement->bindValue($c+7, $categoria1);
$statement->bindValue($c+8, $categoria2);
$statement->bindValue($c+9, $categoria3);
$statement->execute();
$resultados = $statement->fetchAll();
I did many test with a lot of querys and it's working fine, probably it's a "dirty" solution but i'll continue learning
Thanks u all for helping me!
I currently have a php page that grabs information from a database and produces HTML with data attributes that are filled in by from the MySQL query. The database is going to be used to search, with many different options for searches.
What I need help with is knowing a way so to organize how the many variables are handled. It's a really big mess of code, and even with all the comments I put it gives me a headache trying to figure out how to add another variable to the search.
All the variables, except for the LIMIT to which row and how many results, are optional. So if someone leaves everything except that blank, I still want it to function as well as if they meticulously filled in all the fields.
Here's what I have, with 6 variables.
<?php
$product_size = "(".$_GET['size']." BETWEEN productsizeDOWN AND productsizeUP)"; // This code sets the variable to input into the MySQL string based on the URL
$product_size_check = $_GET['size']; // the _checks check are used to see if the value is or isn't empty using if statements below
$manufacturer = $_GET['manufacturer'];
$product_manufacterer_check = $_GET['manufacturer']; // _check
$product_invisible = "(hideproduct = '".$_GET['invisible']."')"; // Checks if product is hidden
$product_invisible_check = $_GET['invisible']; // _check
$product_instock_check = $_GET['instock']; // _check
$product_limit0 = $_GET['startat']; // This is the first number after LIMIT; the row to start in.
$product_limit1 = $_GET['results']; // This is how many results to load.
$manufacturer_array = explode(",", $manufacturer); // The manufacturer comes in as "Nike,Addidas,Rebok" and is turned into an array
$manufacturer_imploded = implode("' OR productmanufacturer = '", $manufacturer_array); // Puts it back together with "OR productmanufacturer =" between each name.
$product_manufacterer = ("(productmanufacturer = '".$manufacturer_imploded."')"); // formats it so it can be directly inserted into MySQL string with a WHERE in front.
if($product_invisible_check == ""){
$product_invisible = "";
}else{$where = "WHERE ";}; //Useless code that I havn't deleted that I tried to use when I searched the entire database
if($product_size_check == ""){
$product_size = "";
}else{$where = "WHERE ";};
if($product_manufacterer_check == ""){
$product_manufacterer = "";
}else{$where = "WHERE ";};
if($product_instock_check == "N"){
$product_instock = "(stockstatus <= '0' AND donotallowbackorders = 'Y') AND "; // Checks if product is in stock (Allowing backordering OR stock >1)
$where = "WHERE ";
}
elseif($product_instock_check == "Y") {
$product_instock = "(stockstatus > '0' OR donotallowbackorders = 'N') AND ";
$where = "WHERE ";
}
else {
$product_instock = "";
};
$sql="Select * FROM ioa7pd_Products WHERE ".$product_instock.$product_size."AND".$product_manufacterer_and.$product_manufacterer."".$product_invisible." LIMIT ".$product_limit0.", ".$product_limit1; // The end result of it all.
echo $sql;
?>
When the URL is
test.php?size=5&manufacturer=Nike,Addidas,Rebok&invisible=N&instock=Y&startat=0&results=30
the resulting SQL query is
Select * FROM ioa7pd_Products WHERE (stockstatus > '0' OR donotallowbackorders = 'N') AND (5 BETWEEN productsizeDOWN AND productsizeUP)AND(productmanufacturer = 'Nike' OR productmanufacturer = 'Addidas' OR productmanufacturer = 'Rebok')(hideproduct = 'N') LIMIT 0, 30
But I plan to add more options to the search.
My main question is simply: What way can I organize this to make it simple to add more variables? Tiered if statements?
Travesty has been helping me with my code and has really been great in organizing it.
Here is the current code. It needs to be secure to prevent injection.
// Database connection
$con = mysql_connect("[CENSORED]","[CENSORED]","[CENSORED]")
or die("Could not connect: " . mysql_error());
mysql_select_db("[CENSORED]") or die('Could not select database');
// Begin organization of URL variables into MYSQL Query
$get_size = $_GET['size'];
$get_manufacturer = $_GET['manufacturer'];
$get_invisible = $_GET['invisible'];
$get_instock = $_GET['instock'];
$get_sex = $_GET['sex'];
$get_startat = $_GET['startat'];
$get_results = $_GET['results'];
if ($get_size != ""){
$all_selectors[] = "(".$get_size." BETWEEN productsizeDOWN AND productsizeUP)"; // Add to array if size is not blank.
};
if ($get_manufacturer != ""){
$manufacturer_exploded = explode(",", $get_manufacturer);
$manufacturer_imploded = implode("' OR productmanufacturer = '", $manufacturer_exploded);
$all_selectors[] = ("(productmanufacturer = '".$manufacturer_imploded."')");
};
if ($get_invisible != ""){
$all_selectors[] = "(hideproduct = '".$get_invisible."')";
};
if($get_instock == "N" or $get_instock == "n"){
$all_selectors[] = "(stockstatus <= '0' AND donotallowbackorders = 'Y')";
}elseif($get_instock == "Y" or $get_instock == "y") {
$all_selectors[] = "(stockstatus > '0' OR donotallowbackorders = 'N')";
};
if ($get_startat != "" or $get_results != ""){
$number_results = "LIMIT ".$get_startat.", ".$get_results;
} else {
$number_results = "LIMIT 0, 15";
};
// All variables are now in an array, except "startat" and "results"
$all_selectors0 = "WHERE ".implode(" AND ", $all_selectors);
// Create SQL query
$sql="Select * FROM sadsads_Products ".$all_selectors0." ".$number_results;
I would do something more like this. It's not tested and probably not 100% complete...you may need to do some further customization, particularly with adding more special cases to the switch statement, but this will make adding more variables much easier:
REMOVED OLD EXAMPLE, SEE UPDATED EXAMPLE BELOW
One key thing to note is that you aren't sanitizing your database inputs. Your code is vulnerable to SQL injection. My example above helps to solve that, but this code isn't fully tested, so you should ensure that all user input is sanitized before using it in any query.
If your field names don't match up with your MySQL columns (which it looks like they don't), then you can fix them with an associative array:
$columns = array(
// [form field] => [mysql column]
'size' => 'product_size',
'manufacturer' => 'product_manufacturer',
'invisible' => 'hideproduct'
// ...
);
And then in your switch statement, do something more like this:
$whereClause[] = "{$columns[$key]} = '{$value}'";
FINAL UPDATE:
DOCUMENTED SAMPLE - has plenty of comments and extra stuff to make it work on Codepad
EXACT WORKING CODE - you should be able to copy and paste this (and add your DB credentials) and it should work:
$con = mysqli_connect("[CENSORED]", "[CENSORED]", "[CENSORED]") or die("Could not connect: ". mysqli_error());
mysqli_select_db("[CENSORED]") or die("Could not select database");
$columns = array(
'size' => 'product_size',
'manufacturer' => 'product_manufacturer',
'invisible' => 'hideproduct'
);
$whereClause = array();
$limit = array("startat" => 0, "results" => 15);
foreach ($_GET as $key=>$value) {
$key = mysqli_real_escape_string($key);
if (is_array($value)) {
for ($i = 0; $i < count($value); $i++) {
$value[$i] = mysqli_real_escape_string($value[$i]);
}
} else {
$value = mysqli_real_escape_string($value);
}
switch ($key) {
case 'size':
$whereClause[] = "({$value} BETWEEN productsizeDOWN AND productsizeUP)";
break;
case 'startat':
case 'results':
$limit[$key] = $value;
break;
case 'instock':
$whereClause[] = "(stockstatus ". ($value == 'N' ? "<=" : ">") ." '0' ". ($value == 'N' ? "AND" : "OR") ." donotallowbackorders = '". ($value == 'N' ? "Y" : "N") ."')";
break;
default: {
if (is_array($value)) {
$whereClause[] = "{$columns[$key]} IN ('". implode("', '", $value) ."')";
} else {
$whereClause[] = "{$columns[$key]} = '{$value}'";
}
}
}
}
$sql = "SELECT * FROM ioa7pd_Products". (empty($whereClause) ? "" : " WHERE ". implode(" AND ", $whereClause)) ." LIMIT {$limit['startat']}, {$limit['results']}";
echo $sql;
after
else {
$product_instock = "";
};
do:
$limit = '';
if( !empty($product_limit0) && !empty($product_limit1) )
$limit = " LIMIT $product_limit0, $product_limit1";
$sql="Select * FROM ioa7pd_Products WHERE ".$product_instock.$product_size."AND".$product_manufacterer_and.$product_manufacterer."".$product_invisible." $limit"; // The end result of it all.
echo $sql;
If you have separate params in $_GET, you would have to traverse with multiple if statements. you can pass the params as an array into $_GET, with numeric keys, that would help a bunch.