0

i have one function which calculate total number of records in table and get two arguments and both are optional.

function getTotal($id=0,$id1=0)
 {
 ($id==0?$addQuery="":$addQuery=" where art_id=".$id);
 if($id1<>0 && $id==0)
 {
 $addQuery=" where up_type=".$id1
 }
 if($id1<>0 && $id<>0)
 {
 $addQuery=" and up_type=".$id1
 }
 mysql_set_charset('utf8');
 $query="SELECT COUNT(id) FROM tbl_up ".$addQuery;
 $result=$this->query($query,1);
 return $result;
 }

if you see i write if id is passed then i put the where class in one line

but if 2nd argument id1 is passed or not i need to add text to where class, but here is if id is passed then it should start from and and if id is not passed it should start with where

i try to write if but these lines are too much, i need some thing like first line

($id==0?$addQuery="":$addQuery=" where art_id=".$id);

for 2nd agrument.

Thanks

asked Aug 30, 2011 at 14:36
1

3 Answers 3

4 
function getTotal($id=0,$id1=0)
 {
 $where = array();
 if ($id) $where[]='`art_id`="'.$id.'"';
 if ($id1) $where[] = '`up_type`="'.$id1.'"';
 $where = (!count($where) ? '' : 'WHERE '.implode(' AND ', $where));
 $query="SELECT COUNT(id) FROM tbl_up ".$where;
 mysql_set_charset('utf8');
 $result=$this->query($query,1);
 return $result;
 }
answered Aug 30, 2011 at 14:50
Sign up to request clarification or add additional context in comments.

Comments

2

try:

function getTotal($id = 0,$id1 = 0) {
 // sorry, I rewrite the first expression to this, easier to read IMHO
 $addQuery = $id == 0 ? "" : " where art_id='".mysql_real_escape_string($id)."'";
 if ($id1 <> 0)
 $addQuery .= ($id == 0 ? " where" : " and") . " up_type='".mysql_real_escape_string($id1)."'";
 mysql_set_charset('utf8');
 $query="SELECT COUNT(id) FROM tbl_up ".$addQuery;
 $result=$this->query($query,1);
 return $result;
}
answered Aug 30, 2011 at 14:43

3 Comments

-1, if you forget to (single) quote the injected $id's id's that contain spaces will not work, also anti-SQL injection measures you take prior to this snipped will fail. – Johan in 0 seconds edit
please don't downvote because of something that OP didn't ask. I gave answer to what he wanted to do, period. that injection thing should be another topic.
I downvoted because it would be dangerous to use this code in production. If you edited the post to not be dangerous I'll be more than happy to upvote.
0 
function getTotal($id=0,$id1=0)
{
 $addQuery="where 1=1"
 if($id <>0) $addQuery.=" and art_id =".$id
 if($id1<>0) $addQuery.=" and up_type=".$id1
 mysql_set_charset('utf8');
 $query="SELECT COUNT(id) FROM tbl_up ".$addQuery;
 $result=$this->query($query,1);
 return $result;
}

this is a generic way to have multiple cases tested

answered Aug 30, 2011 at 14:42

2 Comments

you're missing the WHERE clause
-1, if you forget to (single) quote the injected $id's id's that contain spaces will not work, also anti-SQL injection measures you take prior to this snipped will fail.

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.