How to use multiple unique "if" in PHP?

Asked

Viewed 73 times

0

I want to make a condition for when a value is selected, the condition is like this at the moment:

if (!empty($_GET['faixa_de_preco'])) {

    $valor = $_GET['faixa_de_preco'];

    if ($valor == 1) {
        $result = "< 1000000.00";
    }
    if ($valor == 2) {
        $result = ">= 1000000.00 AND price <= 2000000.00";
    }
    if ($valor == 3) {
        $result = ">= 2000000.00 AND price <= 3000000.00";
    }else{
        $result = "";
    }

    $filter .= " AND price {$result}";

}

Here’s what happens when I add one more if it ignores the top one. An example, in this code, when I select an option with the value 3, works that is the only one if that works is the

if ($valor == 3) {
        $result = ">= 2000000.00 AND price <= 3000000.00";
    }

when I select an option with the value 1 or 2, it falls into the else, and if I add one more if, the if ($valor == 3) begins to fall into the else also.

  • 2

    The problem is your logic. Note that when $value == 1 (or 2) the way you did it will enter the if ($valor == 3) { and how the else. Utilize else in all the if. Also note that when $value is different from 1, 2 and 3 your filter will be wrong.

2 answers

5


You have 3 ifindependent and not a if only, which is what it seems to desire, and as they all change the value of the same variable only the latter will prevail, whether true or false.

If you really want only one of these options to run they should be a single block, so they all become mutually exclusive, at the moment only the last one is like this. To do this I need to have one else in all of them. So:

if (!empty($_GET['faixa_de_preco'])) {

    $valor = $_GET['faixa_de_preco'];

    if ($valor == 1) {
        $result = "< 1000000.00";
    } else if ($valor == 2) {
        $result = ">= 1000000.00 AND price <= 2000000.00";
    } else if ($valor == 3) {
        $result = ">= 2000000.00 AND price <= 3000000.00";
    } else {
        $result = "";
    }
    $filter .= " AND price {$result}";
}

I put in the Github for future reference.

Very likely to use this in a query SQL and may be making a serious error of SQL Injection. And he seems to have other problems, but you can’t tell just with what we saw. Read also: Using client validation is sufficient?

Depending on the case it may be that a switch solve as well, but let’s not add complexity before understanding the basics.

  • I understood, that was exactly that thank you. You can let me read about SQL Injection and validation via client not to make this mistake.

  • Where is the SQL Injection error? In this case there is total control over the variable $result, there is no way to inject an SQL through the $_GET['faixa_de_preco']. In my view doing so is better than by bind

  • 2

    I didn’t say you have it, but you can have it, it depends on what else you do.

  • 1

    Considering that it has an AND in concatenation, it has a significant probability of having another criterion not necessarily treated against injection before this stretch.

0

Can be alternatively solved with a Switch as it has only one condition in if

  if (!empty($_GET['faixa_de_preco'])) {
    $valor = $_GET['faixa_de_preco'];
    switch ($valor) {
        case 1:
            $result = "< 1000000.00";
            break;
        case 2:
            $result = ">= 1000000.00 AND price <= 2000000.00";
            break;
        case 3:
            $result = ">= 2000000.00 AND price <= 3000000.00";
            break;
        default:
            $result = "";
    }
    $filter .= " AND price {$result}";
}

Browser other questions tagged

You are not signed in. Login or sign up in order to post.