Just prepare a statement (https://www.php.net/manual/de/pdo.prepared-statements.php) and add where conditions when needed.
And if you have special cases, check for them at the beginning of your code and let a nother method handle this cases. So you will rech a cleaner code.
| <?php | |
| // check for special cases and handle them | |
| if(isset($_GET['product_cat']) && ($_GET['product_cat']=='booking' || $_GET['product_cat']=='group-buy') && !isset($_GET['min_prep_time'] , $_GET['max_prep_time'])) | |
| { | |
| // Call to a nother method that handles this case where procut_cat is 'booking' or 'group-buy' | |
| specialRequests(); | |
| // exit this method to prevent executing the vollowing code | |
| return; | |
| } | |
| //base query with placeholders for prepared statement | |
| $sqlQuery = "SELECT * FROM products_table where cat = :product_cat"; | |
| //parameter array with values that will be bind | |
| $sqlQueryParameters = [ ':product_cat' => $_GET['product_cat'] ] | |
| // if min and max prep time is set, extend the query and add additional parameters and values to the array | |
| if(isset($_GET['min_prep_time'] , $_GET['max_prep_time'])) | |
| { | |
| $sqlQueryParameters[':min_prep_time'] = $_GET['min_prep_time']; | |
| $sqlQueryParameters[':max_prep_time'] = $_GET['max_prep_time']; | |
| $sqlQuery .= " where min_prep_time > :min_prep_time and max_prep_time < :max_prep_time" | |
| } | |
| //prepare the sql statement (https://www.php.net/manual/de/class.pdostatement.php) | |
| $sth = $dbh->prepare($sqlQuery); | |
| //execute the statement with the given parameters in the array | |
| $sth->execute($sqlQueryParameters); | |
| ?> |