Consult specific data of mysql omitting others in php?

Navigation
0

I have a table with the following data id, name, price, category, description, but I want to make a query according to the category, for example, if I select the chairs category just print those rows that have that category in said column.
I hope the subject is not repeated, I've been searching in Google how to sort the data, but I always get the ascending and descending order.
I have also seen that some javascript library can work, like ajax or jquery.
Hazta now I do not have any problem with the code in the way I am using it, it has worked, but now I want to take the next step, I do not want all the products I have in the table to appear.
This is the code: 

           <?php
                include("conexion.php");

                $query = "SELECT * FROM productos";
                $resultado = $conexion->query($query);

                while ($row = $resultado->fetch_assoc()) {
            ?>
           <?php echo base64_encode($row['product_img']);?>
           <?php echo $row['product_price']; ?>
           <?php echo $row['product_name']; ?>
           <?php echo $row['product_description']; ?>

If you look there you can see the different products, I want you to click on the office one to show me the office ones and if I click on chairs, just show me those. Thanks

    
asked by Eka 08.07.2018 в 17:25
source

2 answers

1

One way to do this is for the sql query to ask for what you really need and then display the elements, that is, construct the query dynamically.

You can make each category a link in the HTML that calls the PHP file that will perform the query and send the category through the url.

Example: 

 <!--En tu HTML: -->
 <a href="tuArchivo.php?categoria=OFICINA">Oficina</a>
 <a href="tuArchivo.php?categoria=Sillas%Oficina">Sillas Oficina</a>
 <!--etc-->

Then in your PHP you would get the name of the category through the global variable $ _GET to be able to build your query.

In my solution, external data is used to create the query dynamically, which entails risk of SQL injection.

These risks can be prevented by using prepared queries. In this case I will give the example of how to do it with the PHP PDO class. 

//PHP
try {
    $conexionPDO = new PDO('mysql:host=localhost;dbname=prueba', $usuario, $contraseña); 
    $conexionPDO->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
} catch (PDOException $e) {
    die('Error en la conexion ' . $e->getMessage());
}

 $stmt = $conexionPDO->prepare("SELECT * FROM productos WHERE product_category = :categoria");
 $stmt->bindParam(':categoria', $_GET['categoria']);
 $stmt->execute();

 while ($row = $stmt>fetch(PDO::FETCH_ASSOC)){
      echo base64_encode($row['product_img']);
      echo $row['product_price']; 
      echo $row['product_name']; 
      echo $row['product_description'];
 }
 $stmt=null;
 $conexionPDO=null;

Look at the PHP PDO class: link

And information about SQL injection in PHP: link

Here we talk a lot about the sql injection too SQL Injection

    
answered by 08.07.2018 в 18:38
0

Yes, after all I solved it with 

 SELECT * FROM productos WHERE product_category = 'OFICINA'

but I did not use PDO because I really do not understand it, I used mysqli

    
answered by 26.07.2018 в 06:45
Error installing composer in ubuntu 16.04 Lts The best way to endorse a table by periods [closed]