I have this portion of code in my underconstruction web app, there are 6 input var ($startDateEmissF,$endDateEmissFinto,$startDateScadF,$endDateScadFquery,$startDateEsecF,$endDateEsecF...they are all string)but they are used only within some conditions. Which is the better way to build a prepared statement with mysqli in this case where bind_param has different params depending on which If conditions are true or false?
Thank you
$sql = "SELECT
tblDocAdd.id_doc_add AS idDocAdd,
tblAz.ragSoc_azienda AS ragSoc,
tblScadAdd.id_scad_add AS idScadAdd,
tblAz.soprannome_azienda AS soprannomeAzienda,
tblCatDoc.categoriaDoc AS categoriaDoc,
tblMod1.nomeModalita AS nomeModalitaDoc,
tblDocAdd.nr_doc_add AS nrDoc,
tblDocAdd.descrizione_doc AS descrDocAdd,
tblScadAdd.importo_scad_add AS importoScadAdd,
tblScadAdd.importo_comp AS importoComp,
tblMod2.nomeModalita AS nomeModalitaScad,
tblScadAdd.data_scad_add AS dataScadAdd,
tblScadAdd.data_esecuzione AS dataEsecAdd,
tblScadAdd.note AS noteScadAdd,
tblConto.contoCorrente AS contoAdd,
tblDocAdd.data_emissione AS dataEmisDoc,
tblTipoAdd.tipologiaAddebito AS tipoAdd,
tblDocAdd.doc_approvato AS docApprovato
FROM $tabellaScadAdd AS tblScadAdd
INNER JOIN $tabellaDocAdd AS tblDocAdd ON tblScadAdd.id_doc_add = tblDocAdd.id_doc_add
INNER JOIN $tabellaAziende AS tblAz ON tblDocAdd.id_azienda = tblAz.id
INNER JOIN $tabellaCatDoc AS tblCatDoc ON tblDocAdd.id_categoria = tblCatDoc.id_categoriaDoc
INNER JOIN $tabellaModalita AS tblMod1 ON tblDocAdd.id_modalita_doc = tblMod1.id_nomeModalita
INNER JOIN $tabellaModalita AS tblMod2 ON tblScadAdd.id_modalita_scad = tblMod2.id_nomeModalita
INNER JOIN $tabellaTipoAdd AS tblTipoAdd ON tblDocAdd.id_tipologia = tblTipoAdd.id_tipologiaAddebito
INNER JOIN $tabellaContiCorr AS tblConto ON tblDocAdd.id_contoCorrente = tblConto.id_contoCorrente WHERE";
$flag = 0;
if ( isset( $_GET[ 'nonapprovati' ] ) ) {
$sql .= " tblDocAdd.doc_approvato = 0 ";
$flag = 1;
}
if ( !isset( $_GET[ 'nonapprovati' ] ) ) {
$sql .= " tblDocAdd.doc_approvato = -1 ";
$flag = 1;
}
if ( isset( $_GET[ 'eseguiti' ] ) ) {
if ( $flag == 1 ) {
$sql .= " AND ";
}
$sql .= " tblScadAdd.data_esecuzione IS NOT NULL ";
$flag = 1;
}
if ( !isset( $_GET[ 'eseguiti' ] ) ) {
if ( $flag == 1 ) {
$sql .= " AND ";
}
$sql .= " tblScadAdd.data_esecuzione IS NULL ";
$flag = 1;
}
if ( !empty( $startDateEmissF ) && !empty( $endDateEmissF ) ) {
if ( $flag == 1 ) {
$sql .= " AND ";
}
$sql .= " dataEmisDoc >= '$startDateEmissF' AND dataEmisDoc >= '$endDateEmissF' ";
$flag = 1;
}
if ( !empty( $startDateScadF ) && !empty( $endDateScadF ) ) {
if ( $flag == 1 ) {
$sql .= " AND ";
}
$sql .= " dataScadAdd >= '$startDateScadF' AND dataScadAdd >= '$endDateScadF' ";
$flag = 1;
}
if ( isset( $_GET[ 'eseguiti' ] ) && !isset( $_GET[ 'nonapprovati' ] ) ) {
if ( !empty( $startDateEsecF ) && !empty( $endDateEsecF ) ) {
if ( $flag == 1 ) {
$sql .= " AND ";
}
$sql .= " dataEsecAdd >= '$startDateEsecF' AND dataEsecAdd >= '$endDateEsecF' ";
$flag = 1;
}
}
Aucun commentaire:
Enregistrer un commentaire