You'll need to check whether month is set and if so use the month & year query and if not just query on the year.

 

I don't think it's reasonably doable in a single statement.

 

i.e.

 

if ($month != "") {
$sql="SELECT * FROM weight WHERE month='$month' & year='$year';
} else {
$sql="SELECT * FROM weight WHERE year='$year'";
}

 

(although someone may well have a cleverer solution)

Here's the cleverer solution that doesn't repeat code. :)

$sql="SELECT * FROM weight WHERE year='$year'";
 
if ($month != "") $sql .= "AND month='$month'";

Some people will probably complain that if statement should be using braces, but meh. Works either way.

Clever lad.

You're falling foul of operator precedence. The OR in your SQL statement is matching everything from 2010, which undoes the other WHERE clauses.

SELECT * FROM weight WHERE month='August' AND year='2010' OR year='2010'
 

gives you the same result set as:

SELECT * FROM weight WHERE year='2010'

If you ever need to combine OR and AND in your WHERE clause you'll need to bracket them correctly. For example, to get matches for August 2010 and everything in 2010 you would do:

SELECT * FROM weight WHERE (month='August' AND year='2010') OR year='2011'

As for combining your query strings. You'll have to perform tests in PHP and construct the SQL you need based on the presence of the URL query variables

if (isset($_GET['month'], $_GET['year'])) {
 
    $month = mysql_escape_string($month);
    $year = mysql_escape_string($year);
 
    $sql = "SELECT * FROM weight WHERE month = '$month' AND year = '$year'";
 
} else if (isset($_GET['month'])) {
 
    $month = mysql_escape_string($month);
    $sql = "SELECT * FROM weight WHERE month = '$month'";
 
} else if (isset($_GET['year'])) {
 
    $year = mysql_escape_string($year);
    $sql = "SELECT * FROM weight WHERE year = '$year'";
}
 
$result = mysql_query($sql);

Note the use of mysql_escape_string too. It's your best friend.

What Drew said, it works great.

Next question

I'm wanting to use some input boxes to enter the month and/or year to generate the URLs.

The one for just year works fine

<input type="text" id="year" value="Enter Year"/>
<button type="button" onclick="location.href='./date.php?year='+document.getElementById('year').value;">Go To</button></div>

But I want it to grab two variables for the year and month one

<input type="text" id="month" value="Enter Month"/>
<input type="text" id="year1" value="Enter Year"/>
<button type="button" onclick="location.href='./date.php?month='+document.getElementById('month').value'&year='+document.getElementById('year1').value;">Go To</button

Unsurprisingly this messy thing doesn't work.

What's this mysql_escape_string chap and what does it do for me?

 

(As I'm sure you're aware you code works perfectly well also :D )

And yet still flawed. :(

I did think it should be doing isset instead of != "", but decided to trust you instead of looking it up.

And in either case I should have mentioned escaping. :'(

Bah.

Hmmm, unless I'm being crazy, can you just do this:

<form action="./date.php" method="get">
	<input type="text" id="year" name="year" value="Enter Year" />
	<button type="submit">Go To</button>
</form>
 
<form action="./date.php" method="get">
	<input type="text" id="month" name="month" value="Enter Month/>
	<input type="text" id="year1" name="year" value="Enter Year" />
	<button type="submit">Go To</button>
</form>

?

(you may also need to restyle the form tags to remove margins/etc this way, but it's a better way than doing onclick=location.href stuff)

Indeed you can, much much nicer. Thanks!

It escapes data for use in a MySQL query. Without it you open yourself up to SQL inject attacks. This explains some of the possibilities quite well: http://unixwiz.net/techtips/sql-injection.html

Your form, just use:

<form method="get" action="date.php">
  <input name="month" type="text" value="Enter month" />
  <input name="year" type="text" value="Enter year" />
  <button type="submit">Go To</button>
</form>

isseting would be pointless because it's ... been set already.

Woohoo. :)

Worth pointing out the id attributes are only necessary if you're also referencing these fields elsewhere (in html/js/css) - if not, just drop them, since the form submit and php stuff uses the name attribute.

I see, yeah I guess I should be using escapes then.

 

Fantastic stuff, I can now be a sad bastard and track my weight via a pretty(ish) graph (using PHPGraphLib).

isseting would be pointless because it's ... been set already.

Hmm, so does $this = $_GET['that'] return empty string if that's not defined?

... computer says yes. Bah.

Aye. It's a pain in the arse.

It should be NULL, not an empty string. If you var_dump the variable it'll show you what it contains.

If you turn on PHP strict error checking you'll get an undefined index error if you don't test with isset / array_key_exists. I prefer to code with strict errors switched on, it's safer and makes me feel smarter

Ah, fair enough then. And yeah, it is null when var_dumped.

I need some more database coding help.

I have a row with a list of comma separated image filenames.

eg

image1.jpg,image2.jpg,image3.jpg,image4.jpg

I generally PHP echo out the contents of a row using a nice and simple

{$row[images]}

That would obviously just chuck out the text with the commas, useless. I want each imagen.jpg wrapped in some HTML without the commas.
eg

<img src="image1.jpg" /><img src="image2.jpg" /><img src="image3.jpg" /><img src="image4.jpg" />

HOW?!

$blah = split(",", $row[images]);
foreach ($blah as $beep) {
echo "<img src=\"" . $beep . "\" />";
}

Probably a neater way which PB or Matt will come along and embarrass me with.