I am using isset() to check if a variable has a value. My issue is that even when the variable has no value (the parameter was not passed in the url) the sql string is still modified to append the where clause.
For example - if this is the URL that is passed
http://internal/test/trbm?userID=3213
And this is my php snippet
$user = urldecode($_GET['userID']);
$sql = "Select * from users"
if (isset($user)) {
$sql .= " WHERE userID = '$user'";
}
echo $sql;
The echo results are:
Select * from users where userID = '3213'
However, this URL http://internal/test/trbm produces the below echo results, still appending the where clause, even though (at least to me) isset() should return false
Select * from users where userID = ''
The second echo statement (the one right above) my desired/expected to be is
Select * from users
Was isset() the incorrect check to use in this instance? If so, what check should I be using in it's place?
$user will be set, because you set it in this line
$user = urldecode($_GET['userID']);
So instead check the $_GET value directly.
$sql = "Select * from users"
if (isset($_GET['userID']) {
$user = urldecode($_GET['userID']);
$sql .= " WHERE userID = '$user'";
}
echo $sql;