PHP/MSSQL - Filtering from User Input (HTML)

Question

I have been given this assignment, to include some sort of filtering to my current SQL query via User Input. Basically, i am looking for a filtering option, whether its some kin

Answer 1

there should not be ANY data from user in sql query

that did not pass filter

sql-injection is not an empty word

so no $_GET['week'] in sql if you didn't clear it

Answer 2

i m not sure but maybe you can try.

<input type="text" name="week"/>

Post this textbox value in select page and set that value in where close.

Answer 3

 You can do that simply by introducing if else statement
 $where  = "";
 //receive filter option  example $_GET['week']  
  //Do some sanitizing for $_GET['week']
  if ($_GET['week']) {
  $where  =  "WHERE Test_Database.Week = $_GET['week']"
 } else if (somecondition) {
  $where  = "some query";
  }

//You can add multiple condition by concatenating $where, but make sure where not repeats

$query = "SELECT TOP 10 Test_Database.Distributor, Test_Database.Value
FROM Test_Database
$where  
GROUP BY Distributor
ORDER BY Value desc "