Is there a better way to write this code??..>>

localhost

Hello !
can you please give me some advice about this code?
is there a more simple way to write it?
am i filtering input right??
thanks a lot!

 if( !isset($page)) {
  $page = 1;}
$sql1=mysql_query("SELECT DISTINCT user_from FROM users ORDER BY user_from ASC");
$sql2=mysql_query("SELECT DISTINCT user_occ FROM users ORDER BY user_occ ASC");
  echo '<br><div align="center">ordina i dati per città  e facoltà <br />' . "\n";
		 ?>
<form name="cifa" action="<?= $_SERVER['PHP_SELF'] ?>" method="get"> 
		 <input type="hidden" name="id" value="<?= htmlspecialchars($no) ?>">
		 <?php  

			  echo '<select name="citta">' . "\n";
			   echo ' 	<option value="">Città </option>';
while($data1 = mysql_fetch_array($sql1))
			   {     echo '<option value="' . $data1[user_from] . '">' . $data1[user_from] . '</option>' . "\n"; 
			    }  echo '</select>' . "\n"; 
				   echo '<select name="facolta">' . "\n"; 
				   echo ' 	<option value="">Facoltà </option>';  

while($data2 = mysql_fetch_array($sql2))
			   {    echo '<option value="' . $data2[user_occ] . '">' . $data2[user_occ] . '</option>' . "\n"; 
				    }  echo '</select>' . "\n";
					  echo '<input type="submit" value = "Vai!" class="mainoption" /><br />' . "\n";  

					    echo '</form> </div>' . "\n";
$statistics = "";
$_GET['citta']=htmlspecialchars($_GET['citta'] ,ENT_QUOTES);
$_GET['facolta']=htmlspecialchars($_GET['facolta'],ENT_QUOTES);

if( !isset($tot_rec)) {
		if ( empty($_GET['facolta']) && empty($_GET['citta'])  )
		{
		$statistics = mysql_query("SELECT DISTINCT userid FROM statistics WHERE catid='".$no."' " );
		}
		elseif (empty($_GET['facolta']) && !empty($_GET['citta']))
		{
		$statistics = mysql_query("
SELECT DISTINCT userid
FROM statistics, users
WHERE statistics.catid='".$no."'
AND statistics.userid = users.user_id
AND users.user_from = '{$_GET['citta']}' 
" );
}
elseif (!empty($_GET['facolta']) && empty($_GET['citta']))
		{
		$statistics = mysql_query("
SELECT DISTINCT userid
FROM statistics, users
WHERE statistics.catid='".$no."'
AND statistics.userid = users.user_id
AND users.user_occ = '{$_GET['facolta']}' 
" );
}
		elseif (!empty($_GET['facolta']) && !empty($_GET['citta']))
		{		
$statistics = mysql_query("
SELECT DISTINCT userid
FROM statistics, users
WHERE statistics.catid='".$no."'
AND statistics.userid = users.user_id
AND users.user_from = '{$_GET['citta']}' AND users.user_occ='{$_GET['facolta']}' 
" );
}
   $tot_rec = mysql_num_rows($statistics);
  }

Tilemachos

<?php

open link to database

$mysql_conn = mysql_connect("host", "username", "password")
or die("Could not connect. mySQL Error is : \"" . mysql_error() . '"');

select appropriate database

mysql_select_db (database name, $mysql_conn)
or die("Could not select Database. mySQL Error is : \"" . mysql_error() . '"');

if(!isset($page))
	$page = 1;

$sql1=mysql_query("SELECT DISTINCT user_from FROM users ORDER BY user_from ASC", $mysql_conn);
$sql2=mysql_query("SELECT DISTINCT user_occ FROM users ORDER BY user_occ ASC", $mysql_conn); ?>
<center>
ordina i dati per città  e facoltà<br>
<form name="cifa" action="<? =$PHP_SELF ?>" method="post"> 
	<input type="hidden" name="id" value="<?= htmlspecialchars($no) ?>">
	<select name="citta">
		<option value="">Città </option>

<?php while($data1 = mysql_fetch_array($sql1)) {
echo '<option value="'. $data1[user_from] .'">'. $data1[user_from] .'</option>\n';
} ?>
</select><br>
<select name="facolta">
<option value="">Facoltà </option>
<?php while($data2 = mysql_fetch_array($sql2)) {
echo '<option value="' . $data2[user_occ] . '">' . $data2[user_occ] .'</option>\n';
} ?>
</select>
<input type="submit" value="Vai!" class="mainoption"><br>
</form>
</center>
<?php
$statistics = "";
$GET['citta']=htmlspecialchars($GET['citta'] ,ENT_QUOTES);
$GET['facolta']=htmlspecialchars($GET['facolta'],ENT_QUOTES);

if(!isset($tot_rec)) {
	$query = "SELECT DISTINCT userid
				FROM statistics, users
				WHERE statistics.catid='".$no."'";
	if (empty($_GET['facolta']):
		if (!empty($_GET['citta']))
			$query .= " AND statistics.userid = users.user_id AND users.user_from = '". $_GET['citta'] ."'";
	else:
		$query .= " AND statistics.userid = users.user_id";
		if (empty($_GET['citta'])):
			$query .= " AND users.user_occ = '". $_GET['facolta'] ."'";
		else:
			$query .= " AND users.user_from = '". $_GET['citta'] ."' AND users.user_occ='". $_GET['facolta'] ."'";
		endif;
	endif;
	$statistics = mysql_query($query, $mysql_conn);
	$tot_rec = mysql_num_rows($statistics);
}

I hope i did not forgot something.
Try to print out the var $query before executing it

localhost

interesting aproach of cutting out redundant code!
works nice !
(the script was allready linked to mysql db ,this was
just a part of my script so the initial lines were not necesairy)
thanks a lot eyxaristw!

Tilemachos

An den egrafes to eyxaristw den 8a blepa oti eisai apo Ellada.
Kali xronia 😃

localhost

xronia polla filarako!!!😃