Do you know what isset
Apparently not. Look here:
isset is NOTHING BUT a simple builtin PHP function that allows you to test to see if there is any value there at all.
You don't even NEED to use it for STAT_ID if you use the code I showed you, because that code will only allow certain values for STAT_ID and reject the rest.
Now... If you want to make the team abbreviation *optional* then, yes, using isset with it is a good idea. If you want to make it required, you can still use it though you would do so differently.
You could alter the code above like this (stuff added is in red
, rest stays the same):
... make the db connection here ...
$team = $_GET["TEAM_ID"];
if ( isset($team) && strlen($team) == 3 ) /* assumes all are 3 letter abbreviations */
$where = " WHERE team_id = '" . mysql_real_escape_string($team) . "' ";
$where = "";
$sql = "SELECT CONCAT(Fname,' ',Lname) AS player, Pos, Year, $fname "
. " FROM batters_career_stats $where ORDER BY $sname DESC LIMIT 50";
$result = mysql_query($sql) or die(mysql_error());