kvnirvana Posted May 21, 2010 Share Posted May 21, 2010 I only want this displayed if a value which is not all is chosen from the third dropdown $c echo "<TD width=30% height=100>". rating_bar($rows['id'],'6','static')."<a href='jadak.php?id={$rows['id']}&na={$rows['na']}&c={$rows['c']}&a={$rows['a']}'>Rate </a> </TD>"; How can that be done? echo "<form name='search' action=".$_SERVER['PHP_SELF']." method='post'> <table width='50%' align='center' valign='center'> <tr> <td colspan='2' align='center'>Search</td> </tr> <tr> <td align='right'>a:</td><td>$a</td> </tr> <tr> <td align='right'>b:</td><td>$b</td> </tr> <tr> <td align='right'>c:</td><td>$c</td> </tr> <td colspan='2' align='center'> </td> </tr> <tr> <td colspan='2' align='center'><input type='submit' name='submit' value='Go!'></td> </tr> </table> </form>"; }//end function /*------------------------------------------------------------------------ run the search and show the results ------------------------------------------------------------------------*/ function search() { //base sql mysql_connect("localhost", "***", "****") or die(mysql_error()); mysql_select_db("****") or die(mysql_error()); $sql = "select * from behandlere WHERE 1=1"; //get the values from the form //NOTE: You should do way more valdation on the values before you attempt to process anything if ((!empty($_POST['a']))&&($_POST['a'] != 'all')) { $sql .= " and a like '". mysql_real_escape_string($_POST['a'])."%' "; } if ((!empty($_POST['b']))&&($_POST['b'] != 'all')) { $sql .= " and b like '". mysql_real_escape_string($_POST['b'])."%' "; } if ((!empty($_POST['c']))&&($_POST['c'] != 'all')) { $sql .= " and c = '". mysql_real_escape_string($_POST['c'])."' "; } // ADD ORDER BY $sql .= ' order by total_value DESC '; echo "</TR>"; echo "<TR>"; echo "<TH scope='col' abbr='a'><u>a</u></TH>"; echo "<TH scope='col' abbr='rating'><u>Rating</u></TH>"; echo "<TH scope='col'><u>comments</u></TH>"; echo "</TR>"; echo "<TR>"; echo "<TD width=20% height=100 scope='row'>". $rows['a'] ."<p> ". $rows['na'] ."<p> ". $rows['ad'] ."<p> ". $rows['postnr'] .", ". $rows['by'] ."<p> ". $rows['tl'] ."</TD>"; echo "<TD width=30% height=100>". rating_bar($rows['id'],'6','static')."<a href='jadak.php?id={$rows['id']}&na={$rows['na']}&c={$rows['c']}&a={$rows['a']}'>Rate </a> </TD>"; echo "<TD width=30% height=100><a href='komment.php?na={$rows['na']}&id={$rows['id']}&a={$rows['a']}'>Read comments</a> </TD>"; echo "<TABLE width=100% height=100 border='0' cellpadding='5' cellspacing='10'><hr>"; echo "</TR>"; } echo "</table>"; } Quote Link to comment https://forums.phpfreaks.com/topic/202502-only-show-if-value-is-chosen-from-drop-down/ Share on other sites More sharing options...
Psycho Posted May 21, 2010 Share Posted May 21, 2010 Well, what are the "valid" values of the $c select list, what is the value of the All option, and what is the name of that select list? You should always validate user input. Even though you are using a select list, a malicious user CAN post values not in the select list. So you should always validate against the "approved" values. Also, to make it easier I would give the all option an empty value. Quote Link to comment https://forums.phpfreaks.com/topic/202502-only-show-if-value-is-chosen-from-drop-down/#findComment-1061609 Share on other sites More sharing options...
kvnirvana Posted May 22, 2010 Author Share Posted May 22, 2010 The valid values of the $c select list is values generated from mysql exept the value 'all', and the value of the All option is 'all'. The name of the select list is 'search' I guess? how do I validate against the "approved" values? Quote Link to comment https://forums.phpfreaks.com/topic/202502-only-show-if-value-is-chosen-from-drop-down/#findComment-1061839 Share on other sites More sharing options...
Psycho Posted May 22, 2010 Share Posted May 22, 2010 You would validate the selected value by doing a database query on the processing page. Something like: SELECT name FROM table WHERE name = '$search_value' Anyway, once you validate that the selected value exists in the database (or is all) you could use the following to decide whether or not to display the line above if($_POST['search'] != 'all') { echo "<td width=\"30%\" height=\"100\">"; echo rating_bar($rows['id'],'6','static'); echo "<a href=\"jadak.php?id={$rows['id']}&na={$rows['na']}&c={$rows['c']}&a={$rows['a']}\">Rate</a>"; echo "</td>"; } Quote Link to comment https://forums.phpfreaks.com/topic/202502-only-show-if-value-is-chosen-from-drop-down/#findComment-1061875 Share on other sites More sharing options...
kvnirvana Posted May 22, 2010 Author Share Posted May 22, 2010 I'm not sure where in the code to validate the selected value, isn't that what i'm doing this part of the code? //base sql mysql_connect("localhost", "***", "****") or die(mysql_error());mysql_select_db("****") or die(mysql_error());$sql = "select * from behandlere WHERE 1=1"; Quote Link to comment https://forums.phpfreaks.com/topic/202502-only-show-if-value-is-chosen-from-drop-down/#findComment-1062016 Share on other sites More sharing options...
kvnirvana Posted May 24, 2010 Author Share Posted May 24, 2010 Anybody? Quote Link to comment https://forums.phpfreaks.com/topic/202502-only-show-if-value-is-chosen-from-drop-down/#findComment-1062609 Share on other sites More sharing options...
Psycho Posted May 24, 2010 Share Posted May 24, 2010 I'm not sure where in the code to validate the selected value, isn't that what i'm doing this part of the code? //base sql mysql_connect("localhost", "***", "****") or die(mysql_error()); mysql_select_db("****") or die(mysql_error()); $sql = "select * from behandlere WHERE 1=1"; Huh? That code doesn't do anything. It does a database query for all the fields in the table 'behandlere' and uses a WHERE clause that serves no purpose. I already provided a solution for your original query, is that solved? As for the validation, I'm not sure what you are alluding to above, but let me spell it out for you. I "assume" the values for the select list are from the database in the table 'behandlere'. So, the form should do a query to get the values - and only the values. Example: $query = "SELECT name FROM 'behandlere' ORDER BY name"; Then use the results of that query to build the select list options. Then on the processing page you will want to validate that the submitted value is from that list. Otherwise a malicious user can submit values you did not intend. So, you would do a query on the processing page to ensure the posted value is in the database. Rough example: $search = mysql_real_escape_string($_POST['search']); $query = "SELECT name FROM 'behandlere' WHERE name='$search'"; $result = mysql_query($query); if(mysql_num_rows($result)!=1) { echo "Invalid search value"; } Quote Link to comment https://forums.phpfreaks.com/topic/202502-only-show-if-value-is-chosen-from-drop-down/#findComment-1062625 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.