CristiM Posted September 7, 2012 Share Posted September 7, 2012 Hi guys my name is Chris i'm on this forum and in php programming so i have a few questions, i hope somebody can help me. So: i' m trying to make a real estate website and i have some difficulties with the search form the form has 5 fields: price_from; price_to; number_rooms, location and numb_square_meters the data base has 5 columns: id, price, location, numb_square_meters, number_rooms For the price fields i use an input type field For numb_rooms i use a select type field with options like(vila, condo, 4 bedroom apartaments..something like that and ALL OPTIONS option) For location and square_meters is the same way as for numb_rooms The problem is this actually there are more than one: 1.When i choose the option "ALL OPTIONS" in the LOCATION field in my form i want it to retrieve every location from the SQL DB if not to retrieve one of the other options 2. If let say the user fills the price fields but the other ones remain with the ALL OPTIONS option selected i want it to retreive only the rows that is in that price range no matter the location number of rooms or the square meters i want to point out the english is not my maternal language , so if you spot some spelling or grammar errors i apologize. This a part of my code... <form method="post" action="index.php" enctype="multipart/form-data"> <input type="hidden" name="id"> Price <input type="text" name="price"> Price2 <input type="text" name="price2" /> Square_meters<input type="text" name="Square_meters"> Location<select name="Location"> <option>Bucuresti</option> <option>Iasi</option> <option>Brasov</option> <option>Focsani</option> </select> Numb_rooms<select name="Numb_rooms"> <option>Garsoniera</option> <option>2 Camere</option> <option>3 Camere</option> <option>4 Camere</option> <option>Vila</option> </select> <input type="submit" name="send" value="Search"> </form> <?php header("content-type: image.jpg"); if(isset($_POST['send'])) { require_once("conexiune.php"); (this is my conect to sql database script) $id = $_POST['id']; $price = $_POST['price']; $price2 = $_POST['price2']; $square_m = $_POST['Square_meters']; $location = $_POST['location']; $numb_rooms = $_POST['Numb_rooms']; $selectie = mysql_query("SELECT * FROM apartamente WHERE id = '$id' && Pret>='$price'&& Pret<='$price2' && Location = '$location' && Square_meters='$Square_meters' && Numb_rooms = '$Numb_rooms ' "); while($row = mysql_fetch_array($selectie,MYSQL_ASSOC)) { print"<tr><td>"; print $row['id']; print"</td><td>"; print $row['Pret']; print"</td><td>"; print $row['Nr_camere']; print"</td><td>"; print $row['Suprafata']; print"</td><td>"; print $row['Locatie']; print"</td><td>"; print $row['Descriere']; print"</td><td>"; Quote Link to comment Share on other sites More sharing options...
requinix Posted September 7, 2012 Share Posted September 7, 2012 If it's ALL OPTIONS then don't include it in the query at all. Quote Link to comment Share on other sites More sharing options...
Christian F. Posted September 7, 2012 Share Posted September 7, 2012 You have some serious security issues with your code, by the way. You really need to implement Input Validation and Output Escaping to your script, otherwise you're wide open to anyone who wants to attack the site. Also, why do you have this in the middle of the code? header("content-type: image.jpg"); Not only do I see no logical reason for it to be there, but it will not work in any case. See the "HEADER ERRORS" threat stickied at the top of this forum for more info. PS: Please use the tags around your code, as it helps make both your post and your code a lot easier to read. Thanks. Quote Link to comment Share on other sites More sharing options...
CristiM Posted September 8, 2012 Author Share Posted September 8, 2012 Yes i know the problems with the security, but i'm way far from finishing, about the header....the logic is that in the database i have a field where i store images, so when i retrieve data and display it it will show some images too. Quote Link to comment Share on other sites More sharing options...
fenway Posted September 8, 2012 Share Posted September 8, 2012 Where's the mysql problem here? Quote Link to comment Share on other sites More sharing options...
CristiM Posted September 8, 2012 Author Share Posted September 8, 2012 the problem is that a user has to either fill out all the fields in the form or neither one....i want it to be possible to complete some of them and the other ones to be ignored..and i don't how to make an sql query to extract the proper rows Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted September 8, 2012 Share Posted September 8, 2012 The first reply stated how you would do this (in your php code.) Since this isn't a query problem (yet), moving thread to the php help forum... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.