Jump to content

Recommended Posts

i have a data base . layout = "id-country-type-tank-tier"

 

i created a form using tick box's so u can search more than 1 for each of "country,type and tier"

this dosent seem a good way to do this to me as i dont n how to write a query to handle this.

 

is there a better way to be able to search for multple options for each column?

thaks guys

 

form layout (incomplete).

<table width="200" border="1">
 <tr>
 <td>UK</td>
 <td>USA</td>
 <td>Ger</td>
 <td>Russ</td>
 <td>French</td>
 <td>Chinese</td>
 <td> </td>
 <td> </td>
 <td> </td>
 <td> </td>
 </tr>
 <tr>
<td><label>
<input type="checkbox" name="uk" id="uk" />
</label></td>
<td><input type="checkbox" name="usa" id="usa" /></td>
<td><input type="checkbox" name="german" id="german" /></td>
<td><input type="checkbox" name="russ" id="russ" /></td>
<td><input type="checkbox" name="french" id="french" /></td>
<td><input type="checkbox" name="chinese" id="chinese" /></td>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
</tr>
 <tr>
 <td>Light</td>
 <td>Medium</td>
 <td>Heavy</td>
 <td>TD</td>
 <td>SPG</td>
 <td colspan="5" rowspan="2"> </td>
 </tr>
 <tr>
<td><input type="checkbox" name="light" id="light" /></td>
<td><input type="checkbox" name="medium" id="medium" /></td>
<td><input type="checkbox" name="heavy" id="heavy" /></td>
<td><input type="checkbox" name="td" id="td" /></td>
<td><input type="checkbox" name="spg" id="spg" /></td>
</tr> <tr>
 <td>1</td>
 <td>2</td>
 <td>3</td>
 <td>4</td>
 <td>5</td>
 <td>6</td>
 <td>7</td>
 <td>8</td>
 <td>9</td>
 <td>10</td>
 </tr>
<tr>
<td><input type="checkbox" name="t1" id="t1" /></td>
<td><input type="checkbox" name="t2" id="t2" /></td>
<td><input type="checkbox" name="t3" id="t3" /></td>
<td><input type="checkbox" name="t4" id="t4" /></td>
<td><input type="checkbox" name="t5" id="t5" /></td>
<td><input type="checkbox" name="t6" id="t6" /></td>
<td><input type="checkbox" name="t7" id="t7" /></td>
<td><input type="checkbox" name="t8" id="t8" /></td>
<td><input type="checkbox" name="t9" id="t9" /></td>
<td><input type="checkbox" name="t10" id="t10" /></td>
</tr></table>

Link to comment
https://forums.phpfreaks.com/topic/273156-forms-and-sql-query/
Share on other sites

sorry.

i want to be able to search for (0-6 countrys) + (0-6types) + (0-10 tiers) using tick box's (or is there a better way?).

 

column (country ), (type ), (tier )

example1 = "french, german" + "light, td, heavy" + "10,6,3,1"

example2 = "uk,usa, german" + "medium, td, heavy" + "9,6,5,4,3,1"

 

hope this makes more sense

Link to comment
https://forums.phpfreaks.com/topic/273156-forms-and-sql-query/#findComment-1405648
Share on other sites

Giving values to your checkboxes would be a good start

 

eg

 

<td><input type="checkbox" name="country[]" value="usa" id="usa" /></td>
<td><input type="checkbox" name="country[]" value="german" id="german" /></td>
<td><input type="checkbox" name="country[]" value="russ" id="russ" /></td>
<td><input type="checkbox" name="country[]" value="french" id="french" /></td>
<td><input type="checkbox" name="country[]" value="chinese" id="chinese" /></td>

Edited by Barand
Link to comment
https://forums.phpfreaks.com/topic/273156-forms-and-sql-query/#findComment-1405664
Share on other sites

And I thought I'd just shown you a better way of doing it. The check box values need to be the values used in the data.

 

Now you can see if countries are selected by checking $_POST['country']. You would have to some data sanitizing but, basically, your query would look like

 

if (isset($_POST['country'])) {
  $countryList = join ("','", $_POST['country']);
  $sql = "SELECT whatever FROM tablename WHERE country IN ('$countryList')";
}

Link to comment
https://forums.phpfreaks.com/topic/273156-forms-and-sql-query/#findComment-1405683
Share on other sites

so can i also extend it like this?

 

if (isset($_POST['country'])) {
   if (isset($_POST['type'])) {
 if (isset($_POST['tier'])) {

$countryList = join ("','", $_POST['country']);
$typeList = join ("','", $_POST['type']);
$tierList = join ("','", $_POST['tier']);

$sql = "SELECT whatever FROM tablename WHERE country IN ('$countryList') and type IN ('$typelist') and tier IN ('$tierlist')";
 }
 }
}

Link to comment
https://forums.phpfreaks.com/topic/273156-forms-and-sql-query/#findComment-1405709
Share on other sites

Not quite. I'd do it like this

<?php

$whereclause = '';
$where = array();

if (isset($_POST['country'])) {
$countryList = join ("','", $_POST['country']);
$where[] = "(country IN ('$countryList'))";
}
if (isset($_POST['type'])) {
$typeList = join ("','", $_POST['type']);
$where[] = "(type IN ('$typeList'))";
}
if (isset($_POST['tier'])) {
$tierList = join ("','", $_POST['tier']);
$where[] = "(tier IN ('$tierList'))";
}

if (count($where) > 0) $whereclause = 'WHERE ' . join(' AND ', $where);

$sql = "SELECT whatever FROM tablename $whereclause";

?>

Edited by Barand
Link to comment
https://forums.phpfreaks.com/topic/273156-forms-and-sql-query/#findComment-1405714
Share on other sites

ok so i got this far with no errors but the post data is not posting or being read. i tryed using get as well to see if its being sent and it is.

 

the get reads as == ttl.php?country=uk&country=usa&type=td&type=spg&tier=I&tier=V&tier=X

 

i carnt see where ive gone wrong

 

 

 

 

the form at the bottom is incomplete as i removed most of the rest of the code.

 

</p>
<p> </p>
<form id="form1" name="form1" method="post" action="ttl.php">
<div align="center">
<table width="200" border="1">
 <tr>
 <td>UK</td>
 <td>USA</td>
 <td>German</td>
 <td>Russ</td>
 <td>French</td>
 <td>Chinese</td>
 <td> </td>
 <td> </td>
 <td> </td>
 <td> </td>
 </tr>
 <tr>
<td><label>
<input name="country" type="checkbox" id="country" value="uk" /></label></td>
<td><input name="country" type="checkbox" id="country" value="usa"/></td>
<td><input name="country" type="checkbox" id="country" value="german" /></td>
<td><input name="country" type="checkbox" id="country" value="russian" /></td>
<td><input name="country" type="checkbox" id="country" value="french" /></td>
<td><input name="country" type="checkbox" id="country" value="chinese" /></td>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
</tr>
 <tr>
 <td>Light</td>
 <td>Medium</td>
 <td>Heavy</td>
 <td>TD</td>
 <td>SPG</td>
 <td colspan="5" rowspan="2"> </td>
 </tr>
 <tr>
<td><input name="type" type="checkbox" id="type" value="light" /></td>
<td><input name="type" type="checkbox" id="type" value="medium" /></td>
<td><input name="type" type="checkbox" id="type" value="heavy" /></td>
<td><input name="type" type="checkbox" id="type" value="td" /></td>
<td><input name="type" type="checkbox" id="type" value="spg" /></td>
</tr> <tr>
 <td>1</td>
 <td>2</td>
 <td>3</td>
 <td>4</td>
 <td>5</td>
 <td>6</td>
 <td>7</td>
 <td>8</td>
 <td>9</td>
 <td>10</td>
 </tr>
<tr>
<td><input name="tier" type="checkbox" id="t1" value="I" /></td>
<td><input name="tier" type="checkbox" id="t2" value="II" /></td>
<td><input name="tier" type="checkbox" id="t3" value="III" /></td>
<td><input name="tier" type="checkbox" id="t4" value="IV" /></td>
<td><input name="tier" type="checkbox" id="t5" value="V" /></td>
<td><input name="tier" type="checkbox" id="t6" value="VI" /></td>
<td><input name="tier" type="checkbox" id="t7" value="VII" /></td>
<td><input name="tier" type="checkbox" id="t8" value="VIII" /></td>
<td><input name="tier" type="checkbox" id="t9" value="IX" /></td>
<td><input name="tier" type="checkbox" id="t10" value="X" /></td>
</tr>
<tr><td><input type="submit" id="submit" /></td>
</tr></table>
</div>
</form>
<p> </p>
<div align="center">
<TABLE>
<tr>
 <td>col 1</td>
 <td></td>
<td>col 2</td></tr>
<TR>
 <TD> <select size="5" name="lstBox" id="lstBox">


<?php

$whereclause = '';
$where = array();
if (isset($_post['country'])) {
$countrylist = join ("','", $_post['country']);
$where[] = "(country IN ('$countryList'))";
}
if (isset($_post['type']))
{
$typelist = join ("','", $_post['type']);
$where[] = "(type IN ('$typeList'))";
}
if (isset($_post['tier']))
{
$tierlist = join ("','", $_post["tier"]);
$where[] = "(tier IN ('$tierList'))";
}
if (count($where) > 0)
$whereclause = 'WHERE ' . join(' AND ', $where);
$sql = "SELECT * FROM tanks $whereclause";
$result1=mysql_query($sql);
while($row = mysql_fetch_array( $result1 )) {
?>
 <option value="<?php echo $row['tier']." - ".$row['name']; ?>"><?php echo $row['name']; ?></option>
 <?php
// close while loop
}
?> </select>



 </TD>
 <TD> <div align="center">
 <input name="add" type="button" value="Add" onclick="FirstListBox();" />
 <input name="remove" type="button" value="Remove" onclick="SecondListBox();"/>
 </div></TD>
 <TD>
 <select size="5" name="ListBox1" id="ListBox1">

 </select>
 </TD>
</TABLE>
</form>



Link to comment
https://forums.phpfreaks.com/topic/273156-forms-and-sql-query/#findComment-1405745
Share on other sites

its still not picking up the values.

 

i try to echo the post and/or get and nothing echo's

 

when i try _get i get this in the url

tier%5B1%5D=I&tier%5B2%5D=II&tier%5B3%5D=III

 

 

</p>
<p> </p>
<form id="form1" name="form1" method="post" action="ttl.php">
 <div align="center">
   <table width="200" border="1">
  <tr>
    <td>UK</td>
    <td>USA</td>
    <td>German</td>
    <td>Russ</td>
    <td>French</td>
    <td>Chinese</td>
    <td> </td>
    <td> </td>
    <td> </td>
    <td> </td>
  </tr>
  <tr>
<td><label>
   <input name="country[1]" type="checkbox" id="country[1]" value="uk" /></label></td>
<td><input name="country[2]" type="checkbox" id="country[2]" value="usa"/></td>
<td><input name="country[3]" type="checkbox" id="country[3]" value="german" /></td>
<td><input name="country[4]" type="checkbox" id="country[4]" value="russian" /></td>
<td><input name="country[5]" type="checkbox" id="country[5]" value="french" /></td>
<td><input name="country[6]" type="checkbox" id="country[6]" value="chinese" /></td>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
</tr>
  <tr>
    <td>Light</td>
    <td>Medium</td>
    <td>Heavy</td>
    <td>TD</td>
    <td>SPG</td>
    <td colspan="5" rowspan="2"> </td>
  </tr>
 <tr>
<td><input name="type[1]" type="checkbox" id="type[1]" value="light" /></td>
<td><input name="type[2]" type="checkbox" id="type[2]" value="medium" /></td>
<td><input name="type[3]" type="checkbox" id="type[3]" value="heavy" /></td>
<td><input name="type[4]" type="checkbox" id="type[4]" value="td" /></td>
<td><input name="type[5]" type="checkbox" id="type[5]" value="spg" /></td>
</tr> <tr>
    <td>1</td>
    <td>2</td>
    <td>3</td>
    <td>4</td>
    <td>5</td>
    <td>6</td>
    <td>7</td>
    <td>8</td>
    <td>9</td>
    <td>10</td>
  </tr>
   <tr>
<td><input name="tier[1]" type="checkbox" id="t1" value="I" /></td>
<td><input name="tier[2]" type="checkbox" id="t2" value="II" /></td>
<td><input name="tier[3]" type="checkbox" id="t3" value="III" /></td>
<td><input name="tier[4]" type="checkbox" id="t4" value="IV" /></td>
<td><input name="tier[5]" type="checkbox" id="t5" value="V" /></td>
<td><input name="tier[6]" type="checkbox" id="t6" value="VI" /></td>
<td><input name="tier[7]" type="checkbox" id="t7" value="VII" /></td>
<td><input name="tier[8]" type="checkbox" id="t8" value="VIII" /></td>
<td><input name="tier[9]" type="checkbox" id="t9" value="IX" /></td>
<td><input name="tier[10]" type="checkbox" id="t10" value="X" /></td>
</tr>
 <tr><td><input type="submit"  id="submit"  /></td>
</tr></table>
 </div>
</form>
<p> </p>
<div align="center">
 <TABLE>
   <tr>
  <td>col 1</td>
  <td></td>
   <td>col 2</td></tr>
   <TR>
  <TD> <select size="5"  name="lstBox" id="lstBox">


<?php
$whereclause = '';
$where = array();
if (isset($_post['country'])) {
$countrylist = join ("','", $_post['country']);
$where[] = "(country IN ('$countrylist'))";
}
if (isset($_post['type']))
{
$typelist = join ("','", $_post['type']);
$where[] = "(type IN ('$typelist'))";
}
if (isset($_post['tier']))
{
$tierlist = join ("','", $_post["tier"]);
$where[] = "(tier IN ('$tierlist'))";
}
if (count($where) > 0)
$whereclause = 'WHERE ' . join(' AND ', $where);
$sql = "SELECT * FROM tanks $whereclause";
$result1=mysql_query($sql);
while($row = mysql_fetch_array( $result1 )) {
?>
    <option value="<?php echo $row['tier']." - ".$row['name']; ?>"><?php echo $row['name']; ?></option>
    <?php
// close while loop
}
?> </select>



  </TD>
  <TD> <div align="center">
    <input name="add" type="button" value="Add" onclick="FirstListBox();" />
    <input name="remove" type="button" value="Remove" onclick="SecondListBox();"/>
  </div></TD>
  <TD>
    <select size="5" name="ListBox1" id="ListBox1">

    </select>
  </TD>
 </TABLE>
 </form>


Link to comment
https://forums.phpfreaks.com/topic/273156-forms-and-sql-query/#findComment-1405830
Share on other sites

Now you have got the basic method there is one important addition you need to protect your queries from SQL injection. You need to sanitize all user input strings befor you use them in a query.

 

<?php
function sanitize($data)
 {
   if (get_magic_quotes_gpc()) $data = stripslashes($data);
   $data = mysql_real_escape_string($data);
   return $data;
 }

// then a slight change to your sections eg  
if (isset($_POST['country'])) {
   $clean = array_map('sanitize', $_POST['country']);
   $countrylist = join ("','", $clean);
   $where[] = "(country IN ('$countrylist'))";
}


?>

Link to comment
https://forums.phpfreaks.com/topic/273156-forms-and-sql-query/#findComment-1405868
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.