chrisjc Posted January 15, 2008 Share Posted January 15, 2008 First off here is the link to my page <a href="http://www.afefilters.com/Dealer%20Locater/t1/">Link to page</a> I am having an issue passing the "State" value to "dealerlocater.php" page that I have created, I have my index.php which will pull from my database and list all the States in a drop down. I now am trying to pass a selected state to “dealerlocater.php” which in return would post up all entries found in the database. How ever I am having an issue with my code could some one please take a look-see and let me know what I am missing here? Iv been stuck on this for a few days now. =( Here is my code to index.php Code: ( text ) <?php // ================================================== ======= // Populate the state selection list from the database // ================================================== ======= echo '<form action="dealerlocater.php" method="post">'; echo '<select id="state" name="state" style="margin-bottom:4px;font-family: Tahoma; font-size: 10pt; height:28px;width:184px;">'; echo '<option value="">Select Your State</option>'; // ================================================== ======= // Connection to the Database // ================================================== ======= include ('db functions/db_connect.php'); // ================================================== ======= // SELECT state to make drop down list // ================================================== ======= $res = mysql_query("SELECT state FROM dealerlocater GROUP BY state ORDER BY state") or die("Invalid query: " . mysql_query()); while ($row = mysql_fetch_assoc($res)) { $st = $row['state']; echo "<option value='$st'>$st</option>"; } echo '</select>'; echo '<br>'; echo '<input type="submit" name="Submit" value="Submit">'; ?> </form> and here is the code to "dealerlocater.php" Code: ( text ) <?php // ================================================== ======= // Connection to the Database // ================================================== ======= include ('db functions/db_connect.php'); mysql_select_db($dealerlocater); $query= "select * from dealerlocater where * '" . $_POST['*'] . "'"; echo $query; $result= mysql_query($query); $num_results = mysql_num_rows($result); for ($i=0; $i <$num_results; $i++) { $row = mysql_fetch_array($result); echo "state: ", $row['state'], ": ",$row['state']; } ?> Once I can get the value passed and it knows what to only look for calling on the columns I wish to display will be rather easy. ??? ??? Quote Link to comment https://forums.phpfreaks.com/topic/86042-issue-passing-a-value/ Share on other sites More sharing options...
Pancake Posted January 15, 2008 Share Posted January 15, 2008 http://en.wikibooks.org/wiki/Programming:PHP:SQL_Injection Quote Link to comment https://forums.phpfreaks.com/topic/86042-issue-passing-a-value/#findComment-439393 Share on other sites More sharing options...
awpti Posted January 15, 2008 Share Posted January 15, 2008 There can be no field named * nor is there an _POST var called *. Methinks an SQL refresher is due $query= "select * from dealerlocater where * '" . $_POST['*'] . "'"; // Should be.. $state = mysql_real_escape_string($_POST['state']); $query= "select * from dealerlocater where my_field_name = '{$state}'"; Quote Link to comment https://forums.phpfreaks.com/topic/86042-issue-passing-a-value/#findComment-439394 Share on other sites More sharing options...
chrisjc Posted January 15, 2008 Author Share Posted January 15, 2008 I always get all mixed up (I am still new to this) Okay so I changed the suggested and I read the link posted above... however I am getting and error on line 13... which has the following code... 12 $result= mysql_query($query); 13 $num_results = mysql_num_rows($result); 14 15 for ($i=0; $i <$num_results; $i++) 16 { 17 $row = mysql_fetch_array($result); 18 echo "state: ", $row['state'], ": ",$row['state']; 19 } 20 ?> any suggestions there? and as for displaying and callon things I was going to use the following. // select the data row for the specified part number $res = mysql_query("SELECT * FROM dealerlocater WHERE state='$st' LIMIT 1") or die("Invalid select query: " . mysql_query()); // verify that a row has been selected, if not: issue message if (mysql_num_rows($res) < 1) echo "No database information for state '$st' found."; // a row had been selected, process the data else { $row = mysql_fetch_assoc($res); $State = $row['state']; $City = $row['city']; $Zip = $row['zip']; } } ?> etc... Quote Link to comment https://forums.phpfreaks.com/topic/86042-issue-passing-a-value/#findComment-439405 Share on other sites More sharing options...
chrisjc Posted January 15, 2008 Author Share Posted January 15, 2008 Just updated "dealerlocater.php" it now reads the following and getting an error on line 4 <?php // select the data row for the specified part number $res = mysql_query("SELECT * FROM dealerlocater WHERE state='$st') or die("Invalid select query: " . mysql_query()); // verify that a row has been selected, if not: issue message if (mysql_num_rows($res) < 1) echo "No database information for state '$st' found."; // a row had been selected, process the data else { $row = mysql_fetch_assoc($res); $State = $row['state']; $City = $row['city']; $Zip = $row['zip']; } // ========================================================= // Connection to the Database // ========================================================= include ('db functions/db_connect.php'); mysql_select_db($dealerlocater); $state = mysql_real_escape_string($_POST['state']); $query= "select * from dealerlocater where my_field_name = '{$state}'"; $result= mysql_query($query); $num_results = mysql_num_rows($res); for ($i=0; $i <$num_results; $i++) { $row = mysql_fetch_array($res); echo "state: ", $row['state'], ": ",$row['state']; } ?> Quote Link to comment https://forums.phpfreaks.com/topic/86042-issue-passing-a-value/#findComment-439409 Share on other sites More sharing options...
chrisjc Posted January 15, 2008 Author Share Posted January 15, 2008 Okay it is working. However I am having some issues here 1. After state is selected it is being passed along however it is displaying everything in that COLUMN "state" which It should only be displaying (The state selected and showing all of them for example say there is 100 entry’s of the state CALIFORNIA it should be displaying a 100 results but all different because of the company name / cities so on so forth... ) 2. I would like it to be in alphabetical order by city but in a display like this Company: Address: City, Stateabb & zip code Phone: Web: Those are the columns and the for mate I want. So when the information is there it would look like Fast Hot Rods 232 Granite St. Brea, CA 92143 (1714-256-xxxx) http://www.test.com So technically the STATE wouldn’t be displayed but selected on so that all entry’s in the Database would be displayed with in that row for that state. Does this make sense? This is what five rows look like in the database. BusinessState ALABAMA ALABAMA ALABAMA ALABAMA ALABAMA ALABAMA Company City Diesel Classic Car Motors Custom Truck Accessories Custom Trucks Unlimited D & B Parts Plus Dixie Offroad Accessories Address 2215 Fake Terry Pkwy #B 2215 Fake Terry Pkwy 2215 Fake Terry Pkwy 2215 Fake Terry Pkwy 2215 Fake Terry Pkwy 2215 Fake Terry Pkwy BusinessCity Decatur Birmingham Foley Opelika Montgomery Pell City Stateabb AL AL AL AL AL AL BusinessPostalCode 91761 84770 50613 80239 86403 8733 BusinessPhone (1714) 555-555 (1714) 555-555 (1714) 555-555 (1714) 555-555 Here is the code for index.php <?php // ========================================================= // Populate the state selection list from the database // ========================================================= echo '<form action="dealerlocater.php" method="post">'; echo '<select id="state" name="state" style="margin-bottom:4px;font-family: Tahoma; font-size: 10pt; height:28px;width:184px;">'; echo '<option value="">Select Your State</option>'; // ========================================================= // Connection to the Database // ========================================================= include ('db functions/db_connect.php'); // ========================================================= // SELECT state to make drop down list // ========================================================= $res = mysql_query("SELECT state FROM dealerlocater GROUP BY state ORDER BY state") or die("Invalid query: " . mysql_query()); while ($row = mysql_fetch_assoc($res)) { $state = $row['state']; echo "<option value='$state'>$state</option>"; } echo '</select>'; echo '<br>'; echo '<input type="submit" name="Submit" value="Submit">'; ?> </form> And Dealerlocater.php <?php // ========================================================= // Connection to the Database // ========================================================= include ('db functions/db_connect.php'); // verify that the state has been passed if (!isset($_REQUEST['state']) OR strlen(trim(strip_tags($_REQUEST['state']))) < 4 ) die("Invalid part number specified."); // sanitize and save the requested state $state = trim(strip_tags($_REQUEST['state'])); // select the data row for the specified state $res = mysql_query("SELECT * FROM dealerlocater GROUP BY state") or die("Invalid select query: " . mysql_query()); // verify that a row has been selected, if not: issue message if (mysql_num_rows($res) < 1) echo "No database information for state '$st' found."; // a row had been selected, process the data else { $row = mysql_fetch_assoc($res); $Company = $row['company']; $Address = $row['address']; $City = $row['city']; $Stateabb = $row['stateabb']; $Zip = $row['zip']; $Phone = $row['phone']; $Web = $row['web']; } mysql_select_db($dealerlocater); $state = mysql_real_escape_string($_POST['state']); $query= "select * from dealerlocater where my_field_name = '{$state}'"; $result= mysql_query($query); $num_results = mysql_num_rows($res); for ($i=0; $i <$num_results; $i++) { $row = mysql_fetch_array($res); echo "<br>"; echo "<br> State: ", $row['state'], "<br> Company: ",$row['company']; } ?> Thank you!!! Quote Link to comment https://forums.phpfreaks.com/topic/86042-issue-passing-a-value/#findComment-439445 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.