PHP and MySQL Loop the same QueryString via GET

Question

I am trying to do eCommerce filtering on the category page. So far I can get it to work for one colour, but if the user checks more than one colour, I want it to search for the other colour too.

URL

//current
category.php?colourChoice=White
//more than one
category.php?colourChoice=White&colourChoice=Ruby+Red

I realise I need some sort of form array or an explode?

MYSQL

products
---
id      sku     price
1       p22     45.00
2       p33     65.00   
3       p44     70.00

colours
---
id      sku     name
1       p22     White
2       p33     Ruby Red    
3       p44     Black

HTML

<form action="form.php" method="get">
    <input type="checkbox" name="colourChoice" value="White"/>
    <input type="checkbox" name="colourChoice" value="Black"/>
    <input type="checkbox" name="colourChoice" value="Ruby Red"/>
    <input type="checkbox" name="colourChoice" value="Orange"/>
    <input type="submit" value="go">
</form>

PHP

// VARS
$colourName=mysql_real_escape_string($_GET["colourChoice"]);

// MYSQL
$checkSQL=mysql_query("
    SELECT * FROM `products`
    INNER JOIN `colours`
    ON `products`.`sku` = `colours`.`sku`
    WHERE (
    name = '".$colourName."'
        OR name LIKE '".$colourName.";%'
        OR name LIKE '%;".$colourName.";%'
        OR name LIKE '%;".$colourName."'
    )
");

// SHOW RESULTS
while($r = mysql_fetch_array($checkSQL)) {
    echo '
        <div class="product">
            Cost £'.$r['price'].'<br />
        </div>
    ';
}

Answer 1

You have to make checkbox array as below

<form action="form.php" method="get">
    <input type="checkbox" name="colourChoice[]" value="White"/>
    <input type="checkbox" name="colourChoice[]" value="Black"/>
    <input type="checkbox" name="colourChoice[]" value="Ruby Red"/>
    <input type="checkbox" name="colourChoice[]" value="Orange"/>
    <input type="submit" value="go">
</form>

Then, you will get multiple value checked into array in php.

foreach($_GET["colourChoice"] as $value){
  /// here you can make concat for where clause.
}

Answer 2

You can get HTML input values in PHP as array:

HTML

<form action="form.php" method="get">
    <input type="checkbox" name="colourChoice[]" value="White"/>
    <input type="checkbox" name="colourChoice[]" value="Black"/>
    <input type="checkbox" name="colourChoice[]" value="Ruby Red"/>
    <input type="checkbox" name="colourChoice[]" value="Orange"/>
    <input type="submit" value="go">
</form>

Then you query the database using prepare/execute statements to prevent SQL injection.

PHP

$placeholders = substr(str_repeat('?, ', count($_GET['colourChoice']), 0, -1);
$query = "
    SELECT * FROM `products`
    INNER JOIN `colours`
    ON `products`.`sku` = `colours`.`sku`
    WHERE name in ($placeholders);
");
$db = new PDO(...);
$stmt = $db->prepare($query);
$stmt->execute($_GET['colourChoice']);
print_r($stmt->fetchAll());