How do I convert $_POST to string then assign to a $variable? Wanna use it in SQL

Question

I don't know how to convert this $_POST to string and ASSIGN it to a variale rather than an array. Is there a Convert.ToString(RadioButtonValue) like in C#? I want to use the variable as a parameter in my SQL statement.

$DeptCode = $_POST['Department'];
        print_r($DeptCode);

        $sql = "SELECT EMPLOYEE.EmpID, EmpName FROM EMPLOYEE, EMPLOYEE_SPECIALIZATION WHERE EMPLOYEE.EmpID = EMPLOYEE_SPECIALIZATION.EmpID AND EmpStatus='active' AND DeptCode = '$DeptCode'";
        $results = mysql_query($sql,$con);
        if($results != $sql)
        {
            die('Error' . mysql_error());
        }

This is my SQL statement. What am I doing wrong?

$sql = "SELECT EMPLOYEE.EmpID, EmpName FROM EMPLOYEE, EMPLOYEE_SPECIALIZATION WHERE EMPLOYEE.EmpID = EMPLOYEE_SPECIALIZATION.EmpID AND EmpStatus='active' AND DeptCode = '$DeptCode'";

When I run it... it always show

Array ( [0] => PD ) Error

This is the whole code:

<html>
<head>
    <title>New Checkup</title>
</head>
<body>
    <h1><a href="http://localhost/clinic/InsertPatient.php">Insert Patient</a></h1><br>
    <h1><a href="http://localhost/clinic/InsertEmployee.php">Insert Doctor and Specialization</a></h1>
    <h1><a href="http://localhost/clinic/InsertProcedureHTML.php">Insert Products and Services</a></h1>
    <h1><a href="http://localhost/clinic/NewCheckup.php">New Checkup</a></h1>
    <form method="post">
        <?php
        //action="http://localhost/clinic/NewCheckup2.php"
            $con = mysql_connect('localhost', 'root', "");
            if(!$con)
            {
                die('Could not connect: ' . mysql_error());
            }   
            mysql_select_db("db_clinic", $con) or die(mysql_error());
            $sql = "SELECT DeptCode, DeptName FROM DEPARTMENT";
            $results = mysql_query($sql,$con);
            while($row=mysql_fetch_assoc($results))
            {                       
                echo "<input type='radio' name='Department[]' value='".$row['DeptCode']."'>".$row['DeptName'];
            }
            mysql_close($con);
        ?>
        <input type="submit" name="btnSubmit">
    </form>

    <?php
    if(isset($_POST['btnSubmit']))
    {
        $con = mysql_connect('localhost', 'root', "");
        if(!$con)
        {
            die('Could not connect: ' . mysql_error());
        }
        mysql_select_db("db_clinic", $con) or die(mysql_error());

        $DeptCode = $_POST['Department'];
        print_r($DeptCode);
        echo $DeptCode;
        $sql = "SELECT EMPLOYEE.EmpID, EmpName FROM EMPLOYEE, EMPLOYEE_SPECIALIZATION WHERE EMPLOYEE.EmpID = EMPLOYEE_SPECIALIZATION.EmpID AND EmpStatus='active' AND DeptCode = '$DeptCode'";
        $results = mysql_query($sql,$con);
        if($results != $sql)
        {
            die('Error' . mysql_error());
        }
        mysql_close($con);
    }
    ?>
</body>

your `if($results != $sql)` condition is completely wrong. at least test to see if `$results !== false` — DevZer0, Jul 30 '13 at 08:29

score 2 · Accepted Answer · answered Jul 30 '13 at 08:29

2

Use without brackets [] like this

name='Department'

answered Jul 30 '13 at 08:29

Bora

10,529
5
43
73

1

Why was this down-voted? It's the only correct answer so far. Radio buttons within the same group need the same name, and so should not be an array as named by the OP. – Nick Coons Jul 30 '13 at 08:33

score 1 · Answer 2 · answered Jul 30 '13 at 08:32

You are creating an array with the form input:

<input type='radio' name='Department[]' value='
                                    ^^
                                    ||
                     PHP HTML Form Variable Array Notation

This is also shown when you do the print_r for your debugging:

$DeptCode = $_POST['Department'];
print_r($DeptCode);

Array ( [0] => PD )

So either don't create an array or access it as an array.

To learn more about arrays in PHP in general, please see:

http://php.net/array

To learn more about arrays in PHP Forms, please see:

http://php.net/language.variables.external

score 0 · Answer 3 · answered Jul 30 '13 at 08:30

You can use PHP Variable variables for this purpose. A variable variable takes the value of a variable and treats that as the name of a variable. Eg:

foreach($_POST as $key => $value){
 $$key = $value; //create variable
}

Reference: http://php.net/manual/en/language.variables.variable.php

score 0 · Answer 4 · answered Jul 30 '13 at 08:30

0

just use this :

implode("", $DeptCode);

answered Jul 30 '13 at 08:30

Mohammad Masoudian

3,483
7
27
45

score 0 · Answer 5 · answered Jul 30 '13 at 08:33

0

i guess it will help you.

$post_string = json_encode($your_post_variable);

now you have the string value in $post_string.

also you can get post data values by

json_decode();

answered Jul 30 '13 at 08:33

sudhakar

582
1
3
13

score 0 · Answer 6 · answered Jul 30 '13 at 08:56

Try this:

$deptCode = $_POST['Department'];

$post_array = implode(" ", array_keys($deptCode));
$escaped_values = array_map('mysql_real_escape_string', array_values($deptCode));
$newDeptCode = implode(" ", $escaped_values);

To use it in mysql statement:

//tokenize the string
$token = strtok($newDeptCode, " ");

while($token != FALSE){

   //your query statement
   mysql_query("SELECT EMPLOYEE.EmpID, EmpName FROM EMPLOYEE, EMPLOYEE_SPECIALIZATION WHERE EMPLOYEE.EmpID = EMPLOYEE_SPECIALIZATION.EmpID AND EmpStatus='active' AND DeptCode = '$token'");

   $token = strtok(" ");
}

I strongly suggest that you start using PDO though. Its safer

How do I convert $_POST to string then assign to a $variable? Wanna use it in SQL

6 Answers6