-1

I have a filter on MySQL query. I can filter entries as I want. But after filtering, I cannot set values as selected on option value. My code;

<form method="POST">
    <label>İller:</label><select style="width:150px" name="iller"> 
        <OPTION VALUE=''>Hepsi</OPTION>
        <option value="İstanbul">İstanbul</option>
        <option value="Ankara">Ankara</option>
        <option value="Bolu">Bolu</option>
    </select>
    <label>Bölümler:</label><select style="width:150px" name="bolum"> 
        <OPTION VALUE=''>Hepsi</OPTION>
        <option value="Makine Mühendisliği">Makine Mühendisliği</option>
        <option value="Endüstri Mühendisliği">Endüstri Mühendisliği</option>
        <option value="Elektrik Mühendisliği">Elektrik Mühendisliği</option>
    </select>
    <input class="button" type="submit" name="submit" value="Filtrele" /></td>
</form>

<?php   
    $db_connection = mysqli_connect($host,$user,$password,$dbname);
    $query="SELECT * FROM osym";
    $sql=$query;
    $iller = $_POST['iller'];
    $bolum = $_POST['bolum'];

    mysqli_real_escape_string($db_connection,$_POST['iller']);
    mysqli_real_escape_string($db_connection,$_POST['bolum']);
    $conditions = array();

    if($iller !="") {
        $conditions[] =  " Il='$iller'";
    }
    if($bolum !="") {
        $conditions[] =  " Bolum='$bolum'";
    }
    if (count($conditions) > 0) {
        $sql .= " WHERE " . implode(' AND ', $conditions);
    }
    echo "<table border='1'>
          <tr>
            <th>Kod</th>
            <th>İl</th>
            <th>Okul</th>
            <th>Bölüm</th>
            <th>Dili</th>
            <th>Öğretim</th>
            <th>Burs</th>
            <th>Kontenjan</th>
            <th>Puan Türü</th>
            <th>Sıra</th>
            <th>Taban P.</th>
            <th>Tavan P.</th>
          </tr>";

    mysqli_query($db_connection,"SET NAMES UTF8");
    if (isset($_POST['submit'])) {
        $result = mysqli_query($db_connection,$sql);
            while($row = mysqli_fetch_array($result)) {
                echo "<tr>";
                echo "<td>" . $row['Kod'] . "</td>";
                echo "<td>" . $row['Il'] . "</td>";
                echo "<td>" . $row['Okul'] . "</td>";
                echo "<td>" . $row['Bolum'] . "</td>";
                echo "<td>" . $row['Dili'] . "</td>";
                echo "<td>" . $row['Ogr'] . "</td>";
                echo "<td>" . $row['Burslu'] . "</td>";
                echo "<td>" . $row['Kontenjan'] . "</td>";
                echo "<td>" . $row['PuanT'] . "</td>";
                echo "<td>" . $row['Sira'] . "</td>";
                echo "<td>" . $row['TabPuan'] . "</td>";
                echo "<td>" . $row['TavPuan'] . "</td>";
                echo "</tr>";
            }

            echo "</table>";
    }
?>

Whenever I select an option and hit 'Filtrele' button, all option names return to "Hepsi".

I have tried putting 

<?php if ($iller="İstanbul") {echo "selected"; } ?>

in 

<option value="İstanbul">

tag but it didn't work.

Because of method, i cannot use GET attribute either. I am looking for your help, thanks in advance.

RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
Barış Öz
  • 25
  • 3
  • 2
    You don't seem to understand how `mysqli_real_escape_string` works. Your code is prone to [SQL injection](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). To fix that you'll for example have to assign `$iller` to the *returned* value of `mysqli_real_escape_string($_POST['iller'])`. – Hauke P. May 31 '14 at 15:49
  • `if ($iller="İstanbul")` should be `if ($iller=="İstanbul")`. `=` is assignment, `==` is comparison. – Barmar May 31 '14 at 16:00
  • I have tried == too. I don't know how that function works so thank you. I will investigate it better after finding a solution to 'selected' thing. – Barış Öz May 31 '14 at 16:03

1 Answers1

0

You need to print the form after setting the variables from $_POST, so you can add the appropriate SELECTED attributes.

And when you call mysqli_real_escape_string you have to assign the results back to the variables.

<?php

$iller = isset($_POST['iller']) ? $_POST['iller'] : '';
$bolum = isset($_POST['bolum']) ? $_POST['bolum'] : '';

?>

<form method="POST">
    <label>İller:</label><select style="width:150px" name="iller"> 
    <OPTION VALUE=''>Hepsi</OPTION>
    <option value="İstanbul" <?php if ($iller == "İstanbul") echo "SELECTED" ?> >İstanbul</option>
    <option value="Ankara" <?php if ($iller == "Ankara") echo "SELECTED" ?> >Ankara</option>
    <option value="Bolu" <?php if ($iller == "Bolu") echo "SELECTED" ?> >Bolu</option>
    </select>
    <label>Bölümler:</label><select style="width:150px" name="bolum"> 
    <OPTION VALUE=''>Hepsi</OPTION>
    <option value="Makine Mühendisliği" <?php if ($bolum == "Makine Mühendisliği") echo "SELECTED" ?> >Makine Mühendisliği</option>
    <option value="Endüstri Mühendisliği" <?php if ($bolum == "Endüstri Mühendisliği") echo "SELECTED" ?> >Endüstri Mühendisliği</option>
    <option value="Elektrik Mühendisliği" <?php if ($bolum == "Elektrik Mühendisliği") echo "SELECTED" ?> >Elektrik Mühendisliği</option>
    </select>
    <input class="button" type="submit" name="submit" value="Filtrele" /></td>
    </form>

<?php   
$db_connection = mysqli_connect($host,$user,$password,$dbname);
$query="SELECT * FROM osym";
$sql=$query;

$iller = mysqli_real_escape_string($db_connection,$iller);
$bolum = mysqli_real_escape_string($db_connection,$bolum);
$conditions = array();

if($iller !="") {
    $conditions[] =  " Il='$iller'";
}
if($bolum !="") {
    $conditions[] =  " Bolum='$bolum'";
}
if (count($conditions) > 0) {
    $sql .= " WHERE " . implode(' AND ', $conditions);
}
echo "<table border='1'>
          <tr>
            <th>Kod</th>
            <th>İl</th>
            <th>Okul</th>
            <th>Bölüm</th>
            <th>Dili</th>
            <th>Öğretim</th>
            <th>Burs</th>
            <th>Kontenjan</th>
            <th>Puan Türü</th>
            <th>Sıra</th>
            <th>Taban P.</th>
            <th>Tavan P.</th>
          </tr>";

mysqli_query($db_connection,"SET NAMES UTF8");
if (isset($_POST['submit'])) {
    $result = mysqli_query($db_connection,$sql);
    while($row = mysqli_fetch_array($result)) {
        echo "<tr>";
        echo "<td>" . $row['Kod'] . "</td>";
        echo "<td>" . $row['Il'] . "</td>";
        echo "<td>" . $row['Okul'] . "</td>";
        echo "<td>" . $row['Bolum'] . "</td>";
        echo "<td>" . $row['Dili'] . "</td>";
        echo "<td>" . $row['Ogr'] . "</td>";
        echo "<td>" . $row['Burslu'] . "</td>";
        echo "<td>" . $row['Kontenjan'] . "</td>";
        echo "<td>" . $row['PuanT'] . "</td>";
        echo "<td>" . $row['Sira'] . "</td>";
        echo "<td>" . $row['TabPuan'] . "</td>";
        echo "<td>" . $row['TavPuan'] . "</td>";
        echo "</tr>";
    }

    echo "</table>";
}
?>
Barmar
  • 741,623
  • 53
  • 500
  • 612