-4

I have an html form with a number of different checkboxes. I wanted to use php so when the query is ran it means that when the select part will be whatever radio buttons the user has checked.

Rebekah
  • 35
  • 7
  • 4
    What exactly is your question? – Daan Apr 28 '15 at 14:24
  • i want the select from the query to pick up whatever radio button the user has picked – Rebekah Apr 28 '15 at 14:26
  • 1
    You don't have radio buttons but checkboxes, secondly they are in an array. Open for sql injections, you need to fetch the query. Why do you have a slash before `$query` ? – Daan Apr 28 '15 at 14:27
  • oh yes sorry mean checkboxes – Rebekah Apr 28 '15 at 14:28
  • possible duplicate question http://stackoverflow.com/questions/2268887/how-do-i-see-which-checkbox-is-checked – BRBT Apr 28 '15 at 14:28
  • You're asking how to check which checkboxes are selected an run a query dependent on each selection, if you look at the answers in the link I posted you will find your answer. – BRBT Apr 28 '15 at 14:33
  • no i didn't ask that – Rebekah Apr 28 '15 at 14:37
  • Just for example, to clarify what your question is going for, what would be the expected output if the user selected DatePurchased and AskingFor? Should it only display those columns? – Don't Panic Apr 28 '15 at 14:39
  • sidenote: `/$query = "SELECT $choice from purchase";` that slash is a typo, right? Plus, a missing closing form tag. – Funk Forty Niner Apr 28 '15 at 14:42
  • you need to provide the good people with the MySQL API you're using to connect with. `mysql_`? `mysqli_`? PDO? MSSQL? – Funk Forty Niner Apr 28 '15 at 15:16
  • $con = mysqli_connect('localhost', 'root', 'root') or die ('No connection'); mysqli_select_db($con, 'test') or die (' localhost will not open'); ?> – Rebekah Apr 28 '15 at 15:19
  • 1
    as per your edit `echo "Please pick a sel"` <= missing semi-colon. Another typo? Plus you're not querying. Please go through tutorials before posting. I don't want to sound like the "bad guy" here, but Stack isn't a school. – Funk Forty Niner Apr 28 '15 at 15:25
  • The easiest solution is to do a `foreach` on your incoming `$_POST['choice']` variable, to sanitize and build your query. – Zorgarath Apr 29 '15 at 15:45

3 Answers3

2

I would suggest not doing this by modifying the query, but instead by modifying the output.

<?php

error_reporting(E_ALL); ini_set('display_errors', 1);
include "connect.php";

// Just select all the columns.
$query = "SELECT HouseID, DatePurchased, AskingFor, SoldFor from purchase";

// Execute the query
$result = mysqli_query($con, $query);

// Then output only the columns you want.
echo "<table><thead><tr>";
foreach ($_POST["choice"] as $column) {
    echo "<th>$column</th>";
}
echo "</tr></thead><tbody>";
while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) { // 
    echo "<tr>";
    foreach ($_POST['choice'] as $column) {
        echo "<td>{$row[$column]}</td>";
    }
    echo "</tr>";
}
echo "</tbody></table>";
?>
Don't Panic
  • 41,125
  • 10
  • 61
  • 80
  • doesn't seem to like fetch array – Rebekah Apr 28 '15 at 15:11
  • I used `fetchArray()` for example, because it was not clear from your question which database extension you would be using. If you add code to your question to show how you are currently executing the query and fetching results, I can modify this answer accordingly. – Don't Panic Apr 28 '15 at 15:13
  • In the code in your edited question, you are not executing the query. And if you use this method to generate the table, you do not need to modify the SQL string. – Don't Panic Apr 28 '15 at 15:33
  • Do what? Execute the query? That is this line `$result = mysqli_query($con, $query);`. – Don't Panic Apr 28 '15 at 16:11
  • I upvoted this answer, for your efforts, even though the question is going nowhere. The OP should be going through tutorials before posting. – Funk Forty Niner Apr 28 '15 at 16:18
  • @Rebekah We love to help out, but you're not helping anyone here. You need to help yourself before we can help you. Please and again, go over tutorials before posting a question; this code should work, there doesn't appear to be any errors in it. Good luck. – Funk Forty Niner Apr 28 '15 at 16:20
1

To properly select from your html form you can check the input's values against allowed select fields. Here is a sample:

<?php

error_reporting(E_ALL); ini_set('display_errors', 1);

$choice = $_POST["choice"];

include "connect.php";

switch($choice){
   case("HouseID"): $selection = "HouseID";
   break;
   case("DatePurchased"): $selection = "DatePurchased";
   break;
   case("AskingFor"): $selection = "AskingFor";
   break;
   case("SoldFor"): $selection = "SoldFor";
   break;
   Default: $selection = "*";
}

$query = "SELECT $selection from purchase";

?>

This way no user input is directly placed into the query, and you can have the input values different from the table fields, giving you an added layer of protection.

Zorgarath
  • 979
  • 12
  • 23
0

Maybe this :

<?php

error_reporting(E_ALL); ini_set('display_errors', 1);

$choice = $_POST["choice"];

if(!empty($choice)){
  $select = implode(',',$choice); // this will split all choices with a comma 
  $query = "SELECT $select from purchase";
}else{
  // IF NOTHING IS SELECTED
}

include "connect.php";

?>
Kristian Lilov
  • 610
  • 6
  • 12