Build Query From List Box In PHP

Question

I have a page where I am wanting to allow a user to select fields from a select that exist in a table, then display the contents of those fields on screen. I have set-up the select like so

<select name="queryfields" size="12" multiple="multiple" tabindex="1">
<option value="firstname">firstname</option>
<option value="lastname">lastname</option>
<option value="address">address</option>
<option value="phone">phone</option>

And I know to discover what options were selected I can use this:

<?php
    header("Content-Type: text/plain");

    foreach ($_GET['queryfields'] as $selectedOption)
        echo $selectedOption."\n";
?>

And that gives me an array of the fields selected. However, how do I then parse the array to generate my full query? For example, let's say that firstname, lastname were selected. I would then want to build my query like this:

Select firstname, lastname from employeedata

Unknown to me, is how to get the data from the array into a select statent like my above code snippet.

score 0 · Accepted Answer · answered Mar 10 '17 at 14:21

0

Try This:

$sql = '';
$selected_fields = array();   
foreach ($_GET['queryfields'] as $selectedOption){
    //echo $selectedOption."\n";
    $selected_fields[] = $selectedOption;
}
if(!empty($selected_fields)){
    $fields = implode(',', $selected_fields);
    $sql = 'SELECT '.$fields.' from employeedata'; 
}

//print query if it is not empty

if(!empty($sql)){
    echo $sql;
}

answered Mar 10 '17 at 14:21

Bhaskar Jain

1,651
1
12
20

Can this be achieved on the same page w/o a redirect? Possibly with some JS? – IcyPopTarts Mar 10 '17 at 14:27
This is php code, if you want to access this code, you have to use Ajax. But I don't understand your requirement now!! – Bhaskar Jain Mar 10 '17 at 14:30
You're code worked as I requested. I did not realize it was seperate methodology (AJAX) to do on same page. I will google ajax. – IcyPopTarts Mar 10 '17 at 14:32

score 0 · Answer 2 · edited May 23 '17 at 12:32

You can use PHP implode() function.

<?php
    header("Content-Type: text/plain");
    $q = "SELECT ".implode(', ', $_GET['queryfields'])." FROM employeedata";
?>

But there are some possibilities for SQL injection. You should read the about that before proceeding. How can I prevent SQL injection in PHP?

You can create a design like the below

<?php
    header("Content-Type: text/plain");
    $filter = array_filter($_GET['queryfields'], function($val) {
        $allowedFields = array(
            'firstname',
            'lastname',
            'address',
            'phone',        
        );
        return in_array($val, $allowedFields);
    }

    $q = "SELECT ".implode(', ', $filter)." FROM employeedata";
?>

Would you place this in the same page as the `select` or is this on the page that I would be using `$_GET` — IcyPopTarts, Mar 10 '17 at 15:58

Build Query From List Box In PHP

2 Answers2