How to pass the selected value from select box to a research

Question

I was looking for a select box that can be used for a multiple selection to determine which location I want to look for in my research, with this, an attachment to the database. So, down here, it’s what I’ve find to go through this:

I put a select box with my few locations:

<select name="SelectLocation[]" MULTIPLE="yes">
<option value="1">Inbound</option>
<option value="2">OutBound</option>
<option value="3">Training Room</option>
<option value="4">Summerside</option>
<option value="5">Alberton</option>
</select>

I use a foreach to give me selected location :

foreach ($_GET['SelectLocation'] as $selectedOption){
//echo $selectedOption."\n";

$query1="select * from location where location_id=$selectedOption";
$info=info_query($query1);
$nomLocation=$info['location'];
$Location .= $nomLocation."\n";
}
echo $Location;

Right now, if I select, for example, Inbound and Summerside, the echo give me: Inbound Summerside This in the same line.

I use the query to go get the name in the database (the query1). I want now to use those “name”, that went I’m select my example (Inbound and Summerside), do my search, it take only the selected location, not the other one, so I made this in my query :

location.location like".$Location;
$query="select computer.computer_id,
computer.computer_name,
computer.product_key,
computer.model,
computer.serial_number,
`status`.`status`,
computer.starphone,
computer.inst_id,
computer.did,
computer.macaddress,
software.description,
vendor.vendor_name,
location.location,
department.department,
jack.jack_number
from computer
inner join computer_vendor on computer.computer_id=computer_vendor.computer_id
inner join vendor on computer_vendor.vendor_id=vendor.vendor_id
inner join `status`on computer.status_id=`status`.status_id
inner join software on computer.software_id=software.software_id
inner join jack on jack.computer_id=computer.computer_id
inner join location on location.location_id=jack.location_id
inner join department on department.dept_id=jack.dept_id
where computer.computer_name like '%".$critere."%' and location.location like".$Location;

My issue is : Went I do a research with my example, Inbound and Summerside, it didn’t give me any recording. It’s because my location is in a line he can reach out in the database? I try to put the % before and after the $Location like $critere, but didn’t help. Did I need to work with value and location_id if it’s not with the name of the location?

What I want, it’s that my $Location be able to tell the location chosen to the database and went the selection work perfectly with the database, my research display with all information necessary with the selected location and criteria.

Please, if more information needed, tell me and I will provide it.

select computer.computer_id, 
computer.computer_name, 
computer.product_key,
computer.model, 
computer.serial_number, 
`status`.`status`, 
computer.starphone, 
computer.inst_id, 
computer.did,
computer.macaddress, 
software.description, 
vendor.vendor_name, 
location.location, 
department.department,
jack.jack_number from computer inner join computer_vendor on computer.computer_id=computer_vendor.computer_id 
inner join vendor on computer_vendor.vendor_id=vendor.vendor_id 
inner join `status`on computer.status_id=`status`.status_id 
inner join software on computer.software_id=software.software_id 
inner join jack on jack.computer_id=computer.computer_id 
inner join location on location.location_id=jack.location_id 
inner join department on department.dept_id=jack.dept_id 
where computer.computer_name like '%52%' and location.location in ()

Your code is vulnerable to SQL injection attacks. You should use [mysqli](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) or [PDO](http://php.net/manual/en/pdo.prepared-statements.php) prepared statements as described in [this post](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). — Alex Howansky, Apr 06 '17 at 14:33
as you have an array of locations, you might want to [read this](http://stackoverflow.com/questions/907806/passing-an-array-to-a-query-using-a-where-clause) and let mysql do the job ? — OldPadawan, Apr 06 '17 at 14:38
The mysqli it's already done in an other webpage call cnx_db. In part, yes, and i will go read — Nexis, Apr 06 '17 at 14:47

Abhisek Malakar · Accepted Answer · 2017-04-07T13:38:00.867

0

$Location=array();
foreach ($_GET['SelectLocation'] as $selectedOption){
//echo $selectedOption."\n";

$query1="select * from location where location_id=$selectedOption";
$info=info_query($query1);
$nomLocation=$info['location'];
$Location[] = addslashes($nomLocation);
}
$locationConsolidated = "'".join("','", $Location)."'";

And use this $locationConsolidated as ...

where computer.computer_name like '%".$critere."%' and location.location in ($locationConsolidated)

edited Apr 07 '17 at 13:38

answered Apr 06 '17 at 14:51

Abhisek Malakar

867
1
10
18

It's exactly what I need, my issue it's : search can't find any records where they suppose to have some! – Nexis Apr 06 '17 at 15:12
Yes, but now, he didn't give me any records in my database and just tell me : No recording (message when data give nothing) – Nexis Apr 06 '17 at 15:40
Or, give me that's impossible to Unable to execute query in database and if put in ('$locationConsolidated'), don't give any result, only the message above – Nexis Apr 06 '17 at 16:44
I have updated my answer a single quote was missing while preparing the the final string, just try it now, and let me know. And if the query does not give any result, then echo the query and provide the generated query here – Abhisek Malakar Apr 07 '17 at 07:01
I provide it in my question at the end of it! – Nexis Apr 07 '17 at 13:03
I just want the real query which is being delivered to the mysql server, I mean the replacing the variable with their value. Hope you understand what I want to say – Abhisek Malakar Apr 07 '17 at 13:13
To be sure, like if I take one in the database? with all value? – Nexis Apr 07 '17 at 13:31
in my asnwer the array_join method is replaced with "join" method, can you give that a try – Abhisek Malakar Apr 07 '17 at 13:38
Yes, I try it and give me nothing on my page, even not my search option – Nexis Apr 07 '17 at 13:41
Does the variable `$nomLocation` holds anything? Try `print_r($nomLocation)` and `print_r($Location)` – Abhisek Malakar Apr 07 '17 at 14:04
$nomLocation = Summerside, $Location = Array ( [0] => InBound [1] => Summerside ), I test $locationConsolidated = 'InBound','Summerside', but I was needed to put join and not array_join to see them – Nexis Apr 07 '17 at 14:19
Yes, I already edited my answer, and you say that stil the result end query is `..in ()` , means nothing inside the `IN` match? Seems very strange – Abhisek Malakar Apr 07 '17 at 14:39
Yes, I have some results, but nothing going in the query – Nexis Apr 07 '17 at 15:19
It simply means where you write or execute the query , there the variable $locationConsolidated get lost , the scope of this variable is different – Abhisek Malakar Apr 07 '17 at 15:55
I find my error. I have a function and i put a part outside the function, that's why. I put in at the start of my function and $locationConsolidated pass in the query where I need it. Thanks for you're help!! – Nexis Apr 07 '17 at 16:23

How to pass the selected value from select box to a research

1 Answers1