0

I'm asking in regards to this question. I have 12 dropdowns that I wish to be posted to a separate page so that I can use them in a query.

Edit: The first dropdown has three options: Student, Alumni Faculty. The second has New York, Paris or London. They are in one form and posted to another page. 

<?php
$selected_options=$_POST;
foreach($selected_options as $key=>$option){
$countValue = count($option);
for($i=0; $i<$countValue; $i++){
    $queryString_start_with_comma .= ",$option[$i]";
}
$queryString_remove_extra_comma= preg_replace("/,/", "", $queryString_start_with_comma, 1);
$query_string_with_and .= " AND $key IN($queryString_remove_extra_comma)"; 
unset($queryString_start);
}
$query_string_second_part_ready = preg_replace("/AND/", "", $query_string_with_and, 1);
$query_string= "SELECT * FROM dummy_table WHERE ".$query_string_second_part_ready;
echo $query_string;
?>

However, when I post my values, it ends up looking like this: "SELECT * FROM dummy_table WHERE role IN(Student) AND city IN(Student,New York)" I'd like them to be separate.

Any help would be much appreciated! :)

Community
  • 1
  • 1
Francesca
  • 71
  • 1
  • 8
  • 3
    What do you mean, "I'd like them to be separate"? You'll also need to wrap the WHERE values in quotes. And you're suuuuper open to SQL injections attacks. – waterloomatt Apr 27 '17 at 14:55
  • I have 12 dropdowns and only mentioned two: select the role of student, alumni, and faculty, and and select the city they live in. The student value is getting grouped with city. And yes, I will adjust for SQL injections, thank you! – Francesca Apr 27 '17 at 14:59

1 Answers1

0

I figured it out .... I didn't complete the full variable when unsetting the variables. "unset($queryString_start);" should be "unset($queryString_start_with_comma);"

And I will make sure to edit to avoid SQL injections.

Francesca
  • 71
  • 1
  • 8