0

I am working on a website that allows the user to initially select his destination and then show results of four categories on the basis of the preferences that he selects from the check boxes. I am unable to post the value of the option selected in the drop down list using session variable to another webpages. Without pressing any submit button I want to pass the value selected in the drop down list to several pages. I have seen many previous posts related to the issue but found none of them helpful. My code with the drop down list is below:

index.php

        <div class="dropdownstay">
            <select  name="city" class="option3" id="dropdown">
                <option  value="1" id="lhr" style="font-size:20px; font-family:Monotype Corsiva;" >Lahore</option>
                <option value="2" id="dub" style="font-size:20px; font-family:Monotype Corsiva;">Dubai </option>
                <option  value="3" id="new"  style="font-size:20px; font-family:Monotype Corsiva;">Newyork</option>
                <option value="4" id="can"style="font-size:20px; font-family:Monotype Corsiva;">Canberra</option>
                <option  value="5" id="kl" style="font-size:20px; font-family:Monotype Corsiva;">Kuala Lampur</option>
                <br>

        </select>
        </form>
        <?php 
     session_start();
     if(isset($_POST['city']))
     $selected_city = $_POST['city'];
     ?> 
        <!--end for drop down -->
</div>

                                                                         </div>                 
                                                                     </li>
                                                                </ul>
                                                            </div>
                                                            <div class="reservation">
                                                                <ul>    
                                                                     <li  class="span1_of_1">
                                                                         <h5>What you want in hotel?</h5>
                                                                         <br>
                                                                         <form action="checkbox_value.php" method="post">

        <section title="preferences">
      <input type="checkbox" value="is_pool" id="pool" name="check_list[]" checked /> 
      <text style="font-size:20px; font-family: Times New Roman;"> Pool </text>
      <br/>
      <input type="checkbox" value="is_gym" id="gym" name="check_list[]" checked />
      <text style="font-size:20px; font-family: Times New Roman;"> Gym </text>
      <br/>
      <input type="checkbox" value="is_beach" id="beach" name="check_list[]" />
      <text style="font-size:20px; font-family: Times New Roman;"> Beach </text>
      <br/>
      <input type="checkbox" value="is_spa" id="spa" name="check_list[]" />
      <text style="font-size:20px; font-family: Times New Roman;"> Spa </text>
      <br/>
      <input type="checkbox" value="is_wifi" id="wifi" name="check_list[]" checked /> 
      <text style="font-size:20px; font-family: Times New Roman;"> Wifi </text>
      <br/>
      <input type="checkbox" value="is_familyoriented" id="family" name="check_list[]"/>
      <text style="font-size:20px; font-family: Times New Roman;"> Family </text>
      <br/>
      <input type="checkbox" value="is_economical" id="economical" name="check_list[]" />
      <text style="font-size:20px; font-family: Times New Roman;"> Economical </text>
      <br>
      <br>
      <br>
      <br>
  </section>
                                                                                <div>
                                                                                <input type="submit" name="submit" value="Submit" style="color: orange;" />
                                                                                </div>
                                                                                <?php include 'checkbox_value.php';?> 

                                                                             </form>

                                                                     </li>

                                                                    <!--

The code that retrieves data for each category is "checkbox_value.php". I want to access the value of the variable "city" on total 4 pages like this page.

Checkbox_value.php

<?php
class MyDB extends SQLite3
{
    function __construct()
    {
        $this->open('mytrip.db');

    }
}
$db = new MyDB();
if(!$db){
    echo $db->lastErrorMsg();
} else {

}

$hotelOptions = array('is_pool', 'is_gym', 'is_spa', 'is_wifi', 'is_beach', 'is_familyoriented', 'is_economical');
$countOptions = array(
    'is_pool' => 'pool_count',
    'is_gym' => 'gym_count',
    'is_spa' => 'spa_count',
    'is_wifi' => 'wifi_count',
    'is_beach' => 'beach_count',
    'is_familyoriented' => 'family_count',
    'is_economical' => 'econo_count',
);
//$cities = array(1 => 'Dubai');


if (isset($_POST['submit'])) {
   // $selected_city= $_POST['city'];
    if (!empty($_POST['check_list']) && is_array($_POST['check_list'])) {
        $profpic = "images/Yellow.jpg";
        echo "<p> Destination: ".$selected_city ."</p>";
        // Counting number of checked checkboxes.
        $checked_count = count($_POST['check_list']);
        echo "You have selected following ".$checked_count." option(s): <br/>";
        // Loop to store and display values of individual checked checkbox.
        $where = '';
        $order = '';
        foreach($_POST['check_list'] as $selected) {
            echo "<p>".$selected ."</p>";
            if (array_search($selected, $hotelOptions) !== false) {
                $where .= " AND {$selected} = 1";
                $order .= " {$countOptions[$selected]} DESC,";
            }
        }
        $where = substr($where, 5, strlen($where));
        $order = substr($order, 0, strlen($order) - 1);
        //echo "<p>".$where ."</p>";
        //echo "<p>".$order ."</p>";
         session_start();
    $id=$_SESSION['Id'];
    $city=$_SESSION['selected_city'];
        if (isset($city)) {
            $sql = "SELECT hotel_name FROM ".$city." WHERE ".$where." ORDER BY ".$order.";";
           // echo "<p>".$sql ."</p>";
            $ret = $db->query($sql);
            session_start();
            $id=$_SESSION['Id'];
            $ar= array();
            $i=0;
            while($row = $ret->fetchArray(SQLITE3_ASSOC) ){
                echo "<p> <br /></p>\n";
                echo "\n". $row['hotel_name'] . "\n";
                $ar[$i]= $row['hotel_name'];
                $i++;
            }


            if (is_array($ar))
             {
                foreach ($ar as $value)
                {
                   echo "<p> Array is " .$value. "<p>";
                   $sql= "INSERT INTO Search (Id, History)
      VALUES ('$id','$value')";
                   $ret = $db->query($sql);
                }
            }


        }
    } else {
        echo "<b>Please Select Atleast One Option.</b>";
    }
    $db->close();
}

?>

<html>
<head>
<style type="text/css">

body {
background-image: url('<?php echo $profpic;?>');
}
</style>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

</head>
<body>
</body>
</html>

How can I pass the value selected in the drop down list and be able to access it on multiple pages without submitting it using session variable?

MimiJam
  • 69
  • 11
  • Please read the guide [**How do I ask a good question?**](https://stackoverflow.com/help/how-to-ask) to improve your question! – sidyll May 08 '17 at 18:38
  • 1
    Your code is vulnerable to [**SQL injection**](https://en.wikipedia.org/wiki/SQL_injection) attacks. You should use [**mysqli**](https://secure.php.net/manual/en/mysqli.prepare.php) or [**PDO**](https://secure.php.net/manual/en/pdo.prepared-statements.php) prepared statements with bound parameters as described in [**this post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). – Alex Howansky May 08 '17 at 18:38
  • Maybe storing the selected city in session instead of checking the POST could be an option for you – egvaldes May 08 '17 at 18:56
  • The code `if (!$db){ echo $db->lastErrorMsg(); }` doesn't make any sense. If `$db` is [false (`FALSE`, `NULL`, `0`, ""`)](http://php.net/manual/en/types.comparisons.php) then it is definitely not an object and it doesn't have the `lastErrorMsg()` method you call. More than that, `$db` is never equal to `FALSE` because you just initialized it with an object on the previous line (`$db = new MyDB();`). – axiac May 08 '17 at 19:00
  • @egvaldes I have tried to post the value of the option "city" selected from the drop down list by using session but still it doesnt post anything on the checkbox_value.php page. Please see the edited code – MimiJam May 09 '17 at 02:06
  • @MinjaNinja ok, I really don't have time to write a proper answare with code and everything but the flow should probably be somthing like this: when the user selects the destination the first time you store it in the session, then every time user does a post you validate if the destination posted is the same than the session, if not, update it, if its the same you can access the session variable in all the pages you need, and you have to set the value of the dropdown to the destination in session until the user changes it or session ends. Hope this helps you. – egvaldes May 09 '17 at 04:04
  • @AlexHowansky please check my edited code and i have highlighted my problem clearly now. Please see if you can help? :) – MimiJam May 09 '17 at 14:00
  • @axiac that works fine in my case. Thats not the problem faced by me. please check my edited code and i have highlighted my problem clearly now. Please see if you can help? :) – MimiJam May 09 '17 at 14:01
  • @sidyll please check my edited code and i have highlighted my problem clearly now. Please see if you can help? :) – MimiJam May 09 '17 at 14:01
  • @MinjaNinja of course it works fine. It's explained in my previous comment why (please ignore its errant formatting). I'll repeat it here: you put an object in `$db` therefore `$db` is not `FALSE`, `if (! $db)` always takes the `else` branch, the "test" is useless (you can put `if (true)` instead, it's the same thing. If you don't put anything in `$db`, `if (! $db)` will execute `echo $db->lastErrorMsg()` and it will crash. The entire `if (! $db)` block is not error checking and handling; it is useless code. – axiac May 09 '17 at 14:29
  • @axiac Please guide me how can I improve this code as I have no knowledge about sqlite3 :( – MimiJam May 09 '17 at 16:40

0 Answers0