dynamically get data based on different button submission

Question

I have 3 buttons to submit. let's say button A, B, C. Each button press gonna bring data from DB based on the button press. But the template of data is the same.

my question is it possible to dynamically change the query. especially WHERE field in the query.

$sql = "SELECT Name FROM DevicesList WHERE Device='A' ";

What I want is WHERE part should change based on Button press.

//my forms are as follows
    <div class="button_style1">
      <form action="displayData.php" method="get" target="_blank">
        <input type="submit" id ="mybutton1" value="A" />
      </form>
    </div>

    <div class="button_style2">
      <form action="displayData.php" method="get" target="_blank">
        <input type="submit" id ="mybutton2" value="B" />
      </form>
    </div>


    <div class="button_style3">
      <form action="displayData.php" method="get" target="_blank">
        <input type="submit" id ="mybutton3" value="C" />
      </form>
    </div>

//I am trying to avoid creating different pages for each button press. Just one page (displayData.php) but with different data based on button press.

why not just use the value of the button (if you gave all the buttons the same name) - isn't it posted with the form if it is pressed in php? — Pete, Apr 01 '19 at 12:44

Pupil · Answer 1 · 2019-04-01T12:46:46.460

2

Yes, definitely you can do it.

Give same name to each elements:

<input type="submit" name="submit" id ="mybutton1" value="A" />

And in the posted form, get which button is submitted:

if (isset($_POST['submit')) {
 if ($_POST['submit']) {
  $var = mysqli_real_escape_string($_POST['submit']);
  $sql = "SELECT Name FROM DevicesList WHERE Device='" . $var . "'";
 }
}

At one time, only one submit button will submit.

Therefore, you will every time get the name of the submit button and that is what you are comparing in SQL.

edited Apr 01 '19 at 12:46

answered Apr 01 '19 at 12:40

Pupil

23,834
6
44
66

This is vulnerable to SQL injections. – Cid Apr 01 '19 at 12:45
[mysqli_real_escape_string](https://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) isn't safe against SQL injections – Cid Apr 01 '19 at 12:47

score 0 · Answer 2 · answered Apr 01 '19 at 12:37

0

You can use hidden fields to pass some datas.

In example :

<div class="button_style1">
  <form action="displayData.php" method="get" target="_blank">
    <input type="hidden" name="MyHiddenData" value="A">
    <input type="submit" id ="mybutton1" value="A" />
  </form>
</div>

<div class="button_style2">
  <form action="displayData.php" method="get" target="_blank">
    <input type="hidden" name="MyHiddenData" value="B">
    <input type="submit" id ="mybutton2" value="B" />
  </form>
</div>


<div class="button_style3">
  <form action="displayData.php" method="get" target="_blank">
    <input type="hidden" name="MyHiddenData" value="C">
    <input type="submit" id ="mybutton3" value="C" />
  </form>
</div>

And then, in displayData.php

$MyDevice = $_GET['MyHiddenData'];

answered Apr 01 '19 at 12:37

Cid

14,968
4
30
45

how to change the WHERE field in query? something like WHERE Device= ".$MyDevice" – master_yoda Apr 01 '19 at 12:40
Something like this, yes. You want to use prepared statements with [mysqli](https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php) or [PDO](https://www.php.net/manual/en/pdo.prepared-statements.php) or whatever you are using to query your DB to avoid [SQL Injections](https://en.wikipedia.org/wiki/SQL_injection) – Cid Apr 01 '19 at 12:44
Just don't be lazy about prepared statements – Cid Apr 01 '19 at 13:00

score 0 · Answer 3 · answered Apr 01 '19 at 13:16

You can do this like below.

<div class="button_style1">
    <form action="displayData.php" method="get"  target="_blank">
        <input type="submit" name="submit" id ="mybutton1" value="A" />
    </form>
</div>

<div class="button_style2">
    <form action="displayData.php" method="get" target="_blank">
        <input type="submit" name="submit" id ="mybutton2" value="B" />
    </form>
</div>


<div class="button_style3">
    <form action="displayData.php" method="get" target="_blank">
        <input type="submit" name="submit" id ="mybutton3" value="C" />
    </form>
</div>

on the displayData.php

if (isset($_GET['submit']) && in_array($_GET['submit'], array('A', 'B', 'C'))) {
    $variable = mysqli_real_escape_string($con, $_GET['submit']); //$con - database connection object
    $sql = "SELECT Name FROM DevicesList WHERE Device='" + $variable + "' ";
}

dynamically get data based on different button submission

3 Answers3