Search query by size in PHP

Question

I want my site to search for any product that belonged to particular size when clicked any size option in the select input menu on mobile version like shop by size menu in www.brastop.com on mobile version. My problem is on how to extract size variable from option tag and put it in the select query in sizeresult.php. below are my codes:

for select menu



    <option selected disabled>Select Your size:</option>
    <?php

    $get_sizes = "select * from sizes";
    $run_sizes = mysqli_query($dbc,$get_sizes);

    while ($row_sizes=mysqli_fetch_array($run_sizes)){

        $size_id = $row_sizes['size_id'];
        $size_name = $row_sizes['size'];

        echo "

          <option value='sizeresults.php?$size_id'> $size_name </option>


          ";

    }

    ?>
</select>

my problem is how to extract the $size_name from option tag and put it in between the two single quotes after the WHERE CLAUSE on the first line in the next code snipet where I wrote sizes.size = ='%$size_name%'

for sizeresult.php


$run_products = mysqli_query($dbc,"SELECT * FROM products INNER JOIN SIZES USING (size_id) WHERE sizes.size ='%$size_name%'");
while($row_products=mysqli_fetch_array($run_products)){

   $pro_id = $row_products['product_id'];

   $pro_title = $row_products['product_title'];

   $pro_price = $row_products['product_price'];

   $pro_sale_price = $row_products['product_sale'];

   $pro_url = $row_products['product_url'];

   $pro_img1 = $row_products['product_img1'];

   $pro_label = $row_products['product_label'];

   $manufacturer_id = $row_products['manufacturer_id'];

   $get_manufacturer = "select * from manufacturers where manufacturer_id='$manufacturer_id'";

   $run_manufacturer = mysqli_query($dbc,$get_manufacturer);

   $row_manufacturer = mysqli_fetch_array($run_manufacturer);

   $manufacturer_title = $row_manufacturer['manufacturer_title'];

   if($pro_label == "sale"){

       $product_price = " <del> NGN $pro_price </del> ";

       $product_sale_price = "/ NGN $pro_sale_price ";

   }else{

       $product_price = "  NGN $pro_price  ";

       $product_sale_price = "";

   }

   if($pro_label == ""){

   }else{

       $product_label = "

           <a href='#' class='label $pro_label'>

               <div class='theLabel'> $pro_label </div>
               <div class='labelBackground'>  </div>

           </a>

       ";

   }

   echo "

       <div class='col-md-4 col-sm-6 center-responsive'>

           <div class='product'>

               <a href='$pro_url'>

                   <img class='img-responsive' src='admin_area/product_images/$pro_img1'>

               </a>

               <div class='text'>

               <center>

                   <p class='btn btn-primary'> $manufacturer_title </p>

               </center>

                   <h3>

                       <a href='$pro_url'>

                           $pro_title

                       </a>

                   </h3>

                   <p class='price'>

                   $product_price &nbsp;$product_sale_price

                   </p>

                   <p class='button'>

                       <a class='btn btn-default' href='$pro_url'>

                           View Details

                       </a>

                       <a class='btn btn-primary' href='$pro_url'>

                           <i class='fa fa-shopping-cart'></i> Add to Cart

                       </a>

                   </p>

               </div>

               $product_label

           </div>

       </div>

       ";

}


?>

start with using **prepared statements with parameters** to prevent **sql inkection** — nbk, Aug 04 '20 at 15:55
**Warning:** You are wide open to [SQL Injections](https://stackoverflow.com/a/60496/1839439) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) — Dharman, Aug 04 '20 at 15:55

waanofii.tech · Accepted Answer · 2020-08-05T10:25:18.170

1

Here are things you can do to fix your code.

write your form as following.

 <form action="sizeresults.php" method="POST"><!-- use post method not must but safe -->
 <select name="size"  onchange="this.form.submit()"><!-- i assumed the select name to be size -->
     <option selected disabled>Select Your size:</option>
     <?php
         $get_sizes = "select * from sizes";
         $run_sizes = mysqli_query($dbc,$get_sizes);
         while ($row_sizes=mysqli_fetch_array($run_sizes)){
             $size_id = $row_sizes['size_id'];
             $size_name = $row_sizes['size'];
             echo "<option value='$size_name'> $size_name </option>";//changed value
         }
     ?>
 </select>

add the following line right above $run_products = mysqli_query(... in sizeresults.php file.

$size_name=$_POST['size']; //used to get the value of option to be used in query.

edited Aug 05 '20 at 10:25

answered Aug 04 '20 at 16:03

waanofii.tech

311
1
12

on sizeresults.php it was saying Undefined index size when I added $size_name=$_POST['size']; I also changed it to i if(isset($_GET['size'])) { $size_name = $row_sizes['size']; it did not complain but it was not displaying the search product, it was just displaying blank product after header – Sunday Olaoye Aug 04 '20 at 16:48
why are you using GET again? don't forget to change the – waanofii.tech Aug 04 '20 at 17:26
why are you using GET again? don't forget to change the – waanofii.tech Aug 04 '20 at 17:27
I am also using the same select tag name "size" but is like the POST[size] is not extracting the size name from select input. Could it be because we are not using submit button, I know if the submit button has the name = ''size' it will pass the size name to the other page but we can't use submit button in this situation – Sunday Olaoye Aug 05 '20 at 06:46
@SundayOlaoye could you please post your whole html form tag it might help to analyse? – waanofii.tech Aug 05 '20 at 09:10
is just one of the menu on Navigation bar

Sunday Olaoye

Aug 05 '20 at 10:05

Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/219254/discussion-between-waanofii-tech-and-sunday-olaoye). – waanofii.tech Aug 05 '20 at 10:25

I have updated the answer and tested it on my system and it worked, i have added onchange value to select tag and also please remove the sizeresults.php?$size_name from option tag and only write $size_name in option tag value. if it worked let me know and also don't forget to upvote the answer it will help someone else to know the right answer. let us know. – waanofii.tech Aug 05 '20 at 10:30

@SundayOlaoye i'm really glad to hear that.did my answer helped you? then show respect with the triangle button near the answer. – waanofii.tech Aug 05 '20 at 17:56

score 1 · Answer 2 · answered Aug 04 '20 at 16:36

1

Need to capture select change event and get the value/id from select box.
Send ajax request on 'search.php' and send response.
Receive ajax response.

answered Aug 04 '20 at 16:36

Atul Nandeshwar

5
2

Search query by size in PHP

2 Answers2