1

I'm making a online shopping item page,

it gets the 'item_id' to loop through a item info db to show its info on the page(price,image,name,whatev)

while using that same 'item_id' to loop through an inventory table(the inventory table has color_id, size_id ,item_id and storage_id) to render a drop down menu(select) to show its color options of that specific item,

i'm using ajax to get the size options of that color_id from the same inventory table. but i can't get the both 'item_id' and color_id passed through the color to narrow down the query together with color_id .

is there a way that i can pass both color_id and item_id through the rendered color to query in inventory table to get the storage_id? because right now i can't narrow it down the the specific item, it gets the size option of a specific color(color_id) but of all items, if without item_id

basically i'm trying to filtering down to the specific storage_id using two drop down menu(color_id ,size_id and product_id) of same table. but having trouble passing 2 (or multiple) values at once.

hope this makes sense?

<select class="form-control" id="colorSelector" onchange = "getSize(this.value)">
   <option value="">Select Color</option>
    <?php show_color_option()?>  --->this is another function to render the colors using item_id
</select>

function getSize(val){
$.ajax({
    type:'POST',
    url:'sizeoptions.php',
    data:"color_id="+ val,
    success:function(data){
        $('#sizeSelect').html(data);
    }
  });
 }
 function getSku(val){
   
  }

///////////////////////////////////sizeoptions.php//////////////////

 <?php

if(isset($_POST['color_id'])){
$query = query("SELECT size_id FROM inventory WHERE color_id = 
".escape_string($_POST['color_id'])." GROUP BY size_id ");

confirm($query);

while($row = fetch_array($query)){
$p_size = display_size($row['size_id']);

$size_options = <<<DELIMETER
<option value="{$row['size_id']}"> {$p_size} </option>

DELIMETER;
      echo $size_options;
    }

}



?>
Dharman
  • 30,962
  • 25
  • 85
  • 135
lycheelichi
  • 185
  • 1
  • 2
  • 9
  • 1
    It's better to use placeholders instead of concatenated text since their secure processing is kept by SQL – astentx Oct 19 '20 at 08:35
  • @Dharman thank you for pointing it out. super newbie here. what do parameterized prepared statements look like? :( – lycheelichi Oct 19 '20 at 13:49
  • You can learn more here https://phpdelusions.net/sql_injection and https://stackoverflow.com/questions/7537377/how-to-include-a-php-variable-inside-a-mysql-statement as well as here https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?noredirect=1&lq=1 – Dharman Oct 19 '20 at 13:50
  • @Dharman thank you! somethign like this? : $query = "SELECT product_size_id FROM product_inventory WHERE color_id = ? AND itemt_id = ? "; global $connection; $stmt = mysqli_stmt_init($connection); if(!mysqli_stmt_prepare($stmt, $query)){ echo "statement failed"; }else{ mysqli_stmt_bind_param($stmt,"ii", $color_id, $item_id); mysqli_stmt_execute($stmt); $result = mysqli_stmt_get_result($stmt) – lycheelichi Oct 20 '20 at 03:46
  • @Dharman do i need to apply it to every query in all the codes of my site? thanks! – lycheelichi Oct 20 '20 at 03:48
  • Yes, you need to apply it to every query that takes parameters. It's a good practice to use it everywhere. – Dharman Oct 20 '20 at 10:54

1 Answers1

2

You can get extra information from select box using attributes.

<select class="form-control" id="colorSelector" onchange = "getSize()">
    <option value="xyz" extra-attr="abc">Select Color</option>
</select>

function getSize(){
    var selectedXYZ = $("#colorSelector").val();
    var selectedABC = $("#colorSelector").find("option:selected").attr('extra-attr');

}
Aju John
  • 2,214
  • 1
  • 10
  • 27