0

I am wanting to use a HTML options selector to filter the posts that my site will show by subject.

For example, if the user selects the subject Computer Science in the options, it will only show posts that have a 'post_subject' value of compSci.

However currently when I click the 'filter' button, it just shows all the posts from the database.

Here is an example of a post in the database: The image shows the database tables

Edit: after trying what was suggested in the comments, when filtered (other than for all subjects) it is returning nothing even though there are posts for each subject saved in the database

<div class="post">
    <form name="writeForm" method="post">
        <label for="subjectView">Choose a subject:</label>
        <select name="subjectView" id="subjectView">
            <optgroup label="SubjectsView">
                <option value="all">All Subjects</option>
                <option value="CompSci">CompSci</option>
                <option value="Economics">Economics</option>
                <option value="Maths">Maths</option>
                <option value="Music">Music</option>
                <option value="English">English</option>
            </optgroup>
        </select>
        <p><input type="submit" value="Filter"></p>
    </form>
<?php
if ($_POST['subjectView'] = 'all') {
    $sql = "SELECT * FROM tblPosts ORDER BY post_date DESC";
    $result = $connect->query($sql);
    if ($result->num_rows > 0) {
        while($row = $result->fetch_assoc()) {
            echo "<div class=\"post\"> <h2> Username: " . $row["user_name"] . "</h2></div>";
            echo "<div class=\"postCont\"> <p>" . $row["post_contents"] . "</p></div>";
            echo "<div class=\"post\"> <p>" . $row["post_date"] . "</p></div>";
        }
    } else {
        echo "0 results";
    }
} else {
    $sql = "SELECT * FROM tblPosts ORDER BY post_date DESC WHERE post_subject = {$_POST['subjectView']}";
    $result = $connect->query($sql);

    if ($result->num_rows > 0) {
        while($row = $result->fetch_assoc()) {
            echo "<div class=\"post\"> <h2> Username: " . $row["user_name"] . "</h2></div>";
            echo "<div class=\"postCont\"> <p>" . $row["post_contents"] . "</p></div>";
            echo "<div class=\"post\"> <p>" . $row["post_date"] . "</p></div>";
        }
    } else {
        echo "0 results";
    }
}

If you would like any clarification please ask :)

Sam
  • 13
  • 7
  • If you need to update/filter the results when an option is selected, you will need to use JavaScript, not necessarily PHP. – Brandon McConnell May 12 '21 at 14:34
  • 2
    `$_POST['subjectView'] = 'all'` one `=` _sets_ a value, use `==` or `===` for comparison – brombeer May 12 '21 at 14:34
  • Ah that is a shame, my javascript knowledge is practically non-existent – Sam May 12 '21 at 14:35
  • 1
    And while we are here your query for search by subject is wrong. `ORDER BY` goes AFTER the WHERE clauses – RiggsFolly May 12 '21 at 14:36
  • If you're ok with selecting an option, then submitting the form there's no need for Javascript – brombeer May 12 '21 at 14:36
  • Richard Ignore the Javascript comment, @BrandonMcConnell obviously got the wrong end of the stick – RiggsFolly May 12 '21 at 14:37
  • I wanted to try keep it all on one page, would I still be able to do it that way with submitting the form? The main issue I think I am having is how I am getting the $_POST data out of this form... if that makes any sense at all @brombeer. Also thank you for your comment about the use of `=` and `==`. I always seem to forget about that – Sam May 12 '21 at 14:38
  • And Richard, if you mod the code for every error pointed out, the question and comments are going to look a bit stupid. **Please dont fix the code on the fly** – RiggsFolly May 12 '21 at 14:40
  • @RiggsFolly thanks for the heads up, Im new to this sorry. – Sam May 12 '21 at 14:41
  • If you still have an issue after changing the `=` to an `==` than add additional info to the question, or maybe ask another question as its supposed to be one question per question :) – RiggsFolly May 12 '21 at 14:43
  • I have tried just echoing the ```$_POST['subjectView']``` and this shows the correct subject which leads me to believe it might be an error with the SQL statement. – Sam May 12 '21 at 14:54
  • 1
    check @RiggsFolly comment - SELECT whatever FROM table_name WHERE column_name = something ORDER BY id DESC/ASC – Angel Deykov May 12 '21 at 14:55
  • 1
    `{$_POST['subjectView']}` in your query is a string, so ... it would need quotes. Might want to use prepared statements – brombeer May 12 '21 at 14:58
  • 1
    Your script is open to [SQL Injection Attack](http://stackoverflow.com/questions/60174). Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187) You should alway use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) in either the `MYSQLI_` or `PDO` API's instead of concatenating user provided values into the query. Never trust ANY user input! – RiggsFolly May 12 '21 at 15:07
  • Is this PHP code intended to update the content whenever the user updates their selected option? How can PHP achieve this without making use of JavaScript or AJAX, @RiggsFolly? – Brandon McConnell May 12 '21 at 21:04

0 Answers0