-1

I have created a form that is meant to use PHP to pull employer information from a mySQL table based on the needs of a job developer. I am able to select rows from the table when the input is "text" but am having trouble selecting rows where I used checkboxes or radio buttons. Any assistance is appreciated.

Here is part of my form code:

<h2>Find an employer:</h2><br>
    <form action="phpdoc_JDspecsearch.php" method="POST">
       <label for="city">City</label><br>
       <input type="text" id="city" name="city"><br><br>
       <input type="checkbox" id="ft" name="ft" value="1">
       <label for="ft">Full-time</label>
       <input type="checkbox" id="pt" name="pt" value="1">
       <label for="pt">Part-time</label><br><br>
       <label for="minwage">Minimum Acceptable Wage (hourly)</label><br>
       <input type="number" id="minwage" name="minwage" maxlength="3"><br><br>

Here is what I have in PHP:

$city = $_POST['city'];
$ft = $_POST['ft'];
$pt = $_POST['pt'];
$minWage = $_POST['minwage'];

$pt1 = isset($pt);
$ft1 = isset($ft);

$sql = "select * from EmployerInfo where City='$city' AND minWage>=$minWage AND (($pt1=true 
       and partTime='Yes') or ($ft1=true and fullTime='Yes'))";

$result = $conn->query($sql);


if ($result->num_rows > 0) {
   while($row = $result->fetch_assoc() ) {
      echo "<h3>";
      echo $row["companyName"]." </h3> <h4> 
        ".$row["Address"]." <br> ".$row["City"]." ".$row["State"]." ".$row["Zip"]." <br> 
        ".$row["minWage"]."";
      echo "</h4>";
}
}

else {
    echo "<h3>";
    echo "0 records";
    echo "</h3>";
}

Finally, here is some of my mySQL table. Note that I am only looking at City, fullTime, partTime, and minWage at this time:

mySQLtable

My main issue is that I only am getting results when both Full-Time/Part-Time boxes are checked. If I only check one box then I get 0 results when there should still be multiple results. Any help? Apologies, as I know my code isn't the cleanest or most efficient at times.

SethH
  • 3
  • 1
  • 2
    **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) – Dharman Sep 18 '21 at 18:52

1 Answers1

2

Because the $pt and $ft does not have a value of "yes" but has a value of 1 so when only one box is checked, both the condition fails.

Try This:

$sql = "select * from EmployerInfo where City='$city' AND minWage>=$minWage AND (($pt1=true 
       and partTime=1) or ($ft1=true and fullTime=1))";
Ruvee
  • 8,611
  • 4
  • 18
  • 44
Arsalan Khan
  • 146
  • 8
  • Thanks for your answer. Unfortunately, this still does not seem to work. fullTime and partTime are columns in my table that have values of either "Yes" or "No". Do I need to change the values to 1 instead of "Yes" in mySQL? I am fairly new at this, so perhaps I am not understanding correctly. – SethH Sep 18 '21 at 21:06
  • I think when you check only one box then the execution of script stops at either $ft = $_POST['ft']; or $pt = $_POST['pt']; because one of them does not in the global $_POST . You should do `if(isset($_POST['ft']){$ft1 = $_POST['ft'] }` and the same for $pt – Arsalan Khan Sep 19 '21 at 08:21