Im building a search form but how do you search a array of checkboxes?
here is my html form
<form method="get">
<label>
<input type="checkbox" name="material[]" value="metal">metal
</label>
<label>
<input type="checkbox" name="material[]" value="plastic">Plastic
</label>
<label>
<input type="checkbox" name="material[]" value="carbon">Carbon
</label>
<input type="text" name="keyword">
<input type="submit" value="search">
</form>
and the php so far is. So how can i search the material for each checked.
<?php
if(isset($_GET['keyword'])){
$keyword = $_GET['keyword'];
// $material = $_GET['material'];
// $Search->search($keyword);
}
?>
ANd the query would be so far
$query = $this->pdo->prepare('SELECT * FROM `shop` WHERE `material` = ?');
When posted this will submit an array named material (accessible via $_GET['material']) that contains only the values that were checked.
You can then use those or output them like this:
foreach ($_GET['material'] AS $material) {
echo $material;
}
Addition after the question was edited:
You can also implode() the array values with ', ' as glue and use that as the search parameter in your SQL statement. Just change it to use IN instead of =, like #Prashant M Bhavsar suggested in his answer.
I think this will help you
Get your submitted material array in variable
$material_array = $_POST['material'];
You can implode array in select query to fetch related result
$selected_search_material = implode(',', $material_array);
SELECT * FROM `shop` WHERE `material` IN ($selected_search_material)
I haven't tested this yet, but since you receive an array ($_get['material'] is already an array), just use the following code with find_in_set;
<?php
$materials = array();
if (array_key_exists('material', $_GET)) {
$materials = $_GET['material'];
}
$query = $this->pdo->prepare('SELECT * FROM `shop` WHERE find_in_set(cast(material as char), :materials');
$query->execute(array('materials' => $materials));
?>
Implode $_GET['material'] and use a different query:
$where = implode(', ',$_GET['material']);
$query = $this->pdo->prepare('SELECT * FROM `shop` WHERE `material` IN ?');
Then use $where in your execute();
You can use $materialValue to store into Database.
<?php
if(isset($_GET['material'])){
$material = $_GET['material'];
foreach($material as $materialIndex){
$materialValue .= $materialIndex.',';
}
}
// use value to store into db
pass $materialValue variable to IN query also remove last "," from string
$materialValue.substring(0,$materialValue.length()-1);
?>
Related
So i am trying to create a HTML front end that can use a text field to search an SQL Database. But there are multiple columns that can be searched, and many columns that contain numbers or letters. The User can search one or many of the columns at a time.
In my own test server, I've tried breaking down the possible queries into dropdown lists; and have switch cases to handle the selections. But this hasn't worked. My ultimate goal would be to have the textbox host all the query data, and have it passed to a prepared statement
So my question; is there a way to make a prepared statement adaptable, to handle single search cases or multiple search case. eg. WHERE column1 LIKE query1 (AND column2 LIKE query2).
Here's a basic concept, obviously you need to do your own validation and sanitizing etc. In your html use an array to hold all the form values:
<form action="#" method="post">
Col1:<br>
<input type="text" name="database[column1]"><br>
Col2:<br>
<input type="text" name="database[column2]"><br>
Col3:<br>
<input type="text" name="database[column3]"><br>
Then process that array to prepare a query
$input = $_POST['database']; // Assign all form variables to $input
$input = array_filter($input, 'strlen'); // Remove any form fields which were submitted with empty values
$where = implode(' AND ', (array_map(function($a){return "'$a' LIKE ?";}, array_keys($input)))); // Assemble your list of WHERE clauses
$statement = $dbo->prepare("SELECT * FROM table WHERE $where");
$statement->execute(array_values($input)); // Execute statement with corresponding variables
You can use this database query to get a list of columns for your table. Then using array_intersect_key you could filter out and column names which were submitted but did not exist in the table
SELECT column_name FROM information_schema.columns WHERE table_name='table';
This maybe long-winded and I am sure there are better approaches where you could loop it out or array. *Col1 text box must have data for this to work due to the "AND", I hope this helps.
<form action="#" method="post">
Col1:<br>
<input type="text" name="Col1"><br>
Col2:<br>
<input type="text" name="Col2"><br>
Col3:<br>
<input type="text" name="Col3"><br>
Col4:<br>
<input type="text" name="Col4"><br>
<input type="submit" name="search" value="Search"><br>
</form>
<br />
<br />
<?php
$SQL_Claus = "";
if (!empty($_POST['Col1'])){
$Col1 = $_POST['Col1'];
$SQL_Claus = $SQL_Claus . " Col1 LIKE " . $Col1;
}
if (!empty($_POST['Col2'])){
$Col2 = $_POST['Col2'];
$SQL_Claus = $SQL_Claus . " AND Col2 LIKE " . $Col2;
}
if (!empty($_POST['Col3'])){
$Col3 = $_POST['Col3'];
$SQL_Claus = $SQL_Claus . " AND Col3 LIKE " . $Col3;
}
if (!empty($_POST['Col4'])){
$Col4 = $_POST['Col4'];
$SQL_Claus = $SQL_Claus . " AND Col4 LIKE " . $Col4;
}
$SQL_Statement = "SELECT * FROM TABLE WHERE ".$SQL_Claus;
echo $SQL_Statement;
?>
This seems to be a common question as I have seen plenty of similar questions.
however, none of the answers actually pointing out how to do the selecting from mysql database and this is my issue as the moment.
basically I have a table which I store the search data in it.
it looks like this:
id blond darkHair busty curvy
---------------------------------------------------
1 blond busty
2 dark hair busty curvy
3 blond curvy
4 blond curvy
and I have a form with checkboxes like so:
<form action="search.php" method="post">
<input name="keyword[]" type="checkbox" value="blond" />
<input name="keyword[]" type="checkbox" value="dark hair" />
<input name="keyword[]" type="checkbox" value="busty" />
<input name="keyword[]" type="checkbox" value="curvy" />
</form>
and the PHP codes like this:
if(isset($_POST['keyword']))
{
$keyword = $_POST['keyword'];
foreach ($_POST['keyword'] as $keyword) {
$keywordarray[] = mysqli_real_escape_string($conx, $keyword);
}
$keywords = implode (",", $keywordarray);
$sql = "SELECT * FROM girlsStaff
WHERE (`blond` LIKE '%".$keyword."%') OR (`darkHair` LIKE '%".$keyword."%') OR (`busty` LIKE '%".$keyword."%') OR (`thin` LIKE '%".$keyword."%')" or die();
$query = mysqli_query($conx, $sql);
Now, apart from converting this code to PDO or prepared statement, there is another issue which I don't understand!
it doesn't matter how many chechboxes i select... it always returns the result for last checked/selected checkbox value from mysql database....
is there something that I am missing?
i also, did echo $keywords at the top of my page to see whats being sent to the page and I get the value of all the selected/checked boxes being sent correctly.. so I know the issue is not there.
any help or advice would be appreciated.
You require to build query dynamically.
<?php
$clause = " WHERE ";//Initial clause
$sql="SELECT * FROM `girlsStaff` ";//Query stub
if(isset($_POST['submit'])){
if(isset($_POST['keyword'])){
foreach($_POST['keyword'] as $c){
if(!empty($c)){
$sql .= $clause."`".$c."` LIKE '%{$c}%'";
$clause = " OR ";//Change to OR after 1st WHERE
}
}
}
echo $sql;//Remove after testing
}
?>
<form method="POST" action="#">
<form action="search.php" method="post">
Blond: <input name="keyword[]" type="checkbox" value="blond" />
Dark Hair: <input name="keyword[]" type="checkbox" value="dark hair" />
Busty : <input name="keyword[]" type="checkbox" value="busty" />
Curvy; <input name="keyword[]" type="checkbox" value="curvy" />
<input type="submit" name="submit" value="Submit">
</form>
Sample queries
2 check boxes filled
SELECT * FROM `girlsStaff` WHERE `dark hair` LIKE '%dark hair%' OR `curvy` LIKE '%curvy%'
4 filled
SELECT * FROM `girlsStaff` WHERE `blond` LIKE '%blond%' OR `dark hair` LIKE '%dark hair%' OR `busty` LIKE '%busty%' OR `curvy` LIKE '%curvy%'
I think that small change from $keyword to $keywords will solve your problem :)
Now you are looking for items like your last value from $_POST['keyword'] array.
This line:
$sql = "SELECT * FROM girlsStaff WHERE (`blond` LIKE '%".$keyword."%') OR (`darkHair` LIKE '%".$keyword."%') OR (`busty` LIKE '%".$keyword."%') OR (`thin` LIKE '%".$keyword."%')" or die();
You should also use IN instead of LIKE if you have list aaa, bbb, ccc...., but then you will look for elements that have exactly same string in those fields.
After change to $keywords you will have:
... WHERE (`blond` LIKE '%".$keywords."%')
will also not work due to it will mean:
... WHERE (`blond` LIKE '%aaa,bbb,ccc%')
If you want to use like (if fields in DB only contain strings from array) then I suggest to build your query in foreach loop. Example:
$sql = "SELECT * FROM girlsStaff WHERE ".
foreach ($_POST['keyword'] as $keyword) {
$sql .= "(`blond` LIKE '%".$keyword."%') OR ";
}
//and here cut last four character " OR " part that will be unusefull
Typos:
$keywords = implode (",", $keywordarray);
^--- with an S
WHERE (`blond` LIKE '%".$keyword."%')
^--- without an S
You're stuffing in your original $_POST['keyword'] array. An array in string context is the literal word Array, so your query is actually executing as
WHERE (`blond` LIKE '%Array%')
I'm updating some countries values into db table. All countries fetch from TBL_COUNTRY table. Then few countries store to another table. I'm using implode function to store multiple values. it works fine. it stored like this in my db table Afghanistan,Argentina,Austria,Bangladesh.
I have tried this code
<?php
$exp_str = explode(',', $model_availability);
foreach($exp_str as $get_str)
{
echo $get_str;
}
?>
This above code return this output AfghanistanArgentinaAustriaBangladesh
How do I put tick on the checkbox based on this value?
<?php
$sql = "SELECT * FROM ".TBL_COUNTRY." ORDER BY country_name ASC";
$exe = mysql_query($sql, $CN);
while($r = mysql_fetch_array($exe))
{
?>
<input type="checkbox" name="model_availability[]" value="<?=$r['country_name']?>" id="<?=$r['country_name']?>" />
<label for="<?=$r['country_name']?>"><?=$r['country_name']?></label>
<?php } ?>
<input type="checkbox" name="model_availability[]" value="<?=$r['country_name']?>" id="<?=$r['country_name']?>"<?=(in_array($r['country_name'],$model_availability)?" checked":"")?> />
//In the input box just add a checked attribute, you will get.
" id="" checked = "true" />
I have the following code:
<?php
$allform = $_POST['allform'];
parse_str($allform, $output);
$allquery = "SELECT * FROM wp_users";
$names = array();
$allresult = mysql_query($allquery) or die(mysql_error()); ?>
...
<?php
while ($rows = mysql_fetch_array($allresult)) {
$names[] = $rows['user_email'];
}
?>
The allform variable is a jQuery serialize string:
var allform = $('form#all').serialize();
Basically, I want to put the values from the form in the front end into a mysql select query in the back end.
The form is a bunch of checkboxes so the idea is that the SELECT something will have different number of values depending on what the user checks. Any ideas?
Thanks
The best thing to do could be something like this. Your checkboxes should be like this
<input type="checkbox" name="checkboxes[]" value="cream" />
<input type="checkbox" name="checkboxes[]" value="choco" />
<input type="checkbox" name="checkboxes[]" value="lime" />
server side you receive an array
$flavours = $_POST["checkboxes"];
$sql = "SELECT ".implode(',', $flavours)." FROM FLAVOURTABLE";
I'm trying to put this,
check_box=147&check_box=148&check_box=146 etc..
into
$delete_selected = $connection->real_escape_string($_POST['check_box'])
$sql = "DELETE FROM categories WHERE cat_id = '$delete_selected'";
but it only deletes the first check_box value. Is there a way to loop through all the values?
You need to change your post vars to have [], i.e. checkbox[]=. Once that's fixed, on to the backend...
Considering you neeed to escape every value, do something like this:
$clean_values = array();
foreach($_POST['check_box'] as $value){
$clean_values[] = $connection->real_escape_string($value);
}
$sql = 'DELETE FROM categories WHERE cat_id in ('.implode(',',$clean_values).')';
BONUS PHP5.3 ANSWER:
array_walk($_POST['check_box'],function(&item) use($connection){
$item = $connection->real_escape_string($item);
});
$sql = 'DELETE FROM categories WHERE cat_id in ('.implode(',',$_POST['check_box']).')';
try
$sql = "DELETE FROM categories WHERE cat_id in '($delete_selected)'";
I may have screwed up the php. the resulting query should liik like
DELETE FROM categories WHERE cat_id in ('cat1', 'cat2', ...)
Self-contained example to play with...
<html>
<head><title>...</title></head>
<body>
<form method="post" action="?">
<p>
<!-- php will parse post fields like check_box[]=xyz as an array, appending new elements to $_POST['check_box'] -->
<input type="checkbox" name="check_box[]" id="c1" value="140" /><label for="c1">140</label><br />
<input type="checkbox" name="check_box[]" id="c2" value="141" /><label for="c2">141</label><br />
<input type="checkbox" name="check_box[]" id="c3" value="142" /><label for="c3">142</label><br />
<input type="checkbox" name="check_box[]" id="c4" value="143" /><label for="c4">143</label><br />
<input type="checkbox" name="check_box[]" id="c5" value="144" /><label for="c5">144</label><br />
<input type="submit" />
</p>
</form>
<?php
if ( isset($_POST['check_box']) && is_array($_POST['check_box']) ) {
echo '<pre> _POST='; var_dump($_POST); echo '<pre>';
// approach #1: treat ids as numbers. Keep the value range of php's integers and MySQL numeric fields in mind
// make sure the elements really are integers
$params = array_map('intval', $_POST['check_box']);
// join the elements to one string like "1,2,3"
$params = join(', ', $params);
// use the IN operator in your WHERE-clause
$sql = "DELETE FROM xyz WHERE cat_id IN ($params)";
echo 'sql1 = ', $sql, "<br />";
// mysql_query($sql, $mysql) or die(mysql_error());
// approach #2: treat ids as strings.
// you need a database connection for mysql_real_escape_string()
$mysql = mysql_connect('localhost', 'localonly', 'localonly') or die(mysql_error());
mysql_select_db('test', $mysql) or die(mysql_error());
// each element has to be escaped and put into single quotes
$params = array_map(
function($e) use ($mysql) {
return "'".mysql_real_escape_string($e, $mysql)."'";
},
$_POST['check_box']
);
// again join them, "'1','2','x'"
$params = join(', ', $params);
// IN operator in WHERE-clause
$sql = "DELETE FROM xyz WHERE cat_id IN ($params)";
echo 'sql2 = ', $sql, "<br />";
// mysql_query($sql, $mysql) or die(mysql_error());
}
?>
</body>
</html>