SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Enthusiast tjk's Avatar
    Join Date
    May 2006
    Location
    Melbourne, Australia
    Posts
    50
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    SELECT problem with multiple values

    Hi all,
    Not sure if this is more appropriate here or in the PHP threads...

    I have a form with a dropdown select menu of location names in it. As well as selecting one particular location, I want users to be able to choose an option which selects all...

    HTML Code:
    <select name="searchState" id="searchState" class="large">
    	<option selected="selected" value=" IS NOT NULL">All States</option>
    	<option value="='ACT'">ACT</option>
    	<option value="='NSW'">New South Wales</option>
    	<option value="='NT'">Northern Territory</option>
    	<option value="='QLD'">Queensland</option>
    	<option value="='SA'">South Australia</option>
    	<option value="='TAS'">Tasmania</option>
    	<option value="='VIC'">Victoria</option>
    	<option value="='WA'">Western Australia</option>
    </select>
    Problem is, that as you can see in the option values, I have to insert =' before the real value and ' after it -- this creates a security issue with regards to PHP. I don't want to have to use the ' character in my values.

    How can I improve this to have "clean" values and not tweak them to accommodate the "IS NOT NULL"? When I call the SELECT query is there a way that I can either have one single state value (eg. "QLD") or every value in the list?

    Current query:
    Code:
    SELECT * FROM places WHERE theState$searchState
    Not too sure I've explained this very well but thanks in advance,
    Tim

  2. #2
    An average geek earl-grey's Avatar
    Join Date
    Mar 2005
    Location
    Ukraine
    Posts
    1,403
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote values on the server-side:
    Code php:
    $value = @$_GET['value'];
    if (!empty($value)) {
      $cond = "theState = '" . mysql_real_escape_string($value, $conn) . "'";
    } else {
      $cond = 'theState IS NOT NULL';
    }
    mysql_query("SELECT * FROM places WHERE $cond", $conn);

  3. #3
    SitePoint Enthusiast tjk's Avatar
    Join Date
    May 2006
    Location
    Melbourne, Australia
    Posts
    50
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks earl-grey

  4. #4
    SQL Consultant gold trophysilver trophybronze trophy
    r937's Avatar
    Join Date
    Jul 2002
    Location
    Toronto, Canada
    Posts
    39,340
    Mentioned
    63 Post(s)
    Tagged
    3 Thread(s)
    while that works, i think it's inflexible

    what happens when you want the dropdown to allow the MULTIPLE option?
    rudy.ca | @rudydotca
    Buy my SitePoint book: Simply SQL
    "giving out my real stuffs"


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •