Hello everyone,
I have a small problem in my php script
In my select I have two types of request, “Show all” that displays all the marks and the other as a parameter query that takes the brand chosen.
When I chose to deal with brand it works, and when I selected after dealing with “Show all”
It works.
What I wanted to make is that the first time, “show all” market will be
Here’s the script:
You have this:
<option ><?php echo "show all" ?></option>
Where there’s no reason to go into PHP mode instead of just writing directly
<option>show all</option>
Anyway, to make that selected by default
<option <?php if (!isset($idr)) echo 'selected="selected"'; ?>>show all</option>
I have no idea where $idr comes from, but that’s the variable you’re using everywhere, so I will assume there’s some magic populating it.
Once you get this part working, please rewrite the whole thing to stop relying on register_globals (disabled by default and deprecated for years) and don’t allow trivial SQL injection attacks on your code.
you can download the entire script?
Pardon me, while I Bogart your code…
Here is the proper way to code this, more or less.
<?php
require_once('connect.php');
connect();
if (!empty($_REQUEST['idr'])) {
$idr = trim(htmlspecialchars(strip_tags($_REQUEST['idr'])));
}
$html = '
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<form action="nchaneteste.php" method="post" id="formulaire">
<strong>Sélectionner Make:</strong>
<select selected="show all" name="make" id="make" onchange="document.forms[\\'formulaire\\'].submit();">
<option>Show all</option>
';
$sql = 'SELECT DISTINCT(make) FROM `cars` ORDER BY `make` LIMIT 30';
$req = mysql_query($sql) or die(mysql_error());
if (mysql_num_rows($req) == 0) {
die('It ain\\'t got no gas, mhmmm.');
}
while($row = mysql_fetch_assoc($req)) {
$make = stripslashes($row['make']);
if ($idr == $make) {
$addMe .= ' selected="selected"';
} else {
$addMe .= '';
}
$html .= '<option value="'.$make.'"'.$addMe.'>'.$make.'</option>';
}
if ($idr != 'Show all' && $idr != '-1') {
$select = 'SELECT * FROM `cars` WHERE `make` = "'. $idr .'" ORDER BY `colour` LIMIT 30';
$result = mysql_query($select) or die(mysql_error());
// this line can be deleted below, if afficher_cars.php does not use the $total variable
$total = mysql_num_rows($result);
} else {
$select = 'SELECT * FROM `cars` ORDER BY `car_id` LIMIT 30';
$result = mysql_query($select) or die(mysql_error());
// this line can be deleted below, if afficher_cars.php does not use the $total variable
$total = mysql_num_rows($result);
}
require_once('afficher_cars.php');
$html .= '
</form>
</body>
</html>
';
echo $html;
?>
Notes:
-
Do not use mysql_fetch_array() unless you need to use an associative array along with a numeric array. Either use mysql_fetch_assoc() for associative or mysql_fetch_row() for numeric. mysql_fetch_array() created a numeric and an associative array.
-
Do not use mysql_free_result() unless you are really sucking up the RAM. In this case, you aren’t. Using mysql_free_result() uses resources in order to free resources and in this case, just not worth the overhead.
-
Do not wrap your strings in double quotes, it causes more overhead as that PHP reads through it to figure out what is a string and what is a variable. It also keeps you from having to backslashe all of your quotation marks.
-
Do not use $_SERVER[‘PHP_SELF’] unless the script name will change often for some odd reason.
-
Store data intoa variable and ech when you need it. This makes the software more scalable and allows the data to be buffered into cache files or output filters.
-
Do not use a while loop to take data from an array only to put it back into an array and loop a second time with foreach just to get it out again. Your original script converts the array to strings and then strings to array and then to strings again. Just silly.
-
Do not use isset(). It does not check for empty strings. Instead use empty(). empty() checks for null values and is superior to isset().
-
You check for passed variables at the beginning of the code, not 3 or 4 times throughout the code. Check for it, validate it, sterilize it and convert it nto a variable at the beginning.
-
Try to never SELECT * in queries. By selecting specific columns you can create a MySQL INDEX for those specific columns to increase data selection performance and lighten the server load.
<h1>the Car Market</h1>
<table border=“1” cellpadding=“2” cellspacing=“0” width=“640”>
<tbody><tr>
<th>ID</th>
<th>Year</th>
<th><form id="frm_make" name="frm_make" method="get" action="index.php">Make | <select name="make" id="make" onchange="document.forms['frm_make'].submit();"><option value="show all">show all</option><option value="aaa">aaa</option><option value="BM">BM</option><option value="BMW">BMW</option><option value="Dodge">Dodge</option><option value="Honda">Honda</option><option value="Mazda">Mazda</option><option value="Mercedes">Mercedes</option><option value="Toyota">Toyota</option><option value="Volvo">Volvo</option></select></form></th>
<th>Model</th>
<th><form id="frm_colour" name="frm_colour" method="get" action="index.php">Make | <select name="colour" id="colour" onchange="document.forms['frm_colour'].submit();"><option value="show all">show all</option><option value="aaaa">aaaa</option><option value="Black">Black</option><option value="Blue">Blue</option><option value="Gold">Gold</option><option value="green">green</option><option value="Red">Red</option><option value="Silver">Silver</option><option value="White">White</option></select></form></th>
<th>Price</th>
</tr>
<tr>
<td>1</td>
<td>2004</td>
<td>BMW</td>
<td>323</td>
<td>Black</td>
<td>$19222.25</td>
</tr>
<tr>
<td>2</td>
<td>2000</td>
<td>Mercedes</td>
<td>C230</td>
<td>Silver</td>
<td>$10001.95</td>
</tr>
<tr>
<td>3</td>
<td>1990</td>
<td>Mercedes</td>
<td>190e</td>
<td>Gold</td>
<td>$5445.95</td>