selection to generate query
Results 1 to 3 of 3

Thread: selection to generate query

  1. #1
    Member
    Join Date
    Apr 2004
    Posts
    49

    selection to generate query

    Hello guys, How I can manage to generate query for mysql database e.g
    Code:
    <select name="fly">
    <option value="k1">kt-403
    <option value="k2">kt-404
    </select>
    when user select 1 of these options, I will generate query on the base of this selection, How I can manage it.
    e.g
    Code:
    mysql_query("select * from table where this='kt-403');
    or something similar

  2. #2
    Senior Member
    Join Date
    Aug 2001
    Posts
    251
    I'm guessing you use php since I recognize mysql_query()...

    Well I can think of several ways...

    You obviously need to pass what is selected back to the script that is going to do the query.

    So, depending if you favor a get or post (I'm going to go with get, for the sake of not saying things twice) method you'll end up with a variable named $_GET['fly'].

    Now the REALLY safe way to do this would be to pass an integer as the value. So instead of k1, just use 1.

    This allows you to do:

    PHP Code:
    $fly intval($_GET['fly']); 
    So that if they try to pass any crap through your argument intval will return 0 (FALSE).

    Then, depending on the number of options, I'd probably do a switch statement like (this is kinda clumsy, but without knowing what the heck you are doing it's the best I could do):
    PHP Code:
    switch ($fly) {
    case 
    1:
        
    $query "SELECT * FROM table WHERE this='kt-403'";
        break;
    case 
    2:
        
    $query "SELECT * FROM table WHERE this='kt-404'";
        break;
    default:
        echo 
    'Jerk, that is not an option.';
    }
    if (
    $query) {
        
    $result mysql_query($query);

    Now, if I were passing that actual value that we are searching for in the db, I'd do
    PHP Code:
    $fly mysql_escape_string($_GET['fly']);
    $query "SELECT * FROM table WHERE this='$fly'";
    $result mysql_query($query);
    //.... 
    I think with a select menu (so long as it isn't dynamically created) you'd probably want to go for the switch method.

    Hope that helps.

    Just don't ever do a "SELECT * FROM table WHERE row=$var" without touching the $var...
    It just begs for an SQL injection attack, and it would suck to go to your site one day and found some jerk had DROPped your db/table...

    Hope that helped. If I was on my other computer I'd paste in some of the links that I've got bookmarked to PHP and MySQL help sites, but I'm not so... guess you'll just have to do a good search.

    Peace,
    Dhej
    The owl of Minerva spreads its wings only with the falling of dusk. -Hegel

  3. #3
    Member
    Join Date
    Apr 2004
    Posts
    49
    here is complete code
    Code:
        <body>
    select 1 of these flights
    <form method="GET">   	 		
    <select name="fly">		 
    <OPTION value="1" selected>kt-403
    <OPTION value="2">kt-404
    <OPTION value="3">kt-405
    </select>
    total seats
    php function

    <?
    function Prin($a)
    {
    echo "<input type=text value=$a>"; #display text field
    }

    if ($fly[2]==selected) #how to make condition
    {
    Prin(63);

    }
    if ($fly[3]==selected) #how to make condition
    {
    Prin(233);

    }
    ?>
    </form>

    here is problem, that user select kt-404, the value in text field should be 63 and so on

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides