Results 1 to 3 of 3

Thread: selection to generate query

  1. #1

    selection to generate query

    Hello guys, How I can manage to generate query for mysql database e.g
    <select name="fly">
    <option value="k1">kt-403
    <option value="k2">kt-404
    when user select 1 of these options, I will generate query on the base of this selection, How I can manage it.
    mysql_query("select * from table where this='kt-403');
    or something similar

  2. #2
    Senior Member
    Join Date
    Aug 2001
    I'm guessing you use php since I recognize mysql_query()...

    Well I can think of several ways...

    You obviously need to pass what is selected back to the script that is going to do the query.

    So, depending if you favor a get or post (I'm going to go with get, for the sake of not saying things twice) method you'll end up with a variable named $_GET['fly'].

    Now the REALLY safe way to do this would be to pass an integer as the value. So instead of k1, just use 1.

    This allows you to do:

    PHP Code:
    $fly intval($_GET['fly']); 
    So that if they try to pass any crap through your argument intval will return 0 (FALSE).

    Then, depending on the number of options, I'd probably do a switch statement like (this is kinda clumsy, but without knowing what the heck you are doing it's the best I could do):
    PHP Code:
    switch ($fly) {
    $query "SELECT * FROM table WHERE this='kt-403'";
    $query "SELECT * FROM table WHERE this='kt-404'";
    'Jerk, that is not an option.';
    if (
    $query) {
    $result mysql_query($query);

    Now, if I were passing that actual value that we are searching for in the db, I'd do
    PHP Code:
    $fly mysql_escape_string($_GET['fly']);
    $query "SELECT * FROM table WHERE this='$fly'";
    $result mysql_query($query);
    I think with a select menu (so long as it isn't dynamically created) you'd probably want to go for the switch method.

    Hope that helps.

    Just don't ever do a "SELECT * FROM table WHERE row=$var" without touching the $var...
    It just begs for an SQL injection attack, and it would suck to go to your site one day and found some jerk had DROPped your db/table...

    Hope that helped. If I was on my other computer I'd paste in some of the links that I've got bookmarked to PHP and MySQL help sites, but I'm not so... guess you'll just have to do a good search.

    The owl of Minerva spreads its wings only with the falling of dusk. -Hegel

  3. #3
    here is complete code
    select 1 of these flights
    <form method="GET">   	 		
    <select name="fly">		 
    <OPTION value="1" selected>kt-403
    <OPTION value="2">kt-404
    <OPTION value="3">kt-405
    total seats
    php function

    function Prin($a)
    echo "<input type=text value=$a>"; #display text field

    if ($fly[2]==selected) #how to make condition

    if ($fly[3]==selected) #how to make condition


    here is problem, that user select kt-404, the value in text field should be 63 and so on

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts