19644

how to use multiple HTML text inputs to make an SQL search query

Question:

I have a form that contains multiple html text inputs, and I'd like to use the values of these inputs to make one search query (for example I want it to look like this results.php?input=value1+value2+value3) I've tried, however I haven't managed to get one that queries with all the values from the 3 input fields.

$input = $_GET['input']; //this is for the text input - ignore $topic = $_GET['topic']; // the first select box value which works well $location = $_GET['location']; //the second select box value which isn't being inserted into the query $combined = $input . $topic . $location; $terms = explode(" ", $combined); $query = "SELECT * FROM search WHERE input='$input' AND topic ='$topic' AND location='$location' ";'

Answer1:

You can do it the way you've shown, but you should really be using built in PHP functions for escaping input via prepared statements, for example with mysqli's <a href="http://www.php.net/manual/en/mysqli-stmt.bind-param.php" rel="nofollow">bind_param</a>:

$db = new mysqli(*your database connection information here*); $input = $_GET['input']; //this is for the text input - ignore $topic = $_GET['topic']; // the first select box value which works well $location = $_GET['location']; //the second select box value which isn't being inserted into the query $combined = $input . $topic . $location; $terms = explode(" ", $combined); $stmt = $db->prepare("SELECT * FROM search WHERE input = ? AND topic = ? AND location = ?"); $stmt->bind_param("sss", $input, $topic, $location); $stmt->execute(); $stmt->close();

As for the form to get the URL you're wanting:

<form action="results.php" method="GET"> <input type="text" name="input"> <input type="text" name="topic"> <input type="text" name="location"> </form>

The action is set to your results.php script, and the method is set to GET in order to have the form inputs put in the URL.

Recommend

  • file_get_Contents won't send query strings in url , thus receiving nothing with $_GET
  • How to access list of email accounts with cPanel API?
  • C++ std::set comparator
  • web shop (shopping cart) on google app engine
  • Prolog Query - Trying to understand how this result happens
  • Index.php as custom error page
  • Does the failbit effect the call ignore on cin?
  • ASP.NET, C# How to Pass a StringQuery to a custom SQL Command
  • How to separate filename from path? basename() versus preg_split() with array_pop()
  • What does a hyphen at end of a term mean
  • How to distribute an event to all nodes in a (Wildfly) cluster?
  • Making Cross Site Asynchronous HTTP Post from GWT Client
  • Getting IIS6 to play nice with WordPress Pretty Permalinks
  • TSQL Rolling Average of Time Groupings
  • Can XOR be expressed using SKI combinators?
  • Criterion causing memory consumption to explode, no CAFs in sight
  • Cypher - matching two different possible paths and return both
  • Where these are stored?
  • Compress a file with GZipStream while maintaining its meta-data
  • MySQL performance when updating row with FK
  • How solve “Qt: Untested Windows version 10.0 detected!”
  • Ajax calls do not work in IE unless you fiddle with security settings
  • Keep this build forever option - Jenkins
  • How can I send an e-mail from a vbs script
  • Sails.js/waterline: Executing waterline queries in toJSON function of a model?
  • Splitting given String into two variables - php
  • Getting last autonumber in access
  • PHP - How to update data to MySQL when click a radio button
  • Can Jackson SerializationFeature be overridden per field or class?
  • How to check if every primary key value is being referenced as foreign key in another table
  • MySQL WHERE-condition in procedure ignored
  • How to show dropdown in excel using jrxml (jasper api)?
  • Display Images one by one with next and previous functionality
  • Upload files with Ajax and Jquery
  • ORA-29908: missing primary invocation for ancillary operator
  • How to get next/previous record number?
  • Windows forms listbox.selecteditem displaying “System.Data.DataRowView” instead of actual value
  • How do you join a server to an Active Directory (domain)?
  • how does django model after text[] in postgresql [duplicate]
  • How does Linux kernel interrupt the application?