Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 864
  • Last Modified:

I need to create a dynamic search with php and mysql that has multiple items to search from. i.e for a car company make(one field ), color(with a database supplied list)

I am a beginner at php and mysql. I already know how to create a database and do some simple php but I want to build a dynamic search that use multiple choice like for a car site make(with dymanic generated drop down), color(with dymanic generated drop down) etc can anyone help. I am starting from scratch
0
nbham29
Asked:
nbham29
  • 2
3 Solutions
 
morristhebearCommented:
You can populate the dropdown boxes when the page is initially loaded, then when the page is submitted you can use the $_POST array to get the values and build an SQL query to select data from your database.

Put the code snippet I've posted into a file called search.php (or a different filename, and change the value in the form action field) and test it.  You will see the query being changed when the dropdown box is changed and submitted.



<?php
	
	if (isset($_POST['submitted'])) {
		$color = $_POST['color'];
		$query = "SELECT * FROM cars WHERE color = '$color'";
		//	Show the query on the page for debugging purposes.
		var_dump ($query);
		//	Do whatever you need to here.
	}
 
?>
<form action="search.php" method="post">
	<select name="color">
		<option value="red">Red</option>
		<option value="yellow">Yellow</option>
	</select>
	<input type="hidden" name="submitted" value="1" />
	<input type="submit" name="submit" value="Search" />
</form>

Open in new window

0
 
Ray PaseurCommented:
nbham29: Get yourself some good tutorial and reference material ASAP.  I recommend the books from SitePoint.  In particular, you need this one: http://www.sitepoint.com/books/phpmysql1/

The book matrix is here: http://www.sitepoint.com/books/library/

In the example code snippet above, the PHP syntax is not quite right, but once it is operational you are naked in the wilderness and at risk for a SQL injection attack.  To wit, if someone comes to your script with a post request that gives you this input, your data base is toast.  Don't think it won't happen.  There are bad guys all over the internet.

The SitePoint books can help you avoid those problems by designing your applications correctly from the outset.  I use them and depend on them.

Best of luck, ~Ray
$_POST[color] = "Red; DROP TABLE cars"

Open in new window

0
 
morristhebearCommented:
Just as a note, I in no way intended for the snippet I provided above to be used in a production environment (hence it's messyness!).  I know it's open to XSS, etc.  I was merely throwing some hints in the general direction which nbham29 should be looking to.

I agree with you though Ray.  Designing something properly from the ground up to be secure is the best way...
0
 
nbham29Author Commented:
I will check the book out and I will see how it works out. Thanks ray. I will look the book over it in the next little day or so and I will see how it works out.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now