I need to create a dynamic search with php and mysql that has multiple items to search from. i.e for a car company make(one field ), color(with a database supplied list)

I am a beginner at php and mysql. I already know how to create a database and do some simple php but I want to build a dynamic search that use multiple choice like for a car site make(with dymanic generated drop down), color(with dymanic generated drop down) etc can anyone help. I am starting from scratch
nbham29Asked:
Who is Participating?
 
nbham29Connect With a Mentor Author Commented:
I will check the book out and I will see how it works out. Thanks ray. I will look the book over it in the next little day or so and I will see how it works out.
0
 
morristhebearConnect With a Mentor Commented:
You can populate the dropdown boxes when the page is initially loaded, then when the page is submitted you can use the $_POST array to get the values and build an SQL query to select data from your database.

Put the code snippet I've posted into a file called search.php (or a different filename, and change the value in the form action field) and test it.  You will see the query being changed when the dropdown box is changed and submitted.



<?php
	
	if (isset($_POST['submitted'])) {
		$color = $_POST['color'];
		$query = "SELECT * FROM cars WHERE color = '$color'";
		//	Show the query on the page for debugging purposes.
		var_dump ($query);
		//	Do whatever you need to here.
	}
 
?>
<form action="search.php" method="post">
	<select name="color">
		<option value="red">Red</option>
		<option value="yellow">Yellow</option>
	</select>
	<input type="hidden" name="submitted" value="1" />
	<input type="submit" name="submit" value="Search" />
</form>

Open in new window

0
 
Ray PaseurConnect With a Mentor Commented:
nbham29: Get yourself some good tutorial and reference material ASAP.  I recommend the books from SitePoint.  In particular, you need this one: http://www.sitepoint.com/books/phpmysql1/

The book matrix is here: http://www.sitepoint.com/books/library/

In the example code snippet above, the PHP syntax is not quite right, but once it is operational you are naked in the wilderness and at risk for a SQL injection attack.  To wit, if someone comes to your script with a post request that gives you this input, your data base is toast.  Don't think it won't happen.  There are bad guys all over the internet.

The SitePoint books can help you avoid those problems by designing your applications correctly from the outset.  I use them and depend on them.

Best of luck, ~Ray
$_POST[color] = "Red; DROP TABLE cars"

Open in new window

0
 
morristhebearCommented:
Just as a note, I in no way intended for the snippet I provided above to be used in a production environment (hence it's messyness!).  I know it's open to XSS, etc.  I was merely throwing some hints in the general direction which nbham29 should be looking to.

I agree with you though Ray.  Designing something properly from the ground up to be secure is the best way...
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.