Solved

Passing multiple values in URL

Posted on 2010-09-07
10
414 Views
Last Modified: 2013-12-13
Hi,

I have list of Artists on my table database.

Artist table has `id_usr`, `Intrument_ID`, 'name_usr'

I want to list artist passing the Instruments ID to the query, but I need to pass these ids in the URL

for example, I want to list all Guitar players and violin players, I need to do something like:

list.php?Instrument_ID=3,5

that would return all artist where Instrument_ID in ($url)

How to do this?

0
Comment
Question by:Fernanditos
10 Comments
 
LVL 4

Expert Comment

by:rstjean
ID: 33618000
You need to make sure that you name the fieldname as an array.  

<input type=checkbox name="Instrument_ID[]" value="1" />
<input type=checkbox name="Instrument_ID[]" value="2" />
<input type=checkbox name="Instrument_ID[]" value="3" />

if(isset($Instrument_ID))
{
$Instruments= join(",", $Instrument_ID);
}
0
 
LVL 4

Expert Comment

by:mpickreign
ID: 33618013
I would recommend storing the data in an array, then call the serialize command on the variable, then pass the serialized variable in the URL.

http://php.net/manual/en/function.serialize.php
0
 
LVL 4

Expert Comment

by:rstjean
ID: 33618031
You need to make sure that you name the fieldname as an array.  

in your form,
<input type=checkbox name="Instrument_ID[]" value="1" />
<input type=checkbox name="Instrument_ID[]" value="2" />
<input type=checkbox name="Instrument_ID[]" value="3" />


on the next step to get the id's
if(isset($_POST['Instrument_ID']))
{
$Instruments= join(",", $_POST['Instrument_ID']);
}

Sorry forgot the $_POST in my first entry.
0
 

Author Comment

by:Fernanditos
ID: 33618042
Sorry, I dont understand, I am talking about passing the ids via URL. How to do it ?
0
 
LVL 6

Expert Comment

by:nasirbest
ID: 33618223
try following example it is important that your are using , commas to separate instruments ids otherwise IN keyword will not work in WHERE clause of query
<html>
  <head>
    <title>Test</title>
  </head>
  <body>
    <table>
<?php

// do mysql connection with mysql_connect() and mysql_select_db

$instruments = $_GET['Instrument_ID'];

$query = "SELECT * FROM artists WHERE Instrument_ID IN ($instruments)";
$result = mysql_query($query);

while ($row = mysql_fetch_assoc($result)) { 
  echo "<tr>\n";
  echo "<td>".$row['id_usr']."</td>\n";
  echo "<td>".$row['id_name_usr']."</td>\n";
  echo "<td>".$row['Instrument_ID']."</td>\n";
  // and so on for other fields
  echo "</tr>\n";
}
?>
    </table>
  </body
</html>

Open in new window

0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 17

Expert Comment

by:jrm213jrm213
ID: 33618773
Hi Fernanditos,

What rstjohn is telling you is correct if you need a page where a user can select a number of instruments to search for and when they click submit the page that opens would read that list and display the data from your database.

I don't know what your current experience is with html forms so this is more of a complete example. In the form on your page, set the 'action' equal to the name of the page that will do your search and display the results. Set the 'method' to "get" so that when the form is submitted the values will be passed in the URL (see attached code snippet).

In your search results page, use the code provided above by nasirbest.
//in your search page

<form action="yoursearchresultspage.php" method="get">

  <input type="checkbox" name="Instrument_ID[]" value="1"/>&nbsp;<label>Cello</label><br/>

  <input type="checkbox" name="Instrument_ID[]" value="2"/>&nbsp;<label>Guitar</label><br/>

  <input type="checkbox" name="Instrument_ID[]" value="3"/>&nbsp;<label>Piano</label><br/>

  <input type="checkbox" name="Instrument_ID[]" value="4"/>&nbsp;<label>Violin</label><br/>

  <input type="submit" value="Search"/>

</form>

Open in new window

0
 
LVL 4

Accepted Solution

by:
chrisbloom7 earned 500 total points
ID: 33632715
jrm213jrm213's form example is correct, and nasirbest has the right idea but his solution leaves you open to SQL injection attacks. Never ever ever trust user data. Always always always escape or validate the data before using it in a SQL query. Combining the two but escaping the input gives you the following:

<?php
$instruments = isset($_GET['Instrument_ID']) //Check to see if the Instrument_ID parameter exists in the query string
  ? (array) $_GET['Instrument_ID']           //If so, convert it to an array if it isn't already
  : array();                                 //Otherwise return an empty array

//If there are instruments, look them up
$result = false;
if (sizeof($instruments)) {
  // Convert all the values to integers
  $instruments = array_map('intval', $instruments);
  
  //Now it's safe to use the instruments array in your SQL
  $query = "SELECT * FROM artists WHERE Instrument_ID IN (" . join(',', $instruments) . ")";
  $result = $instruments; //mysql_query($query);
  
  //...
}
?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
<html>
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
	<title>Form array test</title>
</head>
<body>
  <?php if ($result) { ?>
  <pre><?php print_r($result); ?>
  <?php } ?>
	<form action="form_test.php" method="get">
    <input type="checkbox" name="Instrument_ID[]" value="1"/>&nbsp;<label>Cello</label><br/>
    <input type="checkbox" name="Instrument_ID[]" value="2"/>&nbsp;<label>Guitar</label><br/>
    <input type="checkbox" name="Instrument_ID[]" value="3"/>&nbsp;<label>Piano</label><br/>
    <input type="checkbox" name="Instrument_ID[]" value="4"/>&nbsp;<label>Violin</label><br/>
    <input type="submit" value="Search"/>
  </form>
</body>
</html>

Open in new window

0
 
LVL 4

Expert Comment

by:chrisbloom7
ID: 33632724
Dang, sorry - I had commented out the actual query action while I was testing. Just alter line 14 to look like this:

$result = mysql_query($query);

Open in new window

0
 
LVL 4

Expert Comment

by:chrisbloom7
ID: 33632730
And I forgot to close the <pre> tag on line 26. Haste makes waste...
0
 
LVL 2

Expert Comment

by:oliff
ID: 33744252
I've only briefly read the top post.

But I would have the URL contain the instrument ID, then use a query to select all users who play that instrument.

This, rather than trying to build a string on submit, without some sort of forward to the URL after the original query i've just mentioned! O_o

Bit of sensible logic in my mind!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will explain how to display the first page of your Microsoft Word documents (e.g. .doc, .docx, etc...) as images in a web page programatically. I have scoured the web on a way to do this unsuccessfully. The goal is to produce something …
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to dynamically set the form action using jQuery.

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now