Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 438
  • Last Modified:

Passing multiple values in URL

Hi,

I have list of Artists on my table database.

Artist table has `id_usr`, `Intrument_ID`, 'name_usr'

I want to list artist passing the Instruments ID to the query, but I need to pass these ids in the URL

for example, I want to list all Guitar players and violin players, I need to do something like:

list.php?Instrument_ID=3,5

that would return all artist where Instrument_ID in ($url)

How to do this?

0
Fernanditos
Asked:
Fernanditos
1 Solution
 
rstjeanCommented:
You need to make sure that you name the fieldname as an array.  

<input type=checkbox name="Instrument_ID[]" value="1" />
<input type=checkbox name="Instrument_ID[]" value="2" />
<input type=checkbox name="Instrument_ID[]" value="3" />

if(isset($Instrument_ID))
{
$Instruments= join(",", $Instrument_ID);
}
0
 
mpickreignCommented:
I would recommend storing the data in an array, then call the serialize command on the variable, then pass the serialized variable in the URL.

http://php.net/manual/en/function.serialize.php
0
 
rstjeanCommented:
You need to make sure that you name the fieldname as an array.  

in your form,
<input type=checkbox name="Instrument_ID[]" value="1" />
<input type=checkbox name="Instrument_ID[]" value="2" />
<input type=checkbox name="Instrument_ID[]" value="3" />


on the next step to get the id's
if(isset($_POST['Instrument_ID']))
{
$Instruments= join(",", $_POST['Instrument_ID']);
}

Sorry forgot the $_POST in my first entry.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
FernanditosAuthor Commented:
Sorry, I dont understand, I am talking about passing the ids via URL. How to do it ?
0
 
nasirbestCommented:
try following example it is important that your are using , commas to separate instruments ids otherwise IN keyword will not work in WHERE clause of query
<html>
  <head>
    <title>Test</title>
  </head>
  <body>
    <table>
<?php

// do mysql connection with mysql_connect() and mysql_select_db

$instruments = $_GET['Instrument_ID'];

$query = "SELECT * FROM artists WHERE Instrument_ID IN ($instruments)";
$result = mysql_query($query);

while ($row = mysql_fetch_assoc($result)) { 
  echo "<tr>\n";
  echo "<td>".$row['id_usr']."</td>\n";
  echo "<td>".$row['id_name_usr']."</td>\n";
  echo "<td>".$row['Instrument_ID']."</td>\n";
  // and so on for other fields
  echo "</tr>\n";
}
?>
    </table>
  </body
</html>

Open in new window

0
 
jrm213jrm213Commented:
Hi Fernanditos,

What rstjohn is telling you is correct if you need a page where a user can select a number of instruments to search for and when they click submit the page that opens would read that list and display the data from your database.

I don't know what your current experience is with html forms so this is more of a complete example. In the form on your page, set the 'action' equal to the name of the page that will do your search and display the results. Set the 'method' to "get" so that when the form is submitted the values will be passed in the URL (see attached code snippet).

In your search results page, use the code provided above by nasirbest.
//in your search page
<form action="yoursearchresultspage.php" method="get">
  <input type="checkbox" name="Instrument_ID[]" value="1"/>&nbsp;<label>Cello</label><br/>
  <input type="checkbox" name="Instrument_ID[]" value="2"/>&nbsp;<label>Guitar</label><br/>
  <input type="checkbox" name="Instrument_ID[]" value="3"/>&nbsp;<label>Piano</label><br/>
  <input type="checkbox" name="Instrument_ID[]" value="4"/>&nbsp;<label>Violin</label><br/>
  <input type="submit" value="Search"/>
</form>

Open in new window

0
 
chrisbloom7Commented:
jrm213jrm213's form example is correct, and nasirbest has the right idea but his solution leaves you open to SQL injection attacks. Never ever ever trust user data. Always always always escape or validate the data before using it in a SQL query. Combining the two but escaping the input gives you the following:

<?php
$instruments = isset($_GET['Instrument_ID']) //Check to see if the Instrument_ID parameter exists in the query string
  ? (array) $_GET['Instrument_ID']           //If so, convert it to an array if it isn't already
  : array();                                 //Otherwise return an empty array

//If there are instruments, look them up
$result = false;
if (sizeof($instruments)) {
  // Convert all the values to integers
  $instruments = array_map('intval', $instruments);
  
  //Now it's safe to use the instruments array in your SQL
  $query = "SELECT * FROM artists WHERE Instrument_ID IN (" . join(',', $instruments) . ")";
  $result = $instruments; //mysql_query($query);
  
  //...
}
?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
<html>
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
	<title>Form array test</title>
</head>
<body>
  <?php if ($result) { ?>
  <pre><?php print_r($result); ?>
  <?php } ?>
	<form action="form_test.php" method="get">
    <input type="checkbox" name="Instrument_ID[]" value="1"/>&nbsp;<label>Cello</label><br/>
    <input type="checkbox" name="Instrument_ID[]" value="2"/>&nbsp;<label>Guitar</label><br/>
    <input type="checkbox" name="Instrument_ID[]" value="3"/>&nbsp;<label>Piano</label><br/>
    <input type="checkbox" name="Instrument_ID[]" value="4"/>&nbsp;<label>Violin</label><br/>
    <input type="submit" value="Search"/>
  </form>
</body>
</html>

Open in new window

0
 
chrisbloom7Commented:
Dang, sorry - I had commented out the actual query action while I was testing. Just alter line 14 to look like this:

$result = mysql_query($query);

Open in new window

0
 
chrisbloom7Commented:
And I forgot to close the <pre> tag on line 26. Haste makes waste...
0
 
oliffCommented:
I've only briefly read the top post.

But I would have the URL contain the instrument ID, then use a query to select all users who play that instrument.

This, rather than trying to build a string on submit, without some sort of forward to the URL after the original query i've just mentioned! O_o

Bit of sensible logic in my mind!
0

Featured Post

[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now