Dependant drop down boxes

Hey Experts!!

Just need some quick help on one of my last queries for this project.  

I'm trying to query my DB and keep getting the wrong results.   I'm trying to get users to select Year, Make and finally Model.  The problem now is, I'm not getting the right models.

You can see the page in question here: http://aimsmanufacturing.com/dbaxle/start.php 

My code for the getModels.php file is below.  
<?php  
    $connect = mysql_connect("lzakoor.db.6428867.hostedresource.com","lzakoor","PAss1234") or die("Connexion error!");  
    mysql_select_db("lzakoor", $connect) or die("Database connexion error!");  
  
    $query = "SELECT * FROM lzakoor.makes, lzakoor.models WHERE makes.make_id = models.make_id AND models.make_id ="$_GET["make_id"] ;  
    $result = mysql_query($query);  
    $options = array();  
    $options[] = array("value"=>"","text"=>"Choose a model...");  
    if($result) while($row = mysql_fetch_object($result)) $options[] = array("value"=>$row->model_id,"text"=>$row->model_name);  
    print json_encode($options);  
    mysql_close();  
?>

Open in new window

LVL 30
LZ1Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ray PaseurCommented:
Line 6:

$result = mysql_query($query);  

How do you know if the query worked?  Why not test for errors?
LZ1Author Commented:
Hi Ray!  
I probably should have included the past questions that I've asked, so that we all know how we got here.

Take a look here:  

http://www.experts-exchange.com/Database/MySQL/Q_26551073.html

This was the last question I asked.  This should answer most of your questions. Let me know if you need anything else.
Ray PaseurCommented:
Also, you cannot see this on the browser display screen, but you've got some kind of logic error here:

<b>Warning</b>:  session_start() [<a href='function.session-start'>function.session-start</a>]: Cannot send session cookie - headers already sent by (output started at /home/content/67/6428867/html/dbaxle/includes/head.php:8) in <b>/home/content/67/6428867/html/dbaxle/includes/nav.php</b> on line <b>4</b><br />

<br />
<b>Warning</b>:  session_start() [<a href='function.session-start'>function.session-start</a>]: Cannot send session cache limiter - headers already sent (output started at /home/content/67/6428867/html/dbaxle/includes/head.php:8) in <b>/home/content/67/6428867/html/dbaxle/includes/nav.php</b> on line <b>4</b><br />
OWASP: Forgery and Phishing

Learn the techniques to avoid forgery and phishing attacks and the types of attacks an application or network may face.

Ray PaseurCommented:
Hmm... http://www.experts-exchange.com/Database/MySQL/Q_26551073.html
appears to point to this question?
LZ1Author Commented:
I forgot to take the session cookie out of it.  I originally restricted the access to the page. But when I needed help it was easier to just open it up.  That cookie holds user information, that's all.
LZ1Author Commented:
Sorry about that Ray!  lol.......it's Monday.

Try this one: http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/Q_26549088.html
Ray PaseurCommented:
OK, regarding this statement:

    $query = "SELECT * FROM lzakoor.makes, lzakoor.models WHERE makes.make_id = models.make_id AND models.make_id ="$_GET["make_id"] ;  

I am not even sure PHP would parse that correctly.  But in any case you REALLY WANT to test your queries for success and show you what happened when they fail.  Here is an example of how to do that.  If you cannot see the direct output of that script because it is hidden behind a jQuery implementation, you probably want to isolate the script and test it with direct browser output until you are sure it is working correctly.

You might want the query to say something more like this:

$query
= "SELECT * FROM makes, models WHERE makes.make_id = models.make_id AND models.make_id ='"
. mysql_real_escape_string($_GET["make_id"])
. "'";  
// CREATING THE QUERY
$sql = " -- query string -- ";
// IF mysql_query() RETURNS FALSE, GET THE ERROR REASONS
// MAN PAGE:http://us2.php.net/manual/en/function.mysql-query.php
if (!$res = mysql_query($sql))
{
    // MAN PAGE: http://us.php.net/manual/en/function.mysql-error.php
    $errmsg = mysql_errno() . ' ' . mysql_error();
    echo "<br/>QUERY FAIL: ";
    echo "<br/>$sql <br/>";
    die($errmsg);
}

Open in new window

LZ1Author Commented:
Those scripts have been working thus far.  The SQL should fetch results for all vehicles based on first, the year chosen, then the make chosen.

I did try your SQL and still got nothing.  Where should I put the code you posted?  Should that go right on the page or in one of my get files?
Ray PaseurCommented:
I copied the script posted in the Question with cut and paste, and installed it on my server.  This is the result of running it:

Parse error: syntax error, unexpected T_VARIABLE in /home/websitet/public_html/RAY_temp_lz1.php on line 5

So I am a little mystified at "Those scripts have been working thus far."   This is what I meant when I wrote, "you probably want to isolate the script and test it with direct browser output..."
<?php  
    $connect = mysql_connect("lzakoor.db.6428867.hostedresource.com","lzakoor","PAss1234") or die("Connexion error!");  
    mysql_select_db("lzakoor", $connect) or die("Database connexion error!");  
  
    $query = "SELECT * FROM lzakoor.makes, lzakoor.models WHERE makes.make_id = models.make_id AND models.make_id ="$_GET["make_id"] ;  
    $result = mysql_query($query);  
    $options = array();  
    $options[] = array("value"=>"","text"=>"Choose a model...");  
    if($result) while($row = mysql_fetch_object($result)) $options[] = array("value"=>$row->model_id,"text"=>$row->model_name);  
    print json_encode($options);  
    mysql_close();  
?>

Open in new window

LZ1Author Commented:
Thanks for all the help thus far Ray, I really do appreciate it.  

How would I try it with direct browser input?  
Like this?  

http://aimsmanufacturing.com/dbaxle/getModels.php?model_id=1
Ray PaseurCommented:
At a minimum, I think I would start testing with this.  You absolutely MUST filter the data in the $_GET array or your data base can be easily compromised.

Try testing the script standalone until you're sure it works, then you can try integrating it back into the jQuery structures.
<?php
error_reporting(E_ALL);
$connect = mysql_connect("lzakoor.db.6428867.hostedresource.com","lzakoor","PAss1234") or die("CONNECT error!");
mysql_select_db("lzakoor", $connect) or die("SELECT error!");

$query 
= "SELECT model_id, model_name FROM makes, models WHERE makes.make_id = models.make_id AND models.make_id =" 
. mysql_real-escape_string($_GET["make_id"]);
$result = mysql_query($query) or die( mysql_error() );
$options = array();
$options[] = array("value"=>"","text"=>"Choose a model...");
while($row = mysql_fetch_object($result))
{
    $options[] = array("value"=>$row->model_id,"text"=>$row->model_name);
}
print json_encode($options);
mysql_close();

Open in new window

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Ray PaseurCommented:
http://aimsmanufacturing.com/dbaxle/getModels.php?model_id=1 - yes that appears to be able to test.  However you need to decide whether you want to use model_id or make_id in the GET string.  If you have the error_reporting() set correctly, PHP will notify you when you use undefined variables.
LZ1Author Commented:
That part I'm not sure of.  The way the scripts were designed, they need to be able to grab the id from the previous select box and populate the new one.  I would think I would need to query for the make_id within the given year.  

Does that make sense?
Ray PaseurCommented:
It's not up to me to know if that makes sense - it's your application!  

But your testing URL says this:
http://aimsmanufacturing.com/dbaxle/getModels.php?model_id=1

And your program code says this:
$_GET["make_id"]

So you might want to use var_dump($_GET) to print out the URL GET string.  You will find that it contains "model_id" => "1" and "make_id" is undefined.  That might be enough to cause your query to fail.
LZ1Author Commented:
Thanks for everything thus far Ray!!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.