1

I have a form has select list with multiple selecting option, what I need is to pass the multiple values to the sql statement in php.

example of the select list

<select name="site_name" size="10" multiple="multiple">
              <option selected="selected">Select ...</option>
              <option>UV</option>
              <option>US</option>
              <option>PI</option>
</select>

and this should pass UV or and US or and PI to the sql statement example 

$sql = "SELECT Web_Page_Name FROM sites where Web_Page_Name =" $site_name[] ;

the previous is incorrect and I am looking for your help to know the correct sql statement to pass the multiple values.

Improve this question

2 Answers 2

Reset to default
2

You can construct a sql statement using the IN keyword:

SELECT Web_Page_Name FROM sites where Web_Page_Name IN ('UV', 'US', 'PI');

As a sidenote, watch out for SQL injection vulnerabilities.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

thanks for your reply, I want to use the in clause as an array from the selected values of the select list. they will not be fixed values.
@Pipo You'll have to build that string dynamically in PHP. There is no array parameter type. As I stated in the answer, be mindful of SQL injection vulnerabilities.
Thanks again, I'll check this source to have this
0

I have implemented it as below

1- I have changed the select list code to the below:

<select name="site_name[]" size="10" multiple="multiple">
              <option selected="selected">Select ...</option>
              <option>UV</option>
              <option>US</option>
              <option>PI</option>
</select>

2- sql statement in the 2nd page as below

$sql = "SELECT * FROM sites WHERE Web_Page_Name IN ('"
. implode("', '", $_POST['site_name'])
. "')";

this is working good with me now

Improve this answer

2 Comments

You did not heed my advice. The code in this answer is vulnerable to SQL Injection. You cannot simply call implode() directly on the $_POST variables. Each value must be encoded first.
hello, really I appreciate your help and caring to reply to me, I have tried the above and it working on most browsers without any problem, now I have the values inside sql statement an showing results.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.