2

I have 3 buttons to submit. let's say button A, B, C. Each button press gonna bring data from DB based on the button press. But the template of data is the same.

my question is it possible to dynamically change the query. especially WHERE field in the query.

$sql = "SELECT Name FROM DevicesList WHERE Device='A' ";

What I want is WHERE part should change based on Button press. 

//my forms are as follows
    <div class="button_style1">
      <form action="displayData.php" method="get" target="_blank">
        <input type="submit" id ="mybutton1" value="A" />
      </form>
    </div>

    <div class="button_style2">
      <form action="displayData.php" method="get" target="_blank">
        <input type="submit" id ="mybutton2" value="B" />
      </form>
    </div>


    <div class="button_style3">
      <form action="displayData.php" method="get" target="_blank">
        <input type="submit" id ="mybutton3" value="C" />
      </form>
    </div>

//I am trying to avoid creating different pages for each button press. Just one page (displayData.php) but with different data based on button press.
Improve this question
1
  • why not just use the value of the button (if you gave all the buttons the same name) - isn't it posted with the form if it is pressed in php? Commented Apr 1, 2019 at 12:44

3 Answers 3

Reset to default
2

Yes, definitely you can do it.

Give same name to each elements:

<input type="submit" name="submit" id ="mybutton1" value="A" />

And in the posted form, get which button is submitted:

if (isset($_POST['submit')) {
 if ($_POST['submit']) {
  $var = mysqli_real_escape_string($_POST['submit']);
  $sql = "SELECT Name FROM DevicesList WHERE Device='" . $var . "'";
 }
}

At one time, only one submit button will submit.

Therefore, you will every time get the name of the submit button and that is what you are comparing in SQL.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

This is vulnerable to SQL injections.
mysqli_real_escape_string isn't safe against SQL injections
0

You can use hidden fields to pass some datas.

In example :

<div class="button_style1">
  <form action="displayData.php" method="get" target="_blank">
    <input type="hidden" name="MyHiddenData" value="A">
    <input type="submit" id ="mybutton1" value="A" />
  </form>
</div>

<div class="button_style2">
  <form action="displayData.php" method="get" target="_blank">
    <input type="hidden" name="MyHiddenData" value="B">
    <input type="submit" id ="mybutton2" value="B" />
  </form>
</div>


<div class="button_style3">
  <form action="displayData.php" method="get" target="_blank">
    <input type="hidden" name="MyHiddenData" value="C">
    <input type="submit" id ="mybutton3" value="C" />
  </form>
</div>

And then, in displayData.php

$MyDevice = $_GET['MyHiddenData'];
Improve this answer

3 Comments

how to change the WHERE field in query? something like WHERE Device= ".$MyDevice"
Something like this, yes. You want to use prepared statements with mysqli or PDO or whatever you are using to query your DB to avoid SQL Injections
Just don't be lazy about prepared statements
0

You can do this like below.

<div class="button_style1">
    <form action="displayData.php" method="get"  target="_blank">
        <input type="submit" name="submit" id ="mybutton1" value="A" />
    </form>
</div>

<div class="button_style2">
    <form action="displayData.php" method="get" target="_blank">
        <input type="submit" name="submit" id ="mybutton2" value="B" />
    </form>
</div>


<div class="button_style3">
    <form action="displayData.php" method="get" target="_blank">
        <input type="submit" name="submit" id ="mybutton3" value="C" />
    </form>
</div>

on the displayData.php

if (isset($_GET['submit']) && in_array($_GET['submit'], array('A', 'B', 'C'))) {
    $variable = mysqli_real_escape_string($con, $_GET['submit']); //$con - database connection object
    $sql = "SELECT Name FROM DevicesList WHERE Device='" + $variable + "' ";
}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.