0

I have a form that contains multiple html text inputs, and I'd like to use the values of these inputs to make one search query (for example I want it to look like this results.php?input=value1+value2+value3) I've tried, however I haven't managed to get one that queries with all the values from the 3 input fields.

$input = $_GET['input']; //this is for the text input - ignore
$topic = $_GET['topic']; // the first select box value which works well
$location = $_GET['location']; //the second select box value which isn't being inserted into the query
$combined = $input . $topic . $location;
$terms = explode(" ", $combined);
$query = "SELECT * FROM search WHERE input='$input' AND topic ='$topic' AND location='$location' ";'
Improve this question
4
  • Writing a query with one input field is easy. adding more is even easier: add more form fields, get their data into PHP, then use and and/or or in your query to chain the individual field clauses together in your where clause. But that's up to you to do. We're not here to teach you what is essentially basic PHP and SQL. Commented Jul 8, 2014 at 22:09
  • Please show us the code that you tried. If you don't show us what you've already done and tell us specifically where you're having trouble, we can't help. Commented Jul 8, 2014 at 22:10
  • What's the value of $_GET['location']? Commented Jul 8, 2014 at 22:19
  • Print the values of all variables please. Your code is also vulnerable to an SQL injection attack. You should use MySQLi. Commented Jul 8, 2014 at 22:23

1 Answer 1

Reset to default
1

You can do it the way you've shown, but you should really be using built in PHP functions for escaping input via prepared statements, for example with mysqli's bind_param:

$db = new mysqli(*your database connection information here*);
$input = $_GET['input']; //this is for the text input - ignore
$topic = $_GET['topic']; // the first select box value which works well
$location = $_GET['location']; //the second select box value which isn't being inserted into the query
$combined = $input . $topic . $location;
$terms = explode(" ", $combined);
$stmt = $db->prepare("SELECT * FROM search WHERE input = ? AND topic = ? AND location = ?");
$stmt->bind_param("sss", $input, $topic, $location);
$stmt->execute();
$stmt->close();

As for the form to get the URL you're wanting:

<form action="results.php" method="GET">
  <input type="text" name="input">
  <input type="text" name="topic">
  <input type="text" name="location">
</form>

The action is set to your results.php script, and the method is set to GET in order to have the form inputs put in the URL.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Thank you so much for explaining it very well! I really appreciate you taking time to write all this. I just implemented this into my code and got this error: Fatal error: Call to a member function bind_param() on a non-object in /customers/c/8/c/adamallard.info/httpd.www/ta/results.php on line 150 line 150 being '$stmt->bind_param("sss", $input, $topic, $location); '
That usually happens if the $db->prepare portion returns false. If it is returning false, check your table name and column names to make sure they exist and are spelled right in the select statement. That is usually the most common culprit.
Hate to bother you again, but now I'm getting this error: 'Call to a member function bind_param() on a non-object'

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.