0

I have checkboxes that represent the condition of a product. When a user checks for example Excellent, the value 1 is stored in a GET-variable like this:

...index.php?condition=1

Now, when the user checks multiple boxes (which has to be possible), it looks like this:

...index.php?condition=1,2,3

Obviously, I have to query my database in order to show the products corresponding to the user's choice(s).

if the user only checks one box, the statement is simple:

if (!empty($_GET['condition'])){
$sql = $sql . " AND (Condition = '".$_GET['condition']."')";
}

But what if the user checks multiple boxes? How would the statement have to look? (is it even possible to solve it this way?

thanks!

This is the script that creates the address:

<script>
$('#condition_select input:checkbox').change(function() {
var condition = $("#condition_select input:checkbox:checked").map(function() {
    return this.value;
}).get().join(',');
$("#submit_checkboxes").find("a").attr('href', 'index.php?condition=' + condition);
}).change();
</script>

HTML:

 <div class="mutliselect" id="condition_select">
 <form method="POST" action="">
 <ul>
  <li><input type="checkbox" id="d1" value="1"'; if(strpos($_GET['condition'],'1') !== false){ echo 'checked="checked"';} echo'/><label for="d1" class="checkbox_title">Neu</label></li>
<!-- and 6 more of these -->

Is there a way to solve this without having to create a separate GET-variable for each checkbox?

Improve this question

1 Answer 1

Reset to default
1

UPDATE (once more updated accrding to comments and questions updates):

Question updated, so I will update my answer to. Use explode (http://php.net/manual/en/function.explode.php), to get all values, and implode to formulate query:

$values = explode(',', $_GET['condition']);
// VALIDATE each of values to match Your type.

if (!empty($values)) {

    // $values = [1, 2, 3]
    foreach ($values as $key => $value) {
        $values[$key] = '(condition = \''.$value.'\')';
    }
    // $values = ['(condition = \'1\')', '(condition = \'2\')', '(condition = \'3\')']
    $query = implode(' OR ', $values);
    // $query = '(condition = \'1\') OR (condition = \'2\') OR (condition = \'3\')', 
    $sql = $sql . ' AND ( '.$query.' )';
}

This is Your solution I think (MYSQL multiples AND: http://forums.mysql.com/read.php?10,250552). Example of explode working:

$string = '1,2,3,4,asd,fgh';
$array = explode(',', $string);
print_r($array[0]); // 1
print_r($array[3]); // 4
print_r($array[5]); // 'fgh'

This is a fragment of answer before edits, but I think it is worth to left it here:

Hoverwer, there are many security holes in it!!!

YOU MUST verify the user data. If someone pass in the address for example:

index.php?condition=; SHOW TABLES FROM database;

It can potentialy show some data. As You can see, user can also go to address with delete statemant, or INSERT INTO users... etc.

So in that case YOU SHOULD switch to PDO (for example) http://php.net/manual/en/pdo.prepare.php, and make prepared statements. Verify user data so if You need the number, he can pass only number.

You can use isset also: isset vs empty vs is_null. It is not a must, but sometimes can be useful. With each form you can also check for isset ($_POST['submit']) as many robots that spam POST forms, sometimes just ommit the submit button. It will decrease the amount of requests I think.

Remember that using POST and GET forms ALWAYS allow user to send his own POST / GET requests. In that case, server side verification is a MUST.

PS. Sorry for capital letters, they are used only to make it really STRONG. Verify user data ;).

Best regards.

Improve this answer
Sign up to request clarification or add additional context in comments.

12 Comments

are you sure there is no way to solve it without having to create several get-variables? I'll edit my question to show you more! Thanks for the advice!
U welcome. Update Your question please, and I will try to help :).
Updated... :). Is it ok now? :)
Looks good, but is it necessary to use multiple different Condition-table-rows? In my table I have only one row called Condition, as each product only has only one condition. However, you used Condition1 and Condition2?
If one product can contain only one condition, use not AND but OR. Then it will show only products with condition 1, OR condition 2, OR, ... IN that case, if user checks 1, 2, 3, It will show all products that have condition 1 OR condition 2, OR condition 3. Update: more like: AND (cond = 1 OR cond = 2 OR cond = 3).
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.