2

I've seen some questions about this topic around here, but non of them solved my problem. I'm trying to make a simple filter using SQL and check boxes.

So far I got this code:

<form action="#" method="GET" id="filter"> 
    <input type="checkbox" name="omgeving[]" value="Indoor">Indoor<br /> 
    <input type="checkbox" name="omgeving[]" value="Outdoor">Outdoor<br /> 
    <input type="submit" name="kies" value="Kies" /> 
</form> 

<?php 
if(isset($_GET['omgeving']) && count($_GET['omgeving'] > 0)) { 
    $catid = implode(',', $_GET['omgeving']);
    $catid = mysql_real_escape_string($catid); 

    $query = mysql_query("SELECT * FROM SomeWhere WHERE Omgeving IN (".$catid.")"); 

    while($row = mysql_fetch_assoc($query)) { 
        $id = $row['Id']; 
        $prod = $row['Product']; 

        echo $prod . "<br />"; 
    }
}
?>

It does something when I click on submit it changes the URL to: filtertest/?omgeving[]=Indoor&kies=Kies but I think the query isn't working like it should because my footer disappears usually this means that my code is incorrect and the page stops loading further. For the love of me I cant figure out why this isn't working...

Is there someone that could help me?

I've checked out this answer but this doesn't solve my problem. The code above is the code that does something at least.

Help... what am I doing wrong here?

Improve this question
7
  • 3
    Exploits of a Mom Commented Mar 28, 2017 at 8:03
  • <form action="#" <-- where is correct action script url? Commented Mar 28, 2017 at 8:04
  • Is it me or is there no action script needed if I just want the Query to be updated on the same page... Commented Mar 28, 2017 at 8:06
  • @Andreas nice one :'D, Jay-oh you should work a bit on the security php.net/manual/en/security.database.sql-injection.php Commented Mar 28, 2017 at 8:10
  • Yeah, I know security is an issue here. I'm just trying to get the code to work, and after that worry about security. This site isn't live yet so I'm the only one using it right now :) Commented Mar 28, 2017 at 8:11

3 Answers 3

Reset to default
1

Change omgeving[] to omgeving. so, the URL would be ?omgeving=Indoor&kies=Kies

<?php 

if(isset($_GET['omgeving']) || !empty($_GET['omgeving'])){
  $catid = mysql_real_escape_string($_GET['omgeving']); 
  //continue with what you are doing.
  // use var_dump(<variable>); exit(); to debug.
}

?>

Hope it was helpful!

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Change the line

 $catid = implode(',', $_GET['omgeving']);

to

$catid = implode('","', $_GET['omgeving']);
$catid = '"'.$catid.'"';

Finally your query should look like below if you have multiple selected

SELECT * FROM SomeWhere WHERE Omgeving IN ("Indoor","Outdoor")

Improve this answer

5 Comments

What do you mean by didn't work, did you get any error
No, no error. Only that the footer disappears like when I started... to bad.
Can you check the PHP error log and show us the error log
Well, I don't exactly know how to show you an error log. As far as I can see I don't get an error. I added error_log("You messed up!", 3, "/var/tmp/my-errors.log"); at the end of the script but that's probably wrong ...
Ubuntu - /var/log/apache2/error.log Centos -/var/www/logs/httpd/error_log
-1

$catid = implode("','", $_GET['omgeving']);

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.