1

I have a mysql query which is being to find the stock items in a certain location belonging to a certain group. Hence this is going through 4 levels of while loops. No i have given the user the ability to select the locations they want to view the stocks from. This is being achieved using checkboxes which are sent using ajax in an array. The array exploded in PHP using $offices = explode(",", $locations);. However now i want to use the locations selected in my mysql query.

$location are in the form of location1, location2, location3, location4

//selecting all locations using the statement below, however i want to select the locations that where selected by user.

$sql4 = mysql_query("select OfficeID, OfficeTitle from Office where 'wanted locations');
    while($row3 = mysql_fetch_array($sql4)) {
        $curr_location = $row3[0];

        $sql3 = mysql_query("select Quantity from Stock_Management where Book_ID = '$curr_book' and Location_ID = '$curr_location'");
        while($row3 = mysql_fetch_array($sql3)) {
            echo "<td>".$row3[0]."</td>";
        }   
    }
    echo "</tr>";

I want to select the locations based on the selected locations by user, now this can be achievable using a for loop by i don't know how to include that in my sql query!

Improve this question
9
  • and the question was what again ? Commented Mar 17, 2012 at 13:17
  • in the commented area of the code. I want to select the locations in that sql query based on the selected locations by user. Commented Mar 17, 2012 at 13:18
  • 2
    i'm a bit scared with this bunch of code :D Commented Mar 17, 2012 at 13:20
  • @PaulDinh Lol, just removed the extra bits that were not required. Commented Mar 17, 2012 at 13:21
  • @PaulDinh: will do that! Commented Mar 17, 2012 at 13:32

3 Answers 3

Reset to default
1 
$locations = mysql_real_escape_string($locations);
$locations = str_replace(",","','",$locations);

$sql = "select OfficeID, OfficeTitle from Office WHERE location in ('$locations')";
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1 
$offices = explode(",", $locations);
$loc =  implode("','", $offices);

This helps is creating the variable $loc to location1','location2',location3

$sql4 = mysql_query("select OfficeID, OfficeTitle from Office where OfficeTitle IN ('$loc')");

This creates the mysql query to be:

$sql4 = mysql_query("select OfficeID, OfficeTitle from Office where OfficeTitle IN ('location1','location2',location3')");, which solves the purpose for now.

Improve this answer

Comments

-1

SELECT OfficeID, OfficeTitle FROM Office WHERE OfficeID IN ( $locations ); ??

Also, look up mysql_real_escape_string and 'separation of concerns`

Improve this answer

7 Comments

how mysql_real_escape_string can help here?
It won't help with your solution. But it helps protect your application. Don't write your queries without it.
how mysql_real_escape_string can help to protect this application?
"look it up" is not an answer. -1.
You're expected to do some research yourself instead of me explaining the concept of protecting queries to you.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.