Hi all,
ok first off I'm a complete noob so if this is completely wrong just let me know.
I have 3 tables, products, producttypes and aperturesize.
I have a list with details from products which I want to filter by producttypes and aperturesize. Using a jumpmenu I am creating a url with index.php?producttype=1&aperturesize=1.
I am tring to use the variables to filter using $http_get_vars['TypeID'] as an example with producttypes.TypeID = $http_get_vars['TypeID'].
The url is passing but no filtering is taking place, it either just shows all records or error.
Can anyone point out where I am going wrong, preferable in terms of dreamweaver as I have bought a php book, but don't have much free time.
Thanks
Matt
Last edited by Mellowchimp; 01-08-2007 at 09:59 PM..
Reason: Noticed the title says var but I am using vars
$HTTP_*_VARS are deprecated, its wiser to use superglobals instead.
So, with $HTTP_GET_VARS, you now use $_GET. Nice and simple that way.
Second, you should clean your variables first. You do this by a number of ways, you can typecast your variables into the correct data type (if you need an int value, use (int)$_GET['var'] for example). If its string based, look into using a mysql_real_escape_string or your own similar method to prevent injections.
Your query should be similar to so:
$query = "SELECT `data_to_get`, `more_data_to_get`... FROM `table` WHERE producttypes.Typeid = '" . $_GET['TypeID'] . "'";
To further limit the value of your filter, use AND as your operator for your where clause. Keep in mind, that the data has to match some field value, or you will get an empty result set.
$type_id[0] would equal '1', $type_id[1] would equal '2', and so on.
HTH,
Dan
__________________
If you want to use short tags (<? or <?=$var) then make sure short_open_tag is set to "1". It really helps.
Step 1: Learn. Step 2: Search. Step 3: Post here.
After
$colname_rsprod = (get_magic_quotes_gpc()) ? $_GET['ApertureID'] : addslashes($_GET['ApertureID']);
you would would do the explode(",",$colname_rsprod)
and after
$colname2_rsprod = (get_magic_quotes_gpc()) ? $_GET['TypeID'] : addslashes($_GET['TypeID']);
you would do the explode(",",$colname2_rsprod);
HTH
Dan
__________________
If you want to use short tags (<? or <?=$var) then make sure short_open_tag is set to "1". It really helps.
Step 1: Learn. Step 2: Search. Step 3: Post here.
This does not error, but makes no difference to my filtering, it still filters by the first number for each variable. eg, index.php?TypeID=1,2,3&ApertureID=1,2 still only returns those records that have TypeID=1 and ApertureID=1.
Sorry to be a pain and I promise to read that book when I get 5 mins to spare
$colname_rsprod = "-1";
if (isset($_GET['ApertureID'])) {
$colname_rsprod = (get_magic_quotes_gpc()) ? $_GET['ApertureID'] : addslashes($_GET['ApertureID']);
$colname_rsprod = explode(",",$colname_rsprod);
//Now colname_rsprod should be array holding each value for ApertureID
}
$colname2_rsprod = "-1";
if (isset($_GET['TypeID'])) {
$colname2_rsprod = (get_magic_quotes_gpc()) ? $_GET['TypeID'] : addslashes($_GET['TypeID']);
$colname2_rsprod = explode(",",$colname2_rsprod);
//Now colname2_rsprod should be array holding each value for TypeID
}
mysql_select_db($database_mydatabase, $mydatabase);
$query_rsprod = sprintf("SELECT ProductID, ProductName, Specifications, `Description`, SmallImage, sold.Sold, products.`Online`, aperture.ApertureID, products.ApertureID, products.TypeID, producttypes.TypeID FROM products, sold, aperture, producttypes WHERE products.`Online` = 1 AND products.SoldID = sold.SoldID AND products.ApertureID = aperture.ApertureID AND products.TypeID = producttypes.TypeID AND products.TypeID = %s AND products.ApertureID = %s ORDER BY products.ProductID", GetSQLValueString($colname2_rsprod, "int"),GetSQLValueString($colname_rsprod, "int"));
$query_limit_rsprod = sprintf("%s LIMIT %d, %d", $query_rsprod, $startRow_rsprod, $maxRows_rsprod);
$rsprod = mysql_query($query_limit_rsprod, $snb) or die(mysql_error());
$row_rsprod = mysql_fetch_assoc($rsprod);
Changes are around the comments
HTH
Dan
__________________
If you want to use short tags (<? or <?=$var) then make sure short_open_tag is set to "1". It really helps.
Step 1: Learn. Step 2: Search. Step 3: Post here.
I have tried striping out the magic quotes and strip slashes but with or without these are now returning no records.
Any idea anyone?
Matt
Edit - Is this effected because I am trying to return values from the same var, ie, index.php?param1=1,2,3¶m2=1,2,3 or index.php?param1=1¶m1=2¶m1=3¶m2=1¶m2=2¶m2=3.
Last edited by Mellowchimp; 01-10-2007 at 12:16 AM..
Reason: see edit
Passing the parameters as a list of values 1,2,3 does work. In your earlier post - index.php?TypeID=1,2,3&ApertureID=1,2 results in the following:
GET data -
Key: TypeID, Value: 1,2,3
Key: ApertureID, Value: 1,2
The problem is that you need to correctly form the query string and for troubleshooting purposes, echo the query string to make sure it contains the expected contents.
To form a query that will match any of the values in a list (I am assuming that these ID's are integers, but this will work for strings) you need to use the IN (...) operator, something like this -
SELECT ... WHERE ... your_column IN (1,2,3)
__________________
If you are learning PHP, developing PHP code, or debugging PHP code, do yourself a favor and check your web server log for errors and/or turn on full PHP error reporting in php.ini or in a .htaccess file to get PHP to help you.
Before you post, read our: 
