Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How to pass string from post form to mysql_query command?

Status
Not open for further replies.

nanao550

Technical User
Nov 8, 2002
12
US
I would like to sort the content of my database using selection box. But it is not working.

I have a form with:

<Form action=&quot;prodtab.php&quot; method=&quot;post&quot;>
Sort Status: <br>
<select name=&quot;SelectType&quot;>
<option value=&quot;WHERE Status=inactive&quot;>Status-Inactive</option>
<option value=&quot;WHERE Status=active&quot;>Status-Active</option>
</select>
<input type=&quot;submit&quot; value=&quot;Go&quot;>
</Form>

This is the query line in the php file:

$result = mysql_query(&quot;SELECT * FROM prodtab &quot;.$_POST['SelectType'].&quot; &quot; ,$connection);

If I hardcode in as below then it is works:

//$result = mysql_query(&quot;SELECT * FROM prodtab WHERE Status=\&quot;inactive\&quot; &quot;,$connection);

How can I pass the value string with the \ in the POST from?

 
This line:

$result = mysql_query(&quot;SELECT * FROM prodtab &quot;.$_POST['SelectType'].&quot; &quot; ,$connection);

is missing &quot;WHERE Status=&quot;, isn't it? ______________________________________________________________________
TANSTAAFL!
 
Oh, it is not missing.

I am trying to pass that in from the post form also.
The post form also have other sorting (mysql_query) by other methods. That is why I am trying to pass that in from the post form.
 
nanao, what you have done is fine except that you need to put single quote marks around your value:

<option value=&quot;WHERE Status='active'&quot;>Active</option>
<option value=&quot;WHERE Status='inactive'&quot;>Inactive</option>


which is why your hardcoded version works, because you have put them in there.

k? :)
 
StuartJones,
That will not work. I have tried many combination of quoting and single quouting the string but it is not working.

Is there some special escape sequence to use when quoting the string?

Thanks
 
Now, if I quote the string in the form as this:
<option value='WHERE Status=&quot;inactive&quot;'>Inactive</option>

phpinfo() shows (which is how the hardcoded string appears):
_POST[&quot;SelectType&quot;] WHERE Status=\&quot;inactive\&quot;

But the mysql_query statement is having an error:
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in prodtab.php on line 61
Sorry, no records were found!

Does anyone have a solution for this?



 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top