From: "Doug F" <stonehusky@xxxxxxxxxxxxx>
> Populate a dropdown list with values from a MySQL db (done and working).
> Use the selected value as the 'where' clause in a second query.
> Return the results and display them to the user.
>
> Any pointers are appreciated - noob^3 (html, mysql, and php).
>
> Doug
>
> Code that I'm using:
>
> <html>
> <body>
> <?php
>
> // connect to db
> $db = mysql_connect("localhost");
> mysql_select_db("test",$db);
>
> // build query
> $sitequery = "SELECT site from sitedata order by site";
>
> // generate result set
> $siteresult = mysql_query($sitequery);
>
> // use results
> echo "Select a site from the list below: <br><br><select name='site'>";
> while($siterow = mysql_fetch_array($siteresult))
> echo "<option value='".$siterow["site"]."'>"
> $siterow["site"]."</option>";
> echo "</select></td>";
When the form is submitted, the value chosen will be in $_REQUEST['site']
(or $_GET['site'] or $_POST['site'], depending upon your form method).
Then just create your query:
$query = "SELECT * FROM sitedata WHERE site = '{$_REQUEST['site']}'";
If magic_quotes_gpc is not ON, then you'll want to run mysql_escape_string()
on the value first.
$site = mysql_escape_string($_REQUEST['site']);
$query = "SELECT * FROM sitedata WHERE site = '$site'";
See the recent threads on SQL Injection for a reason why. :)
---John Holmes...
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
