Help with getting info from my database using radio buttons

Discussion in 'PHP' started by dthomas31uk, Oct 13, 2008.

0
  1. #1
    Hi. I have created a database called europe and a table called eu_place with the following fields and data

    ----------------------------------------------------------------------
    id | country | city | full_price | half_price

    1 | France | Paris | 50 | 50

    2 | Spain | Barcelona | 70 | 85


    Now what I am trying to do is to show a user a price based on the country selected from a drop down list, a city selected from a drop down list and then the user chooses full load price or half load price for that city and it displays the price.

    I have managed to get the user to choose the country and city and I get the user to chooses the full load price or half load price but I think something is not right with my SQL.

    This is the code that calculates the results, not sure if it is to do with the sql statement

    if ($load =='full_load'){
$result=mysql_query("SELECT full_price from eu_place where city = '$subcat' "); }
else {$result=mysql_query("SELECT half_price from eu_place where city = '$subcat' "); }
    PHP:
    here is all the code

    $cat is the country
    $subcat is the city
    $load is the radio button full load or half load

    Hope someone can help cheers guys, its been tearing my hair out

    <?php
include 'dd.php';
?>



<!doctype html public "-//w3c//dtd html 3.2//en">

<html>

<head>
<title>Demo Multiple drop down list box from plus2net</title>
</head>

<body>
<?php
$cat=$_POST['cat'];
$subcat=$_POST['subcat'];
$load=$_POST['load'];
echo "Value of \$cat = $cat <br>Value of \$subcat = $subcat"."<BR>";
echo "Value of \$load = $load";


if ($load =='full_load'){ 
$result=mysql_query("SELECT full_price from eu_place where city = '$subcat' "); }
else {$result=mysql_query("SELECT half_price from eu_place where city = '$subcat' "); }


echo mysql_error();
while ($row = mysql_fetch($result)) {
echo $row;
}

?>

</body>

</html>
    PHP:
     
    dthomas31uk, Oct 13, 2008 IP
  2. ads2help

    ads2help Peon

    Messages:
    2,142
    Likes Received:
    67
    Best Answers:
    1
    Trophy Points:
    0
    #2
    Replace your mysql_fetch with mysql_fetch_assoc

    And also it will be neater if your query look like this:
    
if ($load =='full_load'){
$result=mysql_query("SELECT full_price FROM eu_place WHERE city = '$subcat' "); }
else {$result=mysql_query("SELECT half_price FROM eu_place WHERE city = '$subcat' "); }
    PHP:
    And 1 more thing, your SELECT query is vulnerable to SQL Injection.
     
    ads2help, Oct 14, 2008 IP
  3. dthomas31uk

    dthomas31uk Peon

    Messages:
    12
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #3
    Hi guys have got it working now thanks

    $result = mysql_query("SELECT full_price, half_price FROM eu_place WHERE city = '" . mysql_real_escape_string($subcat) . "'") or die(mysql_error());
    $row = mysql_fetch_array($result);

    if ($load == 'full_load') {
    echo $row['full_price'];
    } else {
    echo $row['half_price'];
    }


    cheers anyway
     
    dthomas31uk, Oct 14, 2008 IP