Home/ Questions/Q 8217861
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-07T12:35:24+00:00

I have the following code snippet that builds chained select boxes based on data

  • 0

I have the following code snippet that builds chained select boxes based on data pulled from MySQL.

The first select uses a DISTINCT on a column called PartTypeDescription. This code works awesome if the values in the column are numerical in nature (example: 11). You choose the first select and then the second select is populated as it should.

The problem occurs when the data is text (example: Plumbing). You choose Plumbing for example and the second select box is empty. I’m assuming the second query that builds the second select box is not working correctly. Is there something in the code below that does not allow text values? 

/* Configure the select boxes */

if (isset($_GET['key'])) {
    $key = $_GET['key'];
    switch ($key) {
        case 'callTypeSelect':
            $select = new SelectBox('What vehicle are you working from?','Choose a vehicle');
            $res = mysql_query('SELECT DISTINCT PartTypeDescription FROM ' . DB_TABLE2);
            $callTypes = array();
            for ($i = 0; list($callType) = mysql_fetch_row($res); $i++) {
                $callTypes[] = $callType;
                $select->addItem($callType, 'brandSelect-' . $callType);
            }
            header('Content-type: application/json');
            echo $select->toJSON();
            break;
        default:
            if (strpos($key, 'brandSelect-') === 0) {
                $callType = str_replace('brandSelect-', '', $key);
                $resBrands = mysql_query('SELECT Invm_InventoryNumber FROM ' . DB_TABLE2
                    . ' WHERE PartTypeDescription  = ' . mysql_real_escape_string($callType) . " ORDER BY Invm_InventoryNumber");
                $select = new SelectBox('What part number are you looking for?', 'Pick a part');
                for ($i = 0; list($brand) = mysql_fetch_row($resBrands); $i++) {
                    $select->addItem($brand, 'result-' . $brand . '-' . $callType);
                }
                header('Content-type: application/json');
                echo $select->toJSON();
            } elseif (strpos($key, 'result-') === 0) {
                list($null, $brand, $callType) = explode('-', $key);
                 $res = mysql_query('SELECT * FROM ' . DB_TABLE2
                   . ' WHERE PartTypeDescription = \'' . mysql_real_escape_string($callType) . '\'
                 AND Invm_InventoryNumber = \'' . mysql_real_escape_string($brand) . "'");

                $markup = '';
                for ($i = 0; $row = mysql_fetch_assoc($res); $i++) {
                    //$row = array_map('htmlspecialchars', $row);    it looks like the items is already encoded
                    $markup .= <<<HTML
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You can’t escape characters inside of single quotes. For example:

    $x = 'I don\'t like tomatoes';

    That won’t escape the quote like you think it would and will cause problems. In your code with this line:

    $res = mysql_query('SELECT * FROM ' . DB_TABLE2
   . ' WHERE PartTypeDescription = \'' . mysql_real_escape_string($callType) . '\'
   AND Invm_InventoryNumber = \'' . mysql_real_escape_string($brand) . "'");

    You need to wrap strings with escape sequences with double quotes. 

    $res = mysql_query('SELECT * FROM ' . DB_TABLE2
   . " WHERE PartTypeDescription = \'" . mysql_real_escape_string($callType) . "\'
   AND Invm_InventoryNumber = \'" . mysql_real_escape_string($brand) . "'");
    • 0