I’m trying to use a select list to actively filter the results I get from my SQL database. For example, if I choose “Yankees” from my select list, I want my SQL query to only show Yankee players.
EDIT: By “live filtering” I mean that when a user selects Yankees, Phillies, or Announcer, the select list will only display names under that category.
Here is my code for the select.
<select name="ident" id="ident">
<option value="yankees">Yankees</option>
<option value="phillies">Phillies</option>
<option value="announcer">Announcer</option>
</select>
And this is the code that follows (after database connection):
<?php
$ident = $_POST['ident'];
$query = @mysql_query('SELECT name, id FROM grade ORDER BY name asc WHERE ident="' . $ident . '"');
echo "<select name='name'>";
while ($temp = mysql_fetch_assoc($query)) {
echo "<option>".htmlspecialchars($temp['name'])."</option>";
}
echo "</select>";
?>
I know the while statement works for populating my second select list (of names) if I manually put in the name, but am unsure if I can/am doing the live filtering of that list correctly.
Thanks in advance.
Nope, you are not doing it correctly. First of all, there is a security hole. Your code is vulnerable to SQL Injection. Second, your SQL query was wrong.
ORDER BYshould have come afterWHEREclause.Here is the secure and correct way to do it: