get multiple regions from checkbox at a time in a row in Mysql php-CodePudding

I am a beginner in Mysql Php. I want to get multiple regions from a table in mysql. I have alredy a script which is given below.

this is my html code:

<form >
   <div >
        <div >
            <div >
                <label >16 - Alger
                    <input type="checkbox" name="region[]" value="16">
                    <span ></span>
                </label>
                <label >31- Oran
                    <input type="checkbox" name="region[]" value="31">
                    <span ></span>
                </label>
                <label >09 - Blida
                    <input type="checkbox" name="region[]" value="09">
                    <span ></span>
                    </label>
                <label  >42 - Tipaza
                    <input type="checkbox" name="region[]" value="42">
                    <span ></span>
                </label>
                <label >42 - Boumerdes
                    <input type="checkbox" name="region[]" value="35">
                    <span ></span>
                </label>
            </div>
            <div >Wilaya</div>
        </div>
    </div>
    <input type="submit" value="Recherche" >
</form>

and this is my php code (not all the code):

if(isset($_REQUEST['region']))
{   
    if(!empty ($_REQUEST['region']))
    {
        foreach ( $_REQUEST['region'] as $region)
        {
            $region = $_REQUEST['region'];
            $region = AntiInjectionSQL($region);
            $adderegion = " AND idregion = '$region'";
        }
    }
    else
    {
        $adderegion = "";
    }

$SQL = "SELECT * FROM pas_annonce WHERE status != 'NOVISIBLE' $addregion"
    $_reponse = $pdo->query($SQL);

I did not put all the code but this is how i want to get region for exempl, from sql:

$SQL = "SELECT * FROM pas_annonce WHERE status != 'NOVISIBLE' AND idregion = '16' OR AND idregion = '09'"// i want to get a single or a multiple regions

CodePudding user response：

You are overwriting the variable whenever it goes through a new iteration in foreach. A correction would be:

$adderegion = "";
foreach ( $_REQUEST['region'] as $region)
{
    $region = $_REQUEST['region'];
    $region = AntiInjectionSQL($region);
    $adderegion .= " AND idregion = '$region'";
}

See operator String documentation

CodePudding user response：

First, never trust user input of forms. You will never know, what user actually try to send you in your $region array. This is one of the most common answers you will always hear. Maybe using some filters could save you much worries. Try to start here: https://www.php.net/manual/en/function.filter-input.php

If you like video tutorials, I liked this one: https://www.youtube.com/watch?v=pfY9LwcsH3A

Even much better is when you only allow your distinct values (09, 16, 31, 35, 42) in your array and filter all others out. Maybe in this way:

 $region = array_intersect($region, [09, 16, 31, 35, 42]);

Next, use placeholders like ? or :region, which also prevents misusing your DB by hackers in some way. Then use the PDO prepare command to prepare the SQL statement and then the PDO execute command to fill in the parameters as an array.

One of the best PDO tutorials I remember is this one: https://phpdelusions.net/pdo

And last: Consider using the SQL IN operator. Therefore, you don't need a loop.

I answered just a few days ago a very similar question with a code example regarding to that question. It was an INPUT INTO SQL statement, but that's not the big difference. Important is how to use the IN operator. My answer was punished with a downvote, because I didn't put in the sanitation and preparing from the start, so I added it afterwards. But there you can see how to use filters, how to use the PDO prepare/execute combination and how to use the IN operator and prepare some placeholders for your array: how to send multiple values with multiple select input