How to send all possible WHERE options to mysqli?

Question

Hello everyone I am sending 3 var via form / select / input to mysqli_fetch which creates div with another var and put there image which have same id as name.jpg.

Question : How to make option all for instance in colors to send all possible colors to $color_val?

<form action="produkt.php" method="post">
<!-- COLOR-->
<li>
<img class="img_search_bar" src="../img/search/color.jpg" />
    <select id="color" name="color">
      <option value="all" selected="selected">ALL</option>
      <option value="blue">blue</option>
      <option value="red">red</option>
      <option value="black">black</option>
      <option value="white">white</option>
    </select>
    </li>
  <!-- 2 more like this for size and type-->
 <INPUT TYPE="submit" name="submit" /></a>  <!-- refresh page-->
 </form>


<?php
if(isset($_POST['submit'])){
     // Storing Selected Value In Variable
   $color_val = $_POST['color'];
   $size_val = $_POST['size']; 
   $type_val = $_POST['type'];  

// Displaying Selected Value
   echo "COLOR :" .$color_val;  
   echo "<br>SIZE :" .$size_val;
   echo "<br>TYPE :" .$type_val;

//making connection to database
   $link = mysqli_connect("localhost", "root","" ,"test");
//selecting query from database where var = select var
   $query = "SELECT * FROM testtable WHERE color = '$color_val' AND size ='$size_val' AND type = '$type_val'";

   if ($result = mysqli_query($link, $query)){

/* fetch associative array */
       while ($row = mysqli_fetch_assoc($result)) {
       printf ("
         <div id='produkt_table'>
          <img class='produkt_ikon' src='../img/produkt/ikon/%s.jpg'>
          <h3> name : name </h3>
          <h4> Prize : %s </h4>
          <h5> Stock : %s </h5>
         </div>         
    ", $row["id"], $row["prize"], $row["stock"]);
    }

/* free result set */
     mysqli_free_result($result);
   }
}
/* close connection  mysqli_close($link);*/
?>

Answer 1

BIG FAT WARNING: YOUR CODE IS INSECURE, SO IS MY EXAMPLE! READ BOTTOM FOR MORE!

Your description is very vague, but I give it a try.

$query = "SELECT * FROM testtable WHERE color = '$color_val' AND size ='$size_val' AND type = '$type_val'";

If you want to match all colors when $color_val === 'ALL' , you have to make the query conditional.

Note: this code and your code is INSECURE

if ($color_val === 'ALL' && empty($color_val)) {
  $query = "SELECT * FROM testtable WHERE size ='$size_val' AND type = '$type_val'";
} else {
  $query = "SELECT * FROM testtable WHERE color = '$color_val' AND size ='$size_val' AND type = '$type_val'";
}

About that Security-Thing

Your code is open to SQL injection, I suggest you start reading the PHP Manual on it or simply google for it .

You don't validate, you don't escape, you could just give away the password to your database as well.

Answer 2

The following code should do. I have made slight changes in your code to get this. You could now optimize this too.

the changes

in html part i have changed the value of option 'all' to 1. this is to easily check the condition in the back end.

The variable $Query_appender is used to store part of the query. if there is a specific color coming through, it will carry the condition else it will carry simply 1. now i have modified your query to change the color condition to last and appended the value in the variable.

This said, if its just the color, you can check the value of the post variable and write two different queries in a conditional statement.

<form action="produkt.php" method="post">
<!-- COLOR-->
<li>
<img class="img_search_bar" src="../img/search/color.jpg" />
    <select id="color" name="color">
      <option value="1" selected="selected">ALL</option>
      <option value="blue">blue</option>
      <option value="red">red</option>
      <option value="black">black</option>
      <option value="white">white</option>
    </select>
    </li>
  <!-- 2 more like this for size and type-->
 <INPUT TYPE="submit" name="submit" /></a>  <!-- refresh page-->
 </form>


<?php
if(isset($_POST['submit'])){
     // Storing Selected Value In Variable
   $color_val = $_POST['color'];
   $size_val = $_POST['size']; 
   $type_val = $_POST['type'];
   $Query_appender = '1';
   if($color_val!=1)
       {
        $query_appender = "color = '$color_val'";}

// Displaying Selected Value
   echo "COLOR :" .$color_val;  
   echo "<br>SIZE :" .$size_val;
   echo "<br>TYPE :" .$type_val;

//making connection to database
   $link = mysqli_connect("localhost", "root","" ,"test");
//selecting query from database where var = select var
   $query = "SELECT * FROM testtable WHERE size ='$size_val' AND type = '$type_val' AND ".$Query_appender;

   if ($result = mysqli_query($link, $query)){

/* fetch associative array */
       while ($row = mysqli_fetch_assoc($result)) {
       printf ("
         <div id='produkt_table'>
          <img class='produkt_ikon' src='../img/produkt/ikon/%s.jpg'>
          <h3> name : name </h3>
          <h4> Prize : %s </h4>
          <h5> Stock : %s </h5>
         </div>         
    ", $row["id"], $row["prize"], $row["stock"]);
    }

/* free result set */
     mysqli_free_result($result);
   }
}
/* close connection  mysqli_close($link);*/
?>

Answer 3

Try putting this in place of $query = "SELECT * FROM testtable WHERE size ='$size_val' AND type = '$type_val' AND ".$Query_appender;

$query = "SELECT * FROM testtable";
if($color_val !='all' || $size_val !='all' || $type_val !='all')
{
    $query_arr = array();
    if($color_val !='all')
    {
        $query_arr[] = "color = '$color_val'";
    }
    if($size_val !='all')
    {
        $query_arr[] = "size ='$size_val'";
    }
    if($type_val !='all')
    {
        $query_arr[] = "type = '$type_val'";
    }

    $query .=" where ".implode(" AND ", $query_arr);
}