简体   繁体   中英

Trying to display results from mysql query of an array

I have a form that has checkboxes on it. Each check box is assigned a value from 1 to 10. These values correspond to an ID in a table for service names. Here is the form checkbox markup:

<input type="checkbox" name="serv[]" id="janitorial" value=1><label for="janitorial" class="radCheck">Full Service Janitorial</label>
<input type="checkbox" name="serv[]" id="strip" value=6><label for="strip" class="radCheck">Stripping & Waxing</label></br>
<input type="checkbox" name="serv[]" id="buff" value=2><label for="buff" class="radCheck">Floor Buffing/Burnishing</label>
<input type="checkbox" name="serv[]" id="carp" value=7><label for="carp" class="radCheck">Carpet & Upholstery Care</label><br>
<input type="checkbox" name="serv[]" id="tile" value=3><label for="tile" class="radCheck">Tile Cleaning & Restoration</label>
<input type="checkbox" name="serv[]" id="windows" value=8><label for="windows"class="radCheck">Window & Blind Care</label></br>
<input type="checkbox" name="serv[]" id="park" value=4><label for="park" class="radCheck">Parking Lot Care</label>
<input type="checkbox" name="serv[]" id="porter" value=9><label for="porter" class="radCheck">Day Porter</label></br>
<input type="checkbox" name="serv[]" id="snow" value=5><label for="snow" class="radCheck">Snow Removal & Landscape</label>
<input type="checkbox" name="serv[]" id="rest" value=10><label for="rest" class="radCheck">Restroom Services & Supplies</label>

This is posted with all the other form data and sent in an email as well as inputted into the database. I am try to retrieve the names of each service selected from the database but cannot figure out how to write the results of my query. Here is the code for the services query:

$conn=connect();

            $names = implode(',', $serv);
            $query = "SELECT SERVICE_NAME FROM SERVICES WHERE SERVICE_ID ({$names})";
            $result = mysql_query($query);                

            echo "$query";

This outputs:

SELECT SERVICE_NAME FROM SERVICES WHERE SERVICE_ID (1,7,3)

When I submitted the form I had boxes 1, 7, and 3 checked. This all seems right to me. But when I try to get the results through fetch_array or fetch_row I get errors. I've tried countless loops and as many suggestions as I could find on here and other sites. How can I write the results of the query? Please go easy on me, I am very new to PHP and am sure I'm missing something simple.

That's incorrect:

SELECT SERVICE_NAME FROM SERVICES WHERE SERVICE_ID IN (1,7,3)
                                                  ^^^^---missing

And please note that you're wide open to an sql injection attack . Enjoy having your server pwn3d. You also seem to be depending on register_globals being enabled (unless you're doing stuff in code not shown here). Definitely step away from this code, update your PHP version, and LEARN how to write secure code.

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM