I have an HTML form with checkboxes. Based on the checkboxes that are selected I'm trying to contentate a query string so the select checkboxes are inserted in an IN clause in my SQL statement. I'm recieving an error that is telling me something is wrong with my sql statement. Below is my HTML code for my form:

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">


<input type="checkbox" value="RX-87447" name="box[]"/>
<label>RX-87447</label><br/>

<input type="checkbox" value="LD-52033" name="box[]"/>
<label>LD-52033</label><br/>

<input type="checkbox" value="HY-50242" name="box[]"/>
<label>HY-50242</label><br/>

<input type="checkbox" value="SD-45809" name="box[]"/>
<label>SD-45809</label><br/>

<input type="checkbox" value="DR-20233" name="box[]"/>
<label>DR-20233</label><br/>

<input type="checkbox" value="AS-28148" name="box[]"/>
<label>AS-28148</label><br/>

<input type="checkbox" value="ZT-77733" name="box[]"/>
<label>ZT-77733</label><br/><br/>

<input name="submit" type="submit" value="Submit" />

</form>

The following PHP Code loops through the array and gives me the desired results:

$PI = 3;
$county1 = 1100;

if(isset($_POST['submit']))
{
	$box=$_POST['box'];
	$_SESSION['box_array'] = $box;
	$box1 = $_SESSION['box_array'];

	
	while(list($key, $value) = each($box1))
						{
			
							echo "'" . $value . "'";
				
							for($j = 0; ($j < 1) && ($i < count($box1) - 1); $j++)
							{
								echo ", ";			
							
							}
							$i = $i + 1 ;
						}

Output of above code after selecting some checkboxes. In an attempt to troubleshoot my problem I wanted to make sure that my loop ran OK:

'RX-87447', 'LD-52033', 'HY-50242', 'SD-45809', 'DR-20233'

My goal is to place the above into a query string. The below is my attempt to do so and something is wrong with my SQL statement. I'm assuming the error is coming from concatenating:

$msg5 = '';

$PI = 3;
$county1 = 1100;

if(isset($_POST['submit']))
{
	$box=$_POST['box'];
	$_SESSION['box_array'] = $box;
	$box1 = $_SESSION['box_array'];


db_connect();

$query3 = "SELECT lc.id, cs.ProgramType, lc.FKcountyID, tblc.fkStateCounty, lc.FKloginID, lf.usernameFirm, fi.firm_name, u.FKloginID, u.CredentialCodeFirm, u.CredentialNumber, u.CredentialName, cs.credentialTitle, cs.FKstateID
FROM login_county lc, loginfirm lf, firm_info fi, upload u, credential_state cs, tblcounty tblc
WHERE lf.PKloginFirmID = lc.FKloginID
AND fi.fk_firm_id = lc.FKloginID
AND u.FKloginID = lc.FKloginID
AND u.CredentialCodeFirm = cs.credentialTitle
AND tblc.pkCountyId = lc.FKcountyID
AND (cs.FKstateID = 52 OR tblc.fkStateCounty = 52 OR (tblc.fkStateCounty = cs.FKstateID))
AND cs.credentialTitle IN ('{$box1}')AND lc.FKcountyID IN (";

$i = 0;	
					while(list($key, $value) = each($box1))
						{
			
							$query3 .= "'" . $value . "'";
				
							for($j = 0; ($j < 1) && ($i < count($box1) - 1); $j++)
							{
								$query3 .= ", ";			
							
							}
							$i = $i + 1 ;
						}


$query3 .= ")AND lc.FKcountyID IN ('{$county1}', 3127)";
$query3 .=	"AND cs.ProgramType = '{$PI}'";

					
$result = mysql_query($query) or die("Something is Wrong with your SQL statement");

while ($row = mysql_fetch_array($result))
			{
			
			$FirmName = $row['firm_name'];
			
			$msg5 .= $FirmName . '<br/>'; 
			
			}

}

PLEASE HELP!

Member Avatar for diafol

Try running this directly in the phpMyAdmin SQL box (replace variables with static values) and see what you get. It could be something as simple as misnaming a table.
BTW, when using aliases, use the 'AS' keyword.
Lines 23 -40 may be giving you grief. Simply run this bit before the query statement and save it to a string variable. Then place this variable in the the body of the query.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.