Welcome to WebmasterWorld Guest from

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

js function with a php query with multiple vales

4:53 pm on Jan 25, 2011 (gmt 0)

New User

5+ Year Member

joined:Feb 12, 2007
posts: 28
votes: 0

this is basically a mix & match of 3 things

i have the following function


the php file queries a mysql db and returns an xml file which is pulled into the doThis function - select query is WHERE name='" . $_GET['name'] . "'

what i'd like to do is to be able to use radio button (or similar - doesnt matter) so that the php file gets the all rows where name field contains say "bill" or "bob"

ie something like .php?name=billORbob - how do i concatenate the variables into the link ?

2:39 am on Jan 26, 2011 (gmt 0)

New User

5+ Year Member

joined:Jan 26, 2011
votes: 0

Have you looked into explode? You can send the PHP function like


$name = $_GET['name'];
$names = explode('|', $name);

If you do that, $names[0] would equal 'bill', and $names[1] will equal 'bob'; I believe this is what your asking.
11:07 am on Jan 26, 2011 (gmt 0)

New User

5+ Year Member

joined:Feb 12, 2007
posts: 28
votes: 0

thanks - i'm getting there but putting it into a select query i get an error in syntax (unexpected T_STRING):

"select name FROM table WHERE name IN ('".$names."')"

2:52 pm on Jan 27, 2011 (gmt 0)

New User

5+ Year Member

joined:Feb 12, 2007
posts: 28
votes: 0

further attempts

$name = $_GET['name'];
$names = explode('|', $name);
$names1 = implode(",",$names);

if i put this in manually: it works
"SELECT * FROM table WHERE name IN ('bill','bob')

if i do: it doesnt
"SELECT * FROM table WHERE name IN ('".$names1."')

i've recreated this to see the output by doing

$name = "bill|bob";
$names = explode('|', $name);
$names1 = implode(",",$names);
print_r ($names1);

and this outputs bill,bob

going round in circles on this :(
6:13 pm on Jan 27, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Nov 28, 2004
votes: 0

First, "Javascript" is not a url.

<a href="createxml.php?name=xyz" onclick="return doThis('createxml.php?name=xyz');">

Then add this to the very last line of doThis.

function doThis(url) {
// Whatever code you have
return false;

This does two things, enables your link for non-javascript clients and avoids validation errors. Return false will stop it from navigating.

Next, I'd think you want an "or" - a radio will give you a single value (and should, it's how they work.)

<p><input type="checkbox" name="add_bob" id="add_bob" value="Bob"> <label for="add_bob">Bob</label></p>
<p><input type="checkbox" name="add_joe" id="add_joe" value="Joe"> <label for="add_joe">Joe</label></p>
<p><input type="checkbox" name="add_sue" id="add_sue" value="Sue"> <label for="add_sue">Sue</label></p>

There's a better way to do it, with checkbox arrays, but follow along, since you're passing it to JS . . .

Start here, since you're using JS you don't need to get params in the JS function call, just pass the script name build them dynamically (and you really don't even have to do that, you can assign the script name in the function, but here we go.)

<a href="createxml.php" onclick="return doThis('createxml.php');">


function doThis(url) {
var str=null;
var chks = ['add_bob','add_joe','add_sue'];
for (j=0;j<chks.length;j++) {
if (document.getElementById(chks[j]) && document.getElementById(chks[j]).checked) {
// add , *only* if it's been "started"
if (str) { str += ','; }
str += document.getElementById(chks[j]).value;
if (str) {
url += '?name=' + str;
var day = new Date();
var id=day.getTime();
var params = 'width=600,height=600,scrollbars,resizable';
var win = window.open(url,id,params);
else { alert('You dind\'t check any values'); }
return false;

So now you have incoming

PHP. Do not ever use direct uncleansed input in your programs. Since (in this case) You can count on letters and a comma only,

$name = preg_replace('/[^a-z,]/i','',$_GET['name']);

The previous kills anything not a letter or a comma and is case insensitive (i).

$names = explode(',',$name);
foreach ($names as $n) {
// Just like above, we only need an OR if $where has been
// concatenated
if ($where) { $where .= ' or'; }
$where .= " namefield='$n'";
$query = "select * from table";
if ($where) { $query .= " where $where"; }

should give you

select * from table where namefield='Bob'; // or Sue, or Joe
select * from table where namefield='Bob' or namefield='Joe';
select * from table where namefield='Bob' or namefield='Sue';
select * from table where namefield='Sue' or namefield='Joe';
select * from table where namefield='Bob' or namefield='Joe' or namefield='Sue';

Typo alert: Typed this out on the fly, it may have syntax errors . . . go forth and debug. :-)

A side note - I think your "in" is not working because you have to quote the values for text queries, like in('Bob','Joe','Sue'), but I rarely use in for this, usually only for numeric arrays - but that's why it's broken (I think).