Have you looked into explode? You can send the PHP function like

createxml.php?name=bill|bob

$name = $_GET['name'];
$names = explode('|', $name);

If you do that, $names[0] would equal 'bill', and $names[1] will equal 'bob'; I believe this is what your asking.

thanks - i'm getting there but putting it into a select query i get an error in syntax (unexpected T_STRING):

"select name FROM table WHERE name IN ('".$names."')"

?

further attempts

$name = $_GET['name'];
$names = explode('|', $name);
$names1 = implode(",",$names);

if i put this in manually: it works
"SELECT * FROM table WHERE name IN ('bill','bob')

if i do: it doesnt
"SELECT * FROM table WHERE name IN ('".$names1."')

i've recreated this to see the output by doing

$name = "bill|bob";
$names = explode('|', $name);
$names1 = implode(",",$names);
print_r ($names1);

and this outputs bill,bob

going round in circles on this :(

First, "Javascript" is not a url.

<a href="createxml.php?name=xyz" onclick="return doThis('createxml.php?name=xyz');">

Then add this to the very last line of doThis.

function doThis(url) {
// Whatever code you have
return false;
}

This does two things, enables your link for non-javascript clients and avoids validation errors. Return false will stop it from navigating.

Next, I'd think you want an "or" - a radio will give you a single value (and should, it's how they work.)

<p><input type="checkbox" name="add_bob" id="add_bob" value="Bob"> <label for="add_bob">Bob</label></p>
<p><input type="checkbox" name="add_joe" id="add_joe" value="Joe"> <label for="add_joe">Joe</label></p>
<p><input type="checkbox" name="add_sue" id="add_sue" value="Sue"> <label for="add_sue">Sue</label></p>

There's a better way to do it, with checkbox arrays, but follow along, since you're passing it to JS . . .

Start here, since you're using JS you don't need to get params in the JS function call, just pass the script name build them dynamically (and you really don't even have to do that, you can assign the script name in the function, but here we go.)

<a href="createxml.php" onclick="return doThis('createxml.php');">

JS:

function doThis(url) { 
 var str=null; 
 var chks = ['add_bob','add_joe','add_sue']; 
 for (j=0;j<chks.length;j++) { 
 if (document.getElementById(chks[j]) && document.getElementById(chks[j]).checked) { 
 // add , *only* if it's been "started" 
 if (str) { str += ','; } 
 str += document.getElementById(chks[j]).value; 
 } 
 } 
 if (str) { 
 url += '?name=' + str; 
 var day = new Date(); 
 var id=day.getTime(); 
 var params = 'width=600,height=600,scrollbars,resizable'; 
 var win = window.open(url,id,params); 
 } 
 else { alert('You dind\'t check any values'); } 
 return false; 
} 

So now you have incoming
name=Bob,Joe,Sue

PHP. Do not ever use direct uncleansed input in your programs. Since (in this case) You can count on letters and a comma only,

$name = preg_replace('/[^a-z,]/i','',$_GET['name']);

The previous kills anything not a letter or a comma and is case insensitive (i).

$names = explode(',',$name); 
$where=null; 
foreach ($names as $n) { 
 // Just like above, we only need an OR if $where has been 
 // concatenated 
 if ($where) { $where .= ' or'; } 
 $where .= " namefield='$n'"; 
} 
// 
$query = "select * from table"; 
if ($where) { $query .= " where $where"; } 

should give you

select * from table where namefield='Bob'; // or Sue, or Joe
select * from table where namefield='Bob' or namefield='Joe';
select * from table where namefield='Bob' or namefield='Sue';
select * from table where namefield='Sue' or namefield='Joe';
select * from table where namefield='Bob' or namefield='Joe' or namefield='Sue';

Typo alert: Typed this out on the fly, it may have syntax errors . . . go forth and debug. :-)

A side note - I think your "in" is not working because you have to quote the values for text queries, like in('Bob','Joe','Sue'), but I rarely use in for this, usually only for numeric arrays - but that's why it's broken (I think).