Displaying results based on an array value

ali_p

Hello,

I am experiencing difficulty getting all the results from a jobs table that i am querying.
Basically the user is presented with a form in which they select the job division , a multiple select box is used here, and i query the database based on their selections.

The problem i am having is that only the last entry in the table is being displayed , its like its not looping through and displaying all the results that match.

Below is my code

//division is the name of the field with the multiple select box
if (isset($_POST['division']) && is_array($_POST['division'])) { 
  foreach ($_POST['division'] as $value) { 
  // to print out what divisions were selected
     echo "value: $value<br>\n"; 
	 }
	}

//$value is what i base the query on
$sql = " SELECT *  FROM jobs	WHERE division = '$value'";

//execute the sql statement

$result = mysql_query($sql, $conn)or die(mysql_error());

$display_block = "";

//will go through each row in the result set and display data
	while ($row = mysql_fetch_array($result)) {
	//give a name to the fields
	$title = $row['title'];
	$ref_no = $row['ref_no'];
	$location = $row['location'];
	$salary = $row['salary'];
	$job_id = $row['job_id'];
	$display_block .= "<table width=\"450\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\" class=\"content\"><tr><td>$title</td><td>$ref_no</td><td>$location</td><td>$salary</td></tr></table>";
	}

Weedpacket

Originally posted by ali_p

//division is the name of the field with the multiple select box
if (isset($_POST['division']) && is_array($_POST['division'])) { 
  foreach ($_POST['division'] as $value) { 
  // to print out what divisions were selected
     echo "value: $value<br>\n"; 
	 }
	}

//$value is what i base the query on
$sql = " SELECT *  FROM jobs	WHERE division = '$value'";

[/b]

By this stage, $value is the last element in the $POST['division'] array. You never do anything with the rest except echo them in that loop.

$divisions = $_POST['division'];
foreach($divisions as $k=>$division)
{
    $divisions[$k] = "division='$division'";
}
$search_conditions = join(' OR ', $divisions);
$query = "select
    title, ref_no, location, salary, job_id
 from
    jobs";
if($search_conditions!='')
  $query .= " where ".$search_conditions;

And you should check those $divisions to make sure someone's not trying to crack your site.

ali_p

Thanks a million Weedpacket, that looping properly now.

When you say i should check my $division, what do you mean exactly?

Is the code i am using unsafe?