This is my html partial code
<select name="number[]" style="width: 350px;" multiple="multiple" size="2">
<option value="one">one</option>
<option value="two">two</option>
<option value="three">three</option>
<option value="four">four</option>
</select>
PHP code
$name = $_POST["name"];
$number= $_POST["number"];
$sql = mysql_query("SELECT * FROM users WHERE name LIKE '%$name%' AND ");
What should i add after AND for the number so that query will work? I tried foreach but it didnt exactly work in query.
How about:
$name = $_POST["name"];
$number= $_POST["number"];
if(!is_array($number)){
// some error message or what.
}
$squery = '';
$a = array();
foreach($number as $n){
// do some validation for $n
// $number should be an array, so don't validate it.
$a[] = "`number` = '$n'";
}
$squery = implode(' OR ',$a);
unset($a);
$query = "SELECT * FROM users WHERE `name` LIKE '%$name%' AND (".$squery.")";
$res = mysql_query($query);
$number= $_POST["number"][i];
put this in your loop
something like this I suppose
$sql = mysql_query("SELECT * FROM users WHERE name LIKE '%$name%' AND number IN (" . implode(',', $_POST['number']) . ')');
the implode documentation
also please not you should be careful about escaping the data coming from users or your website is going to be SQL injection vulnerable.
My approach would be something like this:
<?php
if(is_array($_POST['number']))
{
$numbers = implode("','", array_walk($_POST['number'],' mysql_real_escape_string')));
$result = mysql_query("SELECT * FROM users WHERE name LIKE '%" . mysql_real_escape_string($name%) . "' AND number IN ('" . $numbers . "')") or die(mysql_error());
}
?>