Maybe in the All option of the first page you can put something like:
and in the second page, the query can be something like:
In the case of the other options, the "IN" will have the same effect that "=". But in the case of All, the SQL will be:
If possible, avoid using String values, try to use number values as identifiers and be sure to check the request for valid values and permissions, just in case someone tries to inject invalid values or malicious code.