Here's the html structure:
<select name="marke" class="marke">
<option value="1">Bosch</option></select>
<select name="modell" class="modell">
<option value="2">Nocria 14 LBC</option></select>
Here is my Php string (simplified)
$modellz = $_POST['marke']. ' ' .$_POST['modell'];
$insertQuery = "INSERT INTO producz (model)
VALUES
('" . $modellz . "')";
Im trying to get the name inside the <option> - tag to Post into the database.
But with this code I just get the values.
So when i run this i get 1 2 in the database.
But I want Bosch Nocria 14 LBC
OBS: I NEED THE VALUE attribute for my jquery selection script.
Please help!
The value of the option is what gets passed to the server, if you want to receive the text within the option instead just remove the value attribute altogether:
<option>Nocria 14 LBC</option>
Will submit that actual string when its selected.
Other than that, please read up about SQL Injections because your current PHP code is vulnerable to attacks.
The issue is with the HTML. The value for each <option> tag is what's sent in the POST request.
Change the HTML to:
<select name="marke" class="marke">
<option value="Bosch">Bosch</option></select>
<select name="modell" class="modell">
<option value="Nocria 14 LBC">Nocria 14 LBC</option></select>
and you will see the results you desire.
Also, please validate/sanitize your form-input before saving into the database. If you're using mysql functions, try mysql_real_escape_string().
If jQuery needs access to the original ID for each option, I would suggest one of two methods. Either add a separate attribute to each option, such as rel: <option value="Bosch" rel="1">Bosch</option>, or keep your code as-is (<option value="1">Bosch</option>) and have PHP aware of the ID/value combinations.
The actual database-structure could, and possibly should, modified to support the actual IDs instead of textual values.
either make value='Bosch' or create an array in your php that converts '1' to the string you require.
This:
<select name="marke" class="marke">
<option value="Bosch">Bosch</option></select>
<select name="modell" class="modell">
<option value="Nocria 14 LBC">Nocria 14 LBC</option></select>
or
<?
Options = Array();
Options['1'] = "Bosch";
Options["2"] = "Nocria 14 LBC";
?>
and use Options[insert] to get the real value
Also remember to use mysql_real_escape_string or string->real_escape() for security
That's because you need to set the value of the option to Bosch and Nocria. POST stores what ever the option value to its corresponding <select> name.
Try this
<select name="marke" class="marke">
<option value="Bosch">Bosch</option></select>
<select name="modell" class="modell">
<option value="Nocria 14 LBC">Nocria 14 LBC</option></select>
Related
On this page, http://www.pfacmeeting.org/2016/phpabstracts/submit_form.php, there is a multiple selection box with 4 choices. Here is the code for that element:
<select id="audience" name="audience" multiple="multiple">
<option value="Newly licensed or unlicensed fiduciaries">Newly
licensed or unlicensed fiduciaries</option>
<option value="Experienced fiduciaries">Experienced
fiduciaries</option>
<option value="Attorneys">Attorneys</option>
<option value="Other">Other</option>
</select>
I did a test a couple of times and selected Newly licensed or unlicensed fiduciaries and Attorneys. However, in the DB field, it only recorded Attorneys. In the php file that processes the form (submit_process.php), first I capture the field to variable:
$audience = mysql_escape_string($_POST['audience']);
Then I insert it into the table:
$query = "INSERT INTO abstracts VALUES ('', ......'$audience','.......)";
The dots just represent other variables before and after audience.
The data is recording into the field, but as I said, it is just the second choice - Attorneys. Any idea why the first choice is not recording also? Any help would be much appreciated. Thank you.
The multi-select post a PHP associative array so you will need to loop through the selected results of the array and insert them for each line.
foreach($_POST['audience'] as $audience)
{
$query = "INSERT INTO abstracts VALUES ('...."
. mysql_escape_string($audience) . ",.......)";
}
also, you need to add the array symbol in the name :
<select id="audience" name="audience[]" multiple="multiple">
multi select produces an array.
To insert all selected in one field implode the array
$audience = mysql_escape_string(implode(',',$_POST['audience']));
oh as KAD says name="audience[]" is required to.
side note- mysql_* depreciated start moving away from it as soon as you can.
I've been working on designing a MediaWiki extension that asks users for their date of birth, then stores that in the user database. So far I've managed to get this working via input box (If the user enters it like "2007-04-06"). As you can tell, that's terribly inefficient.
So - This data is stored as a "DATE" type (Named user_birthdate) in the SQL database, which requires the YYYY-MM-DD format.
Rather than have the user have to type this data out manually, I'd rather have a drop-down list with preset values like so:
<select name="birthdate-year" id="birthdate-year">
<option value="2005">2005</option>
<option value="2006">2006</option>
<option value="2007">2007</option>
</select>
<select name="birthdate-month" id="birthdate-month">
<option value="01">January</option>
<option value="02">February</option>
<option value="03">March</option>
</select>
<select name="birthdate-day" id="birthdate-day">
<option value="01">1</option>
<option value="02">2</option>
<option value="03">3</option>
</select>
My issue here is that I've worked exclusively with JavaScript and HTML5 up to this point, I've simply never touched PHP. Here's what I'd like to know:
How do I string these options together as one value, so that the data is sent in the proper format? Like if the user selects "1997", "04" and "03", I'd want that to become one whole value which is "1997-04-03".
Having three select lists would make the task even more time consuming for the end user than a single box, and you would still have to validate the input (i.e. to avoid things like Feb 31).
Why not have some sort of date picker or calendar that would do most of the work for you?
For examples on how this may be done, try here.
PHP:
<?php
// get values from post
$birthdate-year = $_POST["birthdate-year"];
$birthdate-month= $_POST["birthdate-month"];
$birthdate-day= $_POST["birthdate-day"];
// make string from values
$goodDate = $birthdate-year."-".$birthdate-month."-".$birthdate-day;
echo $goodDate;
// or make object datetime from values
$goodDate2 = new DateTime();
$goodDate2->setDate($birthdate-year, $birthdate-month, $birthdate-day);
echo $goodDate2->format('Y-m-d');
?>
javaScript:
<script>
var year = document.getElementById(birthdate-year).value;
var month = document.getElementById(birthdate-month).value;
var day = document.getElementById(birthdate-day).value;
var goodDate = year+"-"+month+"-"+day;
alert(goodDate);
</script>
i have this html:
<p>
<strong>category:</strong>
<input type="text" name="categorytext">
<select name="categoryselect">
<option value="">-select-</option>
<option value="Paper">Paper</option>
<option value="Envelopes">Envelopes</option>
<option value="Mail Supplies">Mail Supplies</option>
<option value="Software">Software</option>
<option value="Labels">Labels</option>
<option value="Misc">Misc</option>
</select>
i then want to grab the value of the field that has been filled in and put it in a insert or update query. so if text field is filled out, then that value will go into the 'category' field of table. if a selection was made in the dropdown box, then that value will be inserted into the 'category' field of table.
so let's say this is my insert line:
INSERT INTO inventory_vendors (category) VALUES ('" . $_POST["category"] . "')
i want to put something before that line that let's php know which value to use.
something like:
if ($_POST["categorytext"] == "") {
$category = $_POST["categoryselect"];
} else {
$category = $_POST["categorytext"];
}
will something like that work? is there a better way?
EDIT:
i guess i would need to change insert line if i wanted to use a variable. would the following work:
INSERT INTO inventory_vendors (category) VALUES ('" . $category . "')
EDIT #2:
what can i do if someone tries to type text and select an option at the same time?
EDIT #3:
how is escaping done? where in code do i update it to include escaping?
The piece of code you provided should work, but beware of security issues.
You can also use JavaScript to check for fields values and fill in an hidden "category" field, that will be POSTed with the form.
Generaly, you shouldn't directly use POSTed data in textual queries like you do. One can fill in your forms with SQL code and make what is called SQL injection.
Example: If i fill in your form with a category named "'); truncate table inventory_vendors; select ('1" => I just drop your entire table. Always escape incoming data and restrict the rights of your SQL user. The best practice is to use an ORM or a framework to handle your queries.
I have been scanning other similar questions but I'm just not having any luck.
Here is my existing page: http://excelwrestling.com/dual.php
You will see on the web page that the bottom three lines are the same on the form, but each line will have unique information. I am trying to have the user select each box then when they hit submit it will send all the info to the database, with each row being unique.
Here a sample of my html:
<select name="Weight">
<option value="Weight">Weight:</option>
<option value="100">100</option>
<option value="105">105</option>
<option value="115">115</option>
<option value="125">125</option>
<option value="135">135</option>
<option value="145">145</option>
<option value="152">152</option>
<option value="160">160</option>
<option value="175">175</option>
<option value="195">195</option>
<option value="HWT">HWT</option>
</select>
</select>
Here is the action file:
// Get values from form
$Pool=$_POST['Pool'];
$Round=$_POST['Round'];
$Team_1=$_POST['Team_1'];
$Team_2=$_POST['Team_2'];
$Mat=$_POST['Mat'];
$Name_1=$_POST['Name_1'];
$Name_2=$_POST['Name_2'];
$Score=$_POST['Score'];
$Winner=$_POST['Winner'];
$Finished=$_POST['Finished'];
// Insert data into mysql
$sql="INSERT INTO $tbl_name(Pool, Round, Team_1, Team_2, Mat, Weight, Name_1, Name_2, Score, Winner, Finished)
VALUES('$Pool','$Round','$Team_1','$Team_2','$Mat','$Weight','$Name_1','$Name_2','$Score','$Winner','$Finished')"
. implode ('$Pool','$Round','$Team_1','$Team_2','$Mat','$Weight','$Name_1','$Name_2','$Score','$Winner','$Finished',$query_row);
First off, you need to create unique names for your form elements in order to have more than one value submitted. e.g.:
<option value="Weight_1">Weight:</option>
...
<option value="Weight_2">Weight:</option>
...
<option value="Weight_3">Weight:</option>
In the "action" file, you will need to reference these new variables (and you should also sanitize your user posted data before insertion into the table as technoTarek says):
$Weight_1=mysql_real_escape_string($_POST['Weight_1']);
$Weight_2=mysql_real_escape_string($_POST['Weight_2']);
$Weight_3=mysql_real_escape_string($_POST['Weight_3']);
...
And then, to do multiple insert into the same table, you can simply separate the records with a comma:
$sql="INSERT INTO $tbl_name
(Pool, Round, Team_1, Team_2, Mat, Weight, Name_1, Name_2, Score, Winner, Finished)
VALUES
('$Pool','$Round','$Team_1','$Team_2','$Mat','$Weight_1','$Name_1_1','$Name_2_1','$Score_1','$Winner_1','$Finished_1'),
('$Pool','$Round','$Team_1','$Team_2','$Mat','$Weight_2','$Name_1_2','$Name_2_2','$Score_2','$Winner_2','$Finished_2'),
('$Pool','$Round','$Team_1','$Team_2','$Mat','$Weight_3','$Name_1_3','$Name_2_3','$Score_3','$Winner_3','$Finished_3');"
do not try to insert all record at once just try to insert record using loop or one record at a time using foreach statement.
then this will solve your problem.
I generally support the answer provided by #mmxxiii ...but it should include one VERY IMPORTANT step. You should ALWAYS make sure your data is safe before you insert into the database, even if you are the one entering the data.
SANITIZE THE DATA by using either mysql_real_escape_string() on string values or by forcing a type cast (e.g., forcing an integer value to be an integer).
// Get values from form
$Pool=mysql_real_escape_string($_POST['Pool']);
$Round=(int)$_POST['Round'];
$Team_1=(int)$_POST['Team_1'];
$Team_2=(int)$_POST['Team_2'];
$Mat=(int)$_POST['Mat'];
$Name_1=mysql_real_escape_string($_POST['Name_1']);
$Name_2=mysql_real_escape_string($_POST['Name_2']);
$Score=mysql_real_escape_string($_POST['Score']);
$Winner=mysql_real_escape_string($_POST['Winner']);
$Finished=mysql_real_escape_string($_POST['Finished']);
I have this drop list for example:
<p>Your Age:</p>
<select>
<option value="1">0 - 13</option>
<option value="2">13+</option>
<option value="3">18+</option>
</select>
WHAT I'M DOING NOW is to take the value (1, 2, 3..) and insert it to the users table in the column age, how do I know which value belongs to age? I have a table ages with id and the age.
I'm not sure this way necessary, it's too much complicated and not effectively I think.
The other option is to take a string with the age and just put it in the column age, but this way is less dynamically and in what way I can check if the string is one from the ages?
What do you say?
Thank you.
You can either set the value of the option to match the value between the option tag when you generate the select field or you can have a look up array when you submit it - something like
$ageMap = array(
"1" => "0 - 13",
"2" => "13+",
"3" => "18+"
);
// get the value using the posted value from your select field
$ageMap[$_POST["YourAge"]];
You need to give your select a name attribute, and then you can retrieve if from the $_POST variable in PHP, e.g.
<form action="your_php_page.php" method="post">
<select name="age">
...
</select>
</form>
Then in PHP use:
$_POST['age']
you need to give select box "name" attribute by which you can take values of select box from name attribute.
<select name="ages">
<option value="1">0 - 13</option>
<option value="2">13+</option>
<option value="3">18+</option>
When you click on submit ,in code just write
$age = $_POST['ages'];
You will get value of selected age from select box.
I think you can create a attribute in the table with enum(1,2,3) and afterwards you can send value of 1, 2 or 3 to the table.
Advantages: You don´t need to save the ages in database just (1, 2, 3), You don´t need to save a extra table for ages, which is also a way (Creating a table of three ages and then relating one row in age column).
Disadvantag: Extra code (Maybe), depeding on how often you call it and how object-oriented you application is.
You can just check what ages is with a if & else and save it a global variable.