I'm trying to add results into a html dropdown.
The php works if I take it outside the html form: it shows the results, but I need it inside the form
<form><form method="post" action="selldo.php">
<label><br /><br /><br /><br />What slot do you want to Sell?</label>
<select name="pokeSLOT" id="pokeSLOT" style="width:150px;padding-left:5px;">
<option value=""></option>
<?php
$result = mysql_query("SELECT * FROM user_pokemon
WHERE belongsto='$_SESSION[username]'");
while($row = mysql_fetch_array($result))
{
echo $row['id'] . " " . $row['pokemon'];
echo "<br />";
}
?>
</select><br/><br/>
<label>Price You Would Like For The Pokemon?</label>
<input type="int" name="cost" id="cost" maxlength="30"/><br/><br/>
<button name="submit" type="submit" id="Submit_But">Sell</button>
<p> </p><p> </p>
</form>
When I look in the dropdown menu there is nothing but if it makes the SQL out of the form it posts the results to the page so it works fine I just need it in side the drop down html form
p.s i have the connect ontop of the page
You will need to echo out HTML option elements:
while($row = mysql_fetch_array($result)) {
echo "<option>" . $row['id'] . " " . $row['pokemon'] . "</option>";
}
You will probably want to give the option elements a value so the selected option is passed along properly when the form is submitted.
Did you look at the source this code generates?
You will find that your options are all there but just somewhere in the void, not wrapped by any html tags. You'll see something like:
<form>
<select>
<option></option>
your first option
your second option
your third option
your n'th option
</select>
</form>
But what you really need, for the markup to be correct, is this:
<option>your first option</option>
<option>your second options</option>
And so forth... that should be enough for you to get it right! If not...
echo '<option value="' . $row['id'] . '">' . $row['pokemon'] . '</option>';
You have an SQL-injection hole and a possible XSS security hole:
Correct this by changing the php code to:
<?php
$username = mysql_real_escape_string($_SESSION['username']);
$result = mysql_query("SELECT * FROM user_pokemon
WHERE belongsto = '$username' ");
while($row = mysql_fetch_array($result))
{
$id = htmlentities($row['id']);
$pokemon = htmlentities($row['pokemon']);
echo '<option value = "$id"> $pokemon </option>';
}
?>
See: What are the best practices for avoiding xss attacks in a PHP site
And How does the SQL injection from the "Bobby Tables" XKCD comic work?
You're not creating a select! you need the <option></option> tags for that, not just echo out your results...
<select name="pokeSLOT" id="pokeSLOT" style="width:150px;padding-left:5px;">
<option value=""></option>
<?php
$username = mysql_real_escape_string($_SESSION['username']);
$result = mysql_query("SELECT * FROM user_pokemon WHERE belongsto='$username'");
while($row = mysql_fetch_array($result)) : ?>
<option value="<?php echo htmlentities($row['id']);?>"><?php echo htmlentities($row['pokemon']);?></option>
<?php endwhile;?>
</select>
This should do the trick:
<select name="pokeSLOT" id="pokeSLOT" style="width:150px;padding-left:5px;">
<?php
$result = mysql_query("SELECT * FROM user_pokemon WHERE belongsto = '$_SESSION[username]'");
while($row = mysql_fetch_array($result)) {
echo "<option value=\"\">" . $row['id'] . " " . $row['pokemon'] . "</option>
?>
</select>
Related
Im trying to update a drop down list with the countries of the world from a db query, which is working fine. I want to set the country of the user as selected, based on their IP. I am collecting their IP fine and working out their country, but Im struggling to set the selected in the output based on this.
<?php
include_once 'database.php';
$result = mysqli_query($conn,"SELECT *
FROM tbl_fm_countries
order by Country Asc");
$ipcountry = "United Kingdom";
?>
<form action="results.php" method="post" id="foodmilesTracker">
<fieldset>
<legend>Where are you?</legend>
<ol>
<li>
<label for="countryTo">Your Location</label>
<select name="countryTo">
<?php
// output data of each row
while($row = $result->fetch_assoc()){
echo "<option value='" . $row['CountryId'] . "'>" . $row['Country'] . "</option>";
}
?>
</select>
</li>
</ol>
</fieldset>
I have tried lots of options and seem to get all set as selected or none. For the example I am setting ipcountry manually.
I recommend doing it following way
<?php while($row = $result->fetch_assoc()){ ?>
<option value="<?php echo $row['CountryId']; ?>" <?php echo $row['Country'] == $ipcountry ? 'selected':''; ?>><?php echo $row['Country']; ?></option>
<?php } ?>
I have made a dropdown search form that is auto populated by my database content. The voices in the table would be for example types of woods with varing dimensions.
So there are repeatable wood names with diverse data.
To avoid repetition the dropdown is populated with wood types combined to be selected then displayed with all their variants.
The problem is, upon selecting an input, the results are of the item listed above and not the one selected.
<form action="search2.php" method="POST">
<select name="finit" onchange='this.form.submit()'>
<?php
include("connect.php");
$query = "SELECT finit FROM prime";
$info = mysqli_query($conn, $query);
$finit = '';
echo "<option value=\"\">Selezione Materiale</option>";
while($row = $info->fetch_assoc()){
if($row['finit'] != $finit) {
echo "<option value=\"$finit\">" . $row['finit'] . "</option>";
$finit = $row['finit'];
}
}
?>
</select>
<noscript><input type="submit" value="Submit"></noscript>
</form>
Since there are many variants(dimensions) associated with a single wood type, you have to first take the wood type as input from user(via dropdown list), and probably then you may want to display all possible variants(dimensions) of that particular wood type.
So, change the SQL query in the following way,
$query = "SELECT DISTINCT finit FROM prime";
and the while loop in the following way,
while($row = $info->fetch_assoc()){
$output = "<option value='" . $row['finit'] . "'";
if($row['finit'] == $_POST['finit']){
$output .= " selected='selected'";
}
$output .= ">" . $row['finit'] . "</option>";
echo $output;
}
Try this but change if condition according your default value and sql value should be match.
<form action="search2.php" method="POST">
<select name="finit" onchange='this.form.submit()'>
<?php
include("connect.php");
$query = "SELECT finit FROM prime";
$info = mysqli_query($conn, $query);
$finit = '';
?>
<option value="">Selezione Materiale</option>;
<?php
while($row = $info->fetch_assoc()){
if($row['finit'] == $finit) {
$selected = 'selected';
}else{
$selected = '';
$finit = $row['finit'];
}
?>
<option value="<?php echo $finit ?>" <?php echo $selected ?>><?php echo $row['finit']?></option>
<?php } ?>
</select>
<noscript><input type="submit" value="Submit"></noscript>
</form>
I'm not sure how to describe it, so here's a video where I explain my problem.
I tried rearranging some of the code, as I do believe nothing is faulty, attempting to make sure that the table refreshes with the new data inside it, however every time I tried to place my code in a different order (executing the queries in different orders), it either functions differently than how I want it to function or it doesn't function at all.
Both queries do function separately, I'm just unsure why they're not working together.
Searchbar has the value seen inputted in the homepage on both my Search page and this page in question. However it was left blank for this page, which gave me the result of having the full table display which is what I wanted to happen. I'm just not sure how I can edit my code so, when submitted, it will display the newly added data.
My PHP:
<?php
$find = $_POST['searchbar'];
$host = "localhost";
$username = "FFF";
$pword = "L3FhqJNey8Op2qJY";
$database = "Project";
include 'includes/db.inc.php';
$Name2 = $_POST['Name'];
$YearOfRelease2 = $_POST['YearOfRelease'];
$Studio2 = $_POST['Studio'];
$Age2 = $_POST['Age'];
$Score2 = $_POST['Score'];
?>
My HTML:
<html>
<head>
<title>Add a Film - Films! Films! FILMS!</title>
</head>
<body>
<h1>Films! Films! FILMS!</h1>
<h2>Add a Film</h2>
<p>If you wish to add a film to our database, feel free to add data relating to the film in the respective boxes below. You should then refresh the page.</p>
<p>Add Film:</p>
<form method="POST" action="AddFilm.php">
<p>Name of Film: <input type="text" name="Name"></p>
<p>Year of Release: <input type="text" name="YearOfRelease"></p>
<p>Name of Studio: <input type="text" name="Studio"></p>
<p>Age Rating: <select name="Age" size="1">
<optgroup label="Select Age Rating">
<option value="U">U</option>
<option value="PG">PG</option>
<option value="12">12</option>
<option value="15">15</option>
<option value="18">18</option>
</optgroup>
</select></p>
<p>Review Score: <input type="text" name="Score"></p>
<p><input type="submit" name="submit" value="Submit and Refresh"></p>
</form>
<?php
echo "<h2>$output</h2>";
$query_string = "SELECT * FROM movies WHERE Name LIKE '%$find%' OR YearOfRelease LIKE '%$find%' OR Studio LIKE '%$find%' OR Age LIKE '%$find%' OR Score LIKE '%$find%'";
$query_string2 = "INSERT INTO movies (Name, YearOfRelease, Studio, Age, Score) VALUES ('$Name2', '$YearOfRelease2', '$Studio2', '$Age2', '$Score2');";
if ($result = $mysqli->query($query_string2)) {
$output2 = $Name2 ." has been added to the database.";
echo "<p>$output2</p>";
} else {
echo ("Error performing query: " . $mysqli->error() );
}
$result->close();
if ($result = $mysqli->query($query_string)) {
echo "<table border='1'>";
echo "<tr><th>FilmID</th><th>Name</th><th>YearOfRelease</th><th>Studio</th><th>Age</th><th>Score</th></tr>";
while ($row = $result->fetch_object())
{
$FilmID = $row->FilmID;
$Name = $row->Name;
$YearOfRelease = $row->YearOfRelease;
$Studio = $row->Studio;
$Age = $row->Age;
$Score = $row->Score;
$output ="<tr><td> $FilmID";
$output = $output . "<td> $Name";
$output = $output . "<td> $YearOfRelease";
$output = $output . "<td> $Studio";
$output = $output . "<td> $Age";
$output = $output . "<td> $Score </tr>";
echo "<p>$output</p>";
}
echo "</table>";
echo "<hr>";
echo '<p>Back to Home Page</p>';
$result->close();
} else {
echo ("Error performing query: " . $mysqli->error() );
}
$mysqli->close();
?>
</body>
</html>
I am trying to find a way in PHP to combine data from several drop down boxes into one SQL statement. I can get this to partly work. Here is the SQL query:
$sql = "
SELECT *
FROM books
WHERE
author = '$bird'
AND genre = '$cat'
AND year= '$mouse'
AND publisher = '$goat'
";
$bird, $cat etc are the variables that hold the selection from each drop down box.
I am getting mixed results. All four will work together fine and all will work individually.
So If I select from authors, genre, year and publisher, then press select it works and if I select these individually they work as well.
But if try and just select two items, let's say author and year, it does not work and can produce a variety of incorrect data. Here is the complete code. Any help appreciated:
<html>
<head>
<title>My Page</title>
</head>
<body>
<br>
<form name="myform" action="authors3.php" method="POST">
<select name="author" size="2">
<option value="ken davies">ken davies</option>
<option value= "arthur smith">arthur smith</option>
<option value="gill rafferty">gill rafferty</option><br />
<option value="molly brown">molly brown</option><br />
<option value="gilbert riley">gilbert riley</option><br />
<input type = "submit" name = "submit" value = "go">
<select name="genre" size="4">
<option value="adventure">adventure</option>
<option value="biography">biography</option>
<option value="crime">crime</option><br />
<option value="romance">romance</option>
<option value="thriller">thriller</option>
<input type = "submit" name = "submit" value = "go">
<select name="year" size="4">
<option value="2002">2002</option>
<option value="2003">2003</option>
<option value="2004">2004</option>
<option value="2005">2005</option>
<option value="2006">2006</option>
<option value="2007">2007</option>
<option value="2008">2008</option>
<input type = "submit" name = "submit" value = "go">
<select name="publisher" size="4">
<option value="blue parrot">blue parrot</option>
<option value="yonkers">yonkers</option>
<option value="zoot">zoot</option>
<input type = "submit" name = "submit" value = "go">
<?php
$bird = (!empty($_POST['author'])) ? $_POST['author'] : null;
$cat = (!empty($_POST['genre'])) ? $_POST['genre'] : null;
$mouse = (!empty($_POST['year'])) ? $_POST['year'] : null;
$goat = (!empty($_POST['publisher'])) ? $_POST['publisher'] : null;
$con = mysql_connect("localhost","root","");
If (!$con) {
die("Can not Connect with database" . mysql_error());
}
mysql_select_db("authors",$con);
if (isset($bird) && isset($cat) && isset($mouse) && isset($goat)){
$sql = "SELECT * FROM books WHERE author = '$bird'
AND genre = '$cat' AND year = '$mouse' AND
publisher = '$goat' ";
}
else if (isset($bird)) {
$sql = "SELECT * FROM books WHERE author = '$bird' ";
}
else if (isset($cat)) {
$sql = "SELECT * FROM books WHERE genre = '$cat' ";
}
else if (isset($mouse)) {
$sql = "SELECT * FROM books WHERE year = '$mouse' ";
}
else if (isset($goat)) {
$sql = "SELECT * FROM books WHERE publisher = '$goat' ";
}
$myData = mysql_query($sql,$con);
echo"<table border=1>
<tr>
<th>id</th>
<th>author</th>
<th>title</th>
<th>publisher</th>
<th>year</th>
<th>genre</th>
<th>sold</th>
</tr>";
while($record = mysql_fetch_array($myData)){
echo "<tr>";
echo "<td>" . $record['id'] . "</td>";
echo "<td>" . $record['author'] . "</td>";
echo "<td>" . $record['title'] . "</td>";
echo "<td>" . $record['publisher'] . "</td>";
echo "<td>" . $record['year'] . "</td>";
echo "<td>" . $record['genre'] . "</td>";
echo "<td>" . $record['sold'] . "</td>";
echo "<tr />";
}
echo "</table>";
mysql_close($con);
?>
note: all four are working<br />
all work individually<br />
two or three dont work together
</form>
</body>
</html>
Apart from the fact that you're using a deprecated way connecting to MySQL (read up on SQL injection and PDO), you're not covering all the use cases in your code.
A better way might be to write a base query ($q = 'SELECT * FROM books WHERE), and extend that query with the appropriate extra WHERE clauses, based on checking if the parameter is empty or not (if (!empty($goat)) // append new clause to the WHERE portion).
You're query is half fine. Your declarations are the cause of your problem! The reason is you're essentially doing this:
genre ='adventure' and year = null.
What you want to do is edit your query accordingly. So you'll want to do
if (!is_null($year)) {
$sql.= "AND Year = $year";
}
Problem is the above method allows injection!! Which if you're fessed about is a BIG PROBLEM!!!!
So I would recommend using bind_params BUT having said that calling cal_user_func_array on bind_params is a bit tricky so I'd recommend using PDO where you can edit your query and manage your parameters safely and effectively
I have select option. this option has multiple value from database. I want to update something from database, this value i want to update is exist on the select option I have.
this is my option code
$id = $_GET['update'];
$query = mysql_query("SELECT * FROM transaction where id = '$id'") or die ("could not search");
$count = mysql_num_rows($query);
while ($rows = mysql_fetch_array($query)) {
$id = $rows['id'];
$tranid = $rows['tranid'];
$trandate = $rows['trandate'];
$patientid = $rows['patientid'];
$transactiontype = $rows['transactiontype'];
$trandescription = $rows['trandescription'];
$tranquantity = $rows['tranquantity'];
$tranunitprice = $rows['tranunitprice'];
$tranamount =$rows['tranamount'];
$gettrandescription = $rows['trandescription'];
}
}
if (isset($_POST['selectmedicine'])) {
$gettrandescription=$_POST['medicineid'];
}
if (isset($_POST['selectroomquantity'])) {
$tranquantity=$_POST['quantity'];
}
?>
<script type="text/javascript">
$('#collapseone').collapseone({
toggle: true
});
<option value="<?php echo $trandescription; ?>" <?php if($trandescription==$gettrandescription){ echo "selected";} ?> ><?php echo $gettrandescription; ?></option>
<option value="<?php echo $tranquantity; ?>" <?php if($tranquantity==$tranquantity){ echo "selected";} ?> ><?php echo $tranquantity; ?></option>
this has value results, but i cant fetch this value to my existing select option.
If you want to "make that variable an array" as aldrin27 said, append [] to the name attribute of the select tag. The selected value of the option with name selectroomquantity will be available in your script as $_POST["selectroomquantity"] (this is the varible).
<select multiple name="selectroomquantity[]">
<option value="...">...</option>
</select>
It should only be necessary if multiple options can be selected however.
Also, there seems to be a typo:
<?php if($tranquantity==$tranquantity)
That check will always return true. It should probably be:
<?php if($tranquantity==$gettranquantity)
hi all i just got the code on how to fecth the value to dropdown. actually i made a wrong word. pre-selected is the right one, sorry for that. here;s the working code.
<select name="selectmedicine" class="form-control col-sm-4" id="medicinename">
<option id="0" style="width:100px"></option>
<?php
$medicine = mysql_query("SELECT * FROM medicine");
while ($row = mysql_fetch_array($medicine)) {
echo '<option id="' . $row['medicinename'] . '"';
echo ' value="' . $row['medicineid'] . '"';
if($row['medicinename'] == $trandescription) {
echo ' selected="selected"';
}
echo '>';
echo $row['medicinename'];
echo '</option>';
}
?>
</select>
thanks everyone, whos trying to help me on this. actually this is my five revised question sorry for that. and finally i got the right one.