Jump to content
Gilbert

can a select statement return more than one value

Recommended Posts

Hi all,  I am populating the <options> of a <select> statement from a database using php.  I'm setting the value of the options to the 'workerID' and setting the innerHTML to the worker name, reading both of these values from the database table 'workers'.  The 'input' button runs the php and I have the workerID as a value, but then I have to access the table again matching the workerID in a where clause to get the first & last name of the worker.  It seems kind of redundant to do it this way - the question is, is there any way to pass along the worker name (which you just looked up) along with the worker ID, to the php function, or is this a normal way to do this.    I thought of making the 'value' attribute a combination of ID and name, and then separating it in the php function to use, but I was wondering if there was an easier way that I am missing.   I am just trying to cut down on traffic to the server.   It would seem like there would be a better way to do this.   Here is my code - thanks for your help!!

<div id="chooseWorker">
    
    <?php
        if ($_SERVER["REQUEST_METHOD"] == "POST") {
            $chosenWorker = ($_POST["mySelect"]);
            include "phpConnection.php";
            $sql = "SELECT firstName, lastName FROM workers WHERE workerID = '".$chosenWorker;
    	    $result = $conn->query($sql);
            if ($result->num_rows > 0) {
                while($row = $result->fetch_assoc()) {
                    $_SESSION["adminFirstName"] = $row["firstName"];
                    $_SESSION["adminLastName"] = $row["lastName"];
                }
            }
            } else {
                return "Worker not Found";
            }
        }
    ?>
    <h3>Please choose a Worker</h3>

    <form method="POST" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
        <select name="mySelect" size="12">
        <?php
	        include "phpConnection.php";
            $sql = "SELECT * FROM workers ORDER BY ranking";
	        $result = $conn->query($sql);
            if ($result->num_rows > 0) {
                while($row = $result->fetch_assoc()) {
                    $fullName=$row["firstName"] . " " . $row["lastName"];
        ?>
        <option value="<?php echo $row['workerID'];?>"><?php echo $fullName;?></option>
        <?php
           } // end while
        } // end if
        ?>
        </select>
        <input type="submit" value="Submit">
    </form>
    
    <div>
        <button>cancel</button>
    </div>
</div>

 

Share this post


Link to post
Share on other sites

If you want to include multiple values and then separate them, you can, but make sure you validate everything.  You wouldn't want someone to submit a combination that isn't actually in the database.  In other words, you still need another trip to the database for validation, so you're not saving anything by doing that.

Share this post


Link to post
Share on other sites

Thanx justsomeguy - I think what you're basically saying is that I did it correctly - that I have the right idea.   I'm not sure I follow you on the 'validation' part because I'm getting the information from a database and asking the user to click on one of the options in the combo box list.   Where is the validation needed?  I think I'm missing where a user could inject malicious code.   Thanx....

Share this post


Link to post
Share on other sites

No one has to use your form, if you have a page that accepts input from $_GET or $_POST anyone can send anything they want to that page.  Make sure you validate your inputs.

  • Like 2

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×