Gilbert Posted July 18, 2018 Share Posted July 18, 2018 Hi all, I am populating the <options> of a <select> statement from a database using php. I'm setting the value of the options to the 'workerID' and setting the innerHTML to the worker name, reading both of these values from the database table 'workers'. The 'input' button runs the php and I have the workerID as a value, but then I have to access the table again matching the workerID in a where clause to get the first & last name of the worker. It seems kind of redundant to do it this way - the question is, is there any way to pass along the worker name (which you just looked up) along with the worker ID, to the php function, or is this a normal way to do this. I thought of making the 'value' attribute a combination of ID and name, and then separating it in the php function to use, but I was wondering if there was an easier way that I am missing. I am just trying to cut down on traffic to the server. It would seem like there would be a better way to do this. Here is my code - thanks for your help!! <div id="chooseWorker"> <?php if ($_SERVER["REQUEST_METHOD"] == "POST") { $chosenWorker = ($_POST["mySelect"]); include "phpConnection.php"; $sql = "SELECT firstName, lastName FROM workers WHERE workerID = '".$chosenWorker; $result = $conn->query($sql); if ($result->num_rows > 0) { while($row = $result->fetch_assoc()) { $_SESSION["adminFirstName"] = $row["firstName"]; $_SESSION["adminLastName"] = $row["lastName"]; } } } else { return "Worker not Found"; } } ?> <h3>Please choose a Worker</h3> <form method="POST" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"> <select name="mySelect" size="12"> <?php include "phpConnection.php"; $sql = "SELECT * FROM workers ORDER BY ranking"; $result = $conn->query($sql); if ($result->num_rows > 0) { while($row = $result->fetch_assoc()) { $fullName=$row["firstName"] . " " . $row["lastName"]; ?> <option value="<?php echo $row['workerID'];?>"><?php echo $fullName;?></option> <?php } // end while } // end if ?> </select> <input type="submit" value="Submit"> </form> <div> <button>cancel</button> </div> </div> Link to comment Share on other sites More sharing options...
justsomeguy Posted July 18, 2018 Share Posted July 18, 2018 If you want to include multiple values and then separate them, you can, but make sure you validate everything. You wouldn't want someone to submit a combination that isn't actually in the database. In other words, you still need another trip to the database for validation, so you're not saving anything by doing that. Link to comment Share on other sites More sharing options...
Gilbert Posted July 18, 2018 Author Share Posted July 18, 2018 Thanx justsomeguy - I think what you're basically saying is that I did it correctly - that I have the right idea. I'm not sure I follow you on the 'validation' part because I'm getting the information from a database and asking the user to click on one of the options in the combo box list. Where is the validation needed? I think I'm missing where a user could inject malicious code. Thanx.... Link to comment Share on other sites More sharing options...
justsomeguy Posted July 18, 2018 Share Posted July 18, 2018 No one has to use your form, if you have a page that accepts input from $_GET or $_POST anyone can send anything they want to that page. Make sure you validate your inputs. 2 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now