Jump to content

Query from Post Method works for Text box but not Selection List

emedal63

By emedal63
in PHP Coding Help

 Share

Recommended Posts

emedal63 Newbie

emedal63

Posted
Posted

Hi, I'm new to PHP/MySQL and need some help getting my query to work for my selection list:

 

The selection list is built with:

<form action='processformmissing.php' method='POST'>
<fieldset>
<legend>Choose Department</legend>
<select name='depart'>
<option value=''></option>

<?php
while ($row = mysqli_fetch_array($result))
	{
	extract($row);
	echo "<option value='$department'>$department</option>\n";
	}
?>
</select>
<p><input type='submit' value='Select Department' /></p>
</fieldset>

</form>

 

The data is then sent to:

$depart = $_POST['depart'];
$deptlike = "%".$depart."%";

echo "<p>$depart</p>";
echo "<p>$deptlike</p>";

$query = "SELECT * FROM lifecerts INNER JOIN employees ON lifecerts.cid = employees.cid WHERE department LIKE '$deptlike' ORDER BY employees.name";

 

 

Hitting the submit button from my selection list form seems to be working fine because when I echo my data ($depart and $deptlike) it is giving me the correct value, but the query doesn't give me any results. However, if my post data comes from a text box instead of a selection list, my query works fine. Any thoughts on what I'm doing wrong???

 

Many thanks!

Link to comment
Share on other sites
Gighalen Member

Gighalen

Posted
Posted

Try adding double quotes around the value attribute.

<form action='processformmissing.php' method='POST'>
<fieldset>
<legend>Choose Department</legend>
<select name='depart'>
<option value=''></option>

<?php
while ($row = mysqli_fetch_array($result))
	{
	extract($row);
	echo "<option value="'.$department.'">$department</option>\n";
	}
?>
</select>
<p><input type='submit' value='Select Department' /></p>
</fieldset>

</form>

Link to comment
Share on other sites
rwwd Member

rwwd

Posted
Posted

Have you echoed the actual sql to screen so that you can see how the string has been populated, and hopefully from that it has been done correctly.

 

I would also HIGHLY recommend you sanitising the $_POST data before using it in the sql query, protect your database, just using mysqli_real_escape_string() around the $_POST var, will greatly reduce injection attempts by 'escaping' the data being inserted.

 

Rw

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.