$_POST accessing the "id" element of an <option> tag

[xwielder]

<?php
   if (isset($_POST['submit']))
   {
      // Grab the selected value
      $optionValue = $_POST['subscriptionLevel'];
      
      // Grab the id of the selected value  ** HOW DO I DO THIS? **
      $optionID = ?????????????????????????;
   }
?>
<html>
   <body>
      <form name="form" method="post" action="">
         <table>
            <tr>
               <td>
                  <label for="subscriptionLevel"></label>
                  <select name="subscriptionLevel" id="subscriptionLevel">
                     <?php do { ?>
                        <option id="<?php echo $dbRowResult['sub_level']; ?>" value="<?php echo $dbRowResult['sub_price']; ?>"><?php echo $dbRowResult['sub_desc']; ?></option>
                     <?php } while ($dbRowResult = $db->dbGetRow($dbQueryResult)); ?>
                  </select>
               </td>
               <td>
                  <label>
                     <input type="submit" name="submit" id="submit" value="submit">
                  </label>
               </td>
            </tr>
         </table>
      </form>
   </body>
</html>

 

How do I grab the id of the selected value?

 

Thank you.

[ManiacDan]

The ID is not posted, only the name and value.  If you must get two values out of a single element, make the "value" a delimited string.

 

-Dan

[xwielder]

Okay, I'll use a delimeted concatenated value to parse thru.

Too bad the $_POST array doesn't contain all attributes and/or children of html tags.

 

Thanks for the suggestion.

[ManiacDan]

Why would you expect it to?  What good would it do under normal circumstances to be able to grab the style of the HTML element out of POST?  The whole purpose of the functionality is to allow users to post values into named fields.  The ID (which you assigned in the HTML, cannot change, and should be associated with the name) isn't something you should be wasting bandwidth transmitting.

 

-Dan

[Psycho]

The "price" is one of the properties of the "sub_level" in your database. You should not be passing the price as the value of the option field. You should be passing the "sub_level" as the value for the options. Then use that value of the receiving page to query the database and retrieve the correct price.

 

By including the price in the actual submitted value you are leaving yourself open to usersmanipulating the prices since they can manipulate the submitted data.

[xwielder]

@ManiacDan - All I said was thank you for your suggestion.  It was sound advice.

 

@mjdamato - Although your comment has nothing to do with the posted issue, you offer good advice to the person that would actually do what you're assuming I'm doing in a live environment.  I'm not, but I do understand your concern.

 

Anyway... this is working great:

<?php
   if (isset($_POST['submit']))
   {	
      $optionArray = preg_split("/;/", $_POST['subscriptionLevel']);
      $mySession->setSessionVars("SUBLVL", $optionArray[0]);
      $mySession->setSessionVars("SUBLVLPRICE", $optionArray[1]);
      $mySession->setSessionVars("SUBLVLPRICETERM", $optionArray[2]);
      $mySession->setSessionVars("SUBLVLPRICETERMREC", $optionArray[3]);
   }
?>

<html>
   <body>
      <form name="form" method="post" action="">
         <table>
            <tr>
               <td>
                  <label for="subscriptionLevel"></label>
      
                     <select name="subscriptionLevel" id="subscriptionLevel">
	                                
                        <?php do { ?>

                           <?php
                              $theValue = $dbRowResult['sub_level'] . ";" . $dbRowResult['sub_price'] . ";" . $dbRowResult['sub_price_term'] . ";" . $dbRowResult['sub_price_term_rec'];
                           ?>

                           <option value="<?php echo $theValue; ?>"<?php echo ($dbRowResult['sub_level'] == '0' ? " selected":""); ?>><?php if ($dbRowResult['sub_level'] == '0') { echo $dbRowResult['sub_price']; } else { echo ($dbRowResult['sub_price'] . " " . $dbRowResult['sub_price_term'] . " (" . $dbRowResult['sub_price_term_rec'] . ")");} ?></option>

                        <?php } while ($dbRowResult = $db->dbGetRow($dbQueryResult)); ?>
	                              
                    </select>
               </td>
               <td>
                  <label>
                     <input type="submit" name="submit" id="submit" value="submit">
                  </label>
               </td>
            </tr>
         </table>
      </form>
   </body>
</html>

 

Again, thank you.  Everything's working perfectly.

[Psycho]

@mjdamato - Although your comment has nothing to do with the posted issue, you offer good advice to the person that would actually do what you're assuming I'm doing in a live environment.  I'm not, but I do understand your concern.

 

Huh? With all due respect, my commentswere to explain why what you are asking for is not feasible/advisable. As ManiacDan already stated the purpose of passing data from a form is to do so in a name/value format. Sending data that you already have available from the database will eventually lead to data inconsistencies and/or corruption. It is just a bad practice. But, it is your application, so do with it what you will. I believe (as would most seasoned developers) that it is a poor practice.

 

Plus, since this code is for a registration page (step 4 of 6 to be exact) you are leaving the door open for a user to sign up for subscription level 10 (which should be $19.99 per month recurring) for free.

[Psycho]

LOL. I just signed up on your site using a fake email address and bypassing the confirmation code, by using sql injection. 

 

If I wanted to be really mean I'd try to use your donation page to try and submit a negative amount, but I'm not into stealing, just trying to advise on better methods.

[ManiacDan]

As mjdamato has pointed out, sometimes we give extra information where advice is needed.  You seemed to not understand what forms are actually for and how they're used, so I attempted to explain them using a rhetorical question.

 

Take your site down right now and secure it before putting it back up.

 

-Dan