Jump to content

Passing a variable from a drop down in a form

djs1971

By djs1971
in PHP Coding Help

 Share

Recommended Posts

djs1971 Newbie

djs1971

Posted
Posted

Complete newbie - have battled with this all day and going nowhere - completely stumped so throwing myself on your mercy!!

 

I have a simple form which has a select drop down populated from my sql database. When I hit submit nothing seems to get passed to the hidden field in the next page.

 

My code for the form is as follows:

 

<form action="selectday.php" method="get">
<select>

<?php

//connect to MySQL

$connect = mysql_connect("localhost","root","") or
die ("Could not connect to database.");

//choose the database

mysql_select_db("lakeside");

//Query from database

$sql="SELECT year_id, year FROM years"; 
$result=mysql_query($sql); 

$options=""; 

while ($row=mysql_fetch_array($result)) { 

$year_id=$row["year_id"]; 
$year=$row["year"]; 
$options.="<OPTION VALUE=\"$year_id\">".$year.'</option>';
} 
?> 

<SELECT NAME=year_id> 
<OPTION VALUE=0>Choose Year Group
<?=$options?> 
</SELECT> 

<input type="submit" />

</select>
</form>

 

Drop down works fine but does not seem to pass any data across. I believe by using GET I should see the data passed in the url?? Any advice would be great!

kenrbnsn Regular Member

kenrbnsn

Posted
Posted

First do a "show source" on the generated form to see if the HTML looks correct.

 

Second, put

<?php
echo '<pre>' . print_r($_POST,true) . '</pre>'
?>

at the start of the processing script. This will show you what is being sent from the form to your script.

 

Ken

Psycho Prolific Member

Psycho

Posted
Posted

Assuming you see values in the drop-down the query is apparently not failing. Have you verified that the options actually have values? Do a view source on the HTML page to see if the $year_id is getting set correctly.

 

[edit]OK: on looking at the code again you have TWO select fields. The first one at the top has no name and is not closed until after the second select list. Also, your first option has no closing tag. The problem is incorrectly formatted HTML

 

<?php

//connect to MySQL
$connect = mysql_connect("localhost","root","") or
die ("Could not connect to database.");

//choose the database
mysql_select_db("lakeside");

//Query from database
$sql = "SELECT year_id, year FROM years"; 
$result = mysql_query($sql); 

$options="<option value=\"0\">Choose Year Group</option>\n"; 
while ($row=mysql_fetch_array($result))
{
    $options .= "<option value=\"{$row['year_id']}\">{$row['year']}</option>\n";
} 
?> 
<form action="selectday.php" method="get">
    <select name="year_id"> 
        <?=$options?> 
    </select> 
<input type="submit" />
</form>

Psycho Prolific Member

Psycho

Posted
Posted 

<form action="selectday.php" method="get">

Its better to use method post in your form

 

 

And what do you base that on? There's nothing inherently wrong with using GET. Although I do prefer to use POST most of the time so the address doesn't get messy.

riwan Newbie

riwan

Posted
Posted

well, many people will always assume that when you submit your form the method is always 'POST' so address won't get messy, and many other things.

You would see that  second reply by kenrbnsn also assume that, for suggesting to print the output of $_POST array

Psycho Prolific Member

Psycho

Posted
Posted

well, many people will always assume that when you submit your form the method is always 'POST' so address won't get messy, and many other things.

You would see that  second reply by kenrbnsn also assume that, for suggesting to print the output of $_POST array

OK, but you still haven't supplied a valid reason for stating "Its better to use method post in your form". That fact that someone assumed he used POST doesn't mean he should have used POST.

 

Based upon the code posted, the form consists of a single value: "name_id". So, the address will look something like "selectday.php?name_id=xxx". Although the user would be selecting the value in a form, it makes perfect sense to use GET. That way the processing page can be repurposed to use direct links if needed/wanted.

kenrbnsn Regular Member

kenrbnsn

Posted
Posted

I made a mistake when I posted that. My fingers type $_POST easier than they type $_GET... :)

 

There are two reasons that most people assume that POST is better than GET for forms

[*]When you use GET, the information is passed on the URL and makes it easier to spoof and is less secure. Using POST makes the information more secure, but a knowledgeable person can still spoof it.

[*]There is a limit on how much information you can sent via the URL

 

Ken

Psycho Prolific Member

Psycho

Posted
Posted

Valid points kenrbnsn. In this case, the form is sending only a single value. As for spoofing, I believe too many inexperienced programmers rely upon the fact that users don't directly "see" the posted data as a form of security - leading to code that can be easily compromised.

 

I'm in agreement with you, I just took exception to the previous statement "Its better to use method post in your form". It's simply not true as it stands. There are many times when using GET is appropriate over POST. It's a pet peeve of mine when people make such statements and don't provide credible reasons for it.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.