emedal63 Posted October 16, 2010 Share Posted October 16, 2010 Hi, I'm new to PHP/MySQL and need some help getting my query to work for my selection list: The selection list is built with: <form action='processformmissing.php' method='POST'> <fieldset> <legend>Choose Department</legend> <select name='depart'> <option value=''></option> <?php while ($row = mysqli_fetch_array($result)) { extract($row); echo "<option value='$department'>$department</option>\n"; } ?> </select> <p><input type='submit' value='Select Department' /></p> </fieldset> </form> The data is then sent to: $depart = $_POST['depart']; $deptlike = "%".$depart."%"; echo "<p>$depart</p>"; echo "<p>$deptlike</p>"; $query = "SELECT * FROM lifecerts INNER JOIN employees ON lifecerts.cid = employees.cid WHERE department LIKE '$deptlike' ORDER BY employees.name"; Hitting the submit button from my selection list form seems to be working fine because when I echo my data ($depart and $deptlike) it is giving me the correct value, but the query doesn't give me any results. However, if my post data comes from a text box instead of a selection list, my query works fine. Any thoughts on what I'm doing wrong??? Many thanks! Quote Link to comment Share on other sites More sharing options...
Gighalen Posted October 16, 2010 Share Posted October 16, 2010 Try adding double quotes around the value attribute. <form action='processformmissing.php' method='POST'> <fieldset> <legend>Choose Department</legend> <select name='depart'> <option value=''></option> <?php while ($row = mysqli_fetch_array($result)) { extract($row); echo "<option value="'.$department.'">$department</option>\n"; } ?> </select> <p><input type='submit' value='Select Department' /></p> </fieldset> </form> Quote Link to comment Share on other sites More sharing options...
rwwd Posted October 16, 2010 Share Posted October 16, 2010 Have you echoed the actual sql to screen so that you can see how the string has been populated, and hopefully from that it has been done correctly. I would also HIGHLY recommend you sanitising the $_POST data before using it in the sql query, protect your database, just using mysqli_real_escape_string() around the $_POST var, will greatly reduce injection attempts by 'escaping' the data being inserted. Rw Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.