Jump to content

$_POST accessing the "id" element of an <option> tag


Recommended Posts

<?php
   if (isset($_POST['submit']))
   {
      // Grab the selected value
      $optionValue = $_POST['subscriptionLevel'];
      
      // Grab the id of the selected value  ** HOW DO I DO THIS? **
      $optionID = ?????????????????????????;
   }
?>
<html>
   <body>
      <form name="form" method="post" action="">
         <table>
            <tr>
               <td>
                  <label for="subscriptionLevel"></label>
                  <select name="subscriptionLevel" id="subscriptionLevel">
                     <?php do { ?>
                        <option id="<?php echo $dbRowResult['sub_level']; ?>" value="<?php echo $dbRowResult['sub_price']; ?>"><?php echo $dbRowResult['sub_desc']; ?></option>
                     <?php } while ($dbRowResult = $db->dbGetRow($dbQueryResult)); ?>
                  </select>
               </td>
               <td>
                  <label>
                     <input type="submit" name="submit" id="submit" value="submit">
                  </label>
               </td>
            </tr>
         </table>
      </form>
   </body>
</html>

 

How do I grab the id of the selected value?

 

Thank you.

Why would you expect it to?  What good would it do under normal circumstances to be able to grab the style of the HTML element out of POST?  The whole purpose of the functionality is to allow users to post values into named fields.  The ID (which you assigned in the HTML, cannot change, and should be associated with the name) isn't something you should be wasting bandwidth transmitting.

 

-Dan

The "price" is one of the properties of the "sub_level" in your database. You should not be passing the price as the value of the option field. You should be passing the "sub_level" as the value for the options. Then use that value of the receiving page to query the database and retrieve the correct price.

 

By including the price in the actual submitted value you are leaving yourself open to usersmanipulating the prices since they can manipulate the submitted data.

@ManiacDan - All I said was thank you for your suggestion.  It was sound advice.

 

@mjdamato - Although your comment has nothing to do with the posted issue, you offer good advice to the person that would actually do what you're assuming I'm doing in a live environment.  I'm not, but I do understand your concern.

 

Anyway... this is working great:

<?php
   if (isset($_POST['submit']))
   {	
      $optionArray = preg_split("/;/", $_POST['subscriptionLevel']);
      $mySession->setSessionVars("SUBLVL", $optionArray[0]);
      $mySession->setSessionVars("SUBLVLPRICE", $optionArray[1]);
      $mySession->setSessionVars("SUBLVLPRICETERM", $optionArray[2]);
      $mySession->setSessionVars("SUBLVLPRICETERMREC", $optionArray[3]);
   }
?>

<html>
   <body>
      <form name="form" method="post" action="">
         <table>
            <tr>
               <td>
                  <label for="subscriptionLevel"></label>
      
                     <select name="subscriptionLevel" id="subscriptionLevel">
	                                
                        <?php do { ?>

                           <?php
                              $theValue = $dbRowResult['sub_level'] . ";" . $dbRowResult['sub_price'] . ";" . $dbRowResult['sub_price_term'] . ";" . $dbRowResult['sub_price_term_rec'];
                           ?>

                           <option value="<?php echo $theValue; ?>"<?php echo ($dbRowResult['sub_level'] == '0' ? " selected":""); ?>><?php if ($dbRowResult['sub_level'] == '0') { echo $dbRowResult['sub_price']; } else { echo ($dbRowResult['sub_price'] . " " . $dbRowResult['sub_price_term'] . " (" . $dbRowResult['sub_price_term_rec'] . ")");} ?></option>

                        <?php } while ($dbRowResult = $db->dbGetRow($dbQueryResult)); ?>
	                              
                    </select>
               </td>
               <td>
                  <label>
                     <input type="submit" name="submit" id="submit" value="submit">
                  </label>
               </td>
            </tr>
         </table>
      </form>
   </body>
</html>

 

Again, thank you.  Everything's working perfectly.

@mjdamato - Although your comment has nothing to do with the posted issue, you offer good advice to the person that would actually do what you're assuming I'm doing in a live environment.  I'm not, but I do understand your concern.

 

Huh? With all due respect, my commentswere to explain why what you are asking for is not feasible/advisable. As ManiacDan already stated the purpose of passing data from a form is to do so in a name/value format. Sending data that you already have available from the database will eventually lead to data inconsistencies and/or corruption. It is just a bad practice. But, it is your application, so do with it what you will. I believe (as would most seasoned developers) that it is a poor practice.

 

Plus, since this code is for a registration page (step 4 of 6 to be exact) you are leaving the door open for a user to sign up for subscription level 10 (which should be $19.99 per month recurring) for free.

LOL. I just signed up on your site using a fake email address and bypassing the confirmation code, by using sql injection.  :wtf::o

 

If I wanted to be really mean I'd try to use your donation page to try and submit a negative amount, but I'm not into stealing, just trying to advise on better methods.

As mjdamato has pointed out, sometimes we give extra information where advice is needed.  You seemed to not understand what forms are actually for and how they're used, so I attempted to explain them using a rhetorical question.

 

Take your site down right now and secure it before putting it back up.

 

-Dan

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.