genista Posted September 16, 2016 Share Posted September 16, 2016 I have a dropdown where the options are pulled from a database into an array for display. This works fine, what I am trying to understand is how to incorporate showing the selection a user has made previously that was written to a table. I understand how to do this without an array (by checking if it is set and then pushing selected to display it) but this I am struggling with. I have a value pulled from a select statement, if that is set I want to mark the right value in the dropdown as selected. This below is not displaying that, it just shows the first option in the drop down. What am I missing? $statid is set from a select statement earlier in the script, printing it displays the value no problem result_stat_query = $DB_con->prepare('SELECT statid, stat_name FROM stats ORDER BY statid'); $result_stat_query->setFetchMode(PDO::FETCH_ASSOC); $result_stat_query->execute(); $row_stat = $result_stat_query->fetchAll(); echo "<select name='stat_id' onchange='filterContent(this);'>"; foreach ($row_stat as $r) { if (isset($statid)){ echo "<p>statid=$statid</p>"; echo '<option value='.$statid.'>'.$r['stat_name'].'</option>'; } else{ // first run echo '<option value="'.$r['statid'].'">'.$r['stat_name'].'</option>'; } } echo "</select>"; Thanks, G Quote Link to comment Share on other sites More sharing options...
Solution cyberRobot Posted September 16, 2016 Solution Share Posted September 16, 2016 You could try something like the following: echo "<select name='stat_id' onchange='filterContent(this);'>"; foreach ($row_stat as $r) { echo '<option value="'.$r['statid'].'"'; if (isset($statid) && $statid==$r['statid']){ echo ' selected="selcted"'; } echo '>'.$r['stat_name'].'</option>'; } echo "</select>"; Quote Link to comment Share on other sites More sharing options...
genista Posted September 16, 2016 Author Share Posted September 16, 2016 Spot on thank you so much! Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted September 16, 2016 Share Posted September 16, 2016 The code is still far from perfect. While it's great that you're using prepared statements to prevent SQL injections, you haven't done anything about JavaScript injection (aka cross-site scripting). You need to apply HTML-escaping as well. No need for prepared statements when you neither have parameters nor execute the query multiple times; just use PDO::query() in those cases Don't fetch all rows when you just want to iterate over the result set; a PDOStatement itself can be used in a foreach loop. Set a default fetch mode so that you don't have to specify PDO::FETCH_ASSOC over and over again. Don't clutter your code with HTML fragments and inline JavaScript. Keep the different languages separate. <?php const APP_HTML_ENCODING = 'UTF-8'; // enter your character encoding here function html_escape($raw_input, $encoding = APP_HTML_ENCODING) { return htmlspecialchars($raw_input, ENT_QUOTES | ENT_SUBSTITUTE, $encoding); } <?php // application logic goes here $statsStmt = $DB_con->query('SELECT statid, stat_name FROM stats ORDER BY statid'); // end of application logic ?> <!-- now the HTML part --> <select name="stat_id"> <?php foreach ($statsStmt as $stat): ?> <option value="<?= html_escape($stat['statid']) ?>" <?php if ($statid == $stat['statid']): ?>selected<?php endif; ?>><?= html_escape($stat['stat_name']) ?></option> <?php endforeach; ?> </select> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.