Problem in inserting partial data from dropdown to mysql using PHP

[maideen]

Hi

I have an issue to insert data from dropdown to mysql. 

It is inserting the partial data to database

Example: if selection is Account Dept, but inserted only Account.  missing Dept

                if selection is Non Active, inserted only Non. missing Active.

whatever coming after space, it cannot be inserted. It happens only in dropdown control.

 

In Database, using varchar(30) for column

 

Pls advice where I did wrong.

 

Thank you 

Maideen

 

Here is my HTML code

                                <label>Status</label>
                                <select class="form-control" data-placeholder="Choose a Category" name="status">
                                    <option></option>
                                    <?php
                                          $sql  = "select * from tbl_parameter where paramhead ='STATUS' order by paramdetails";
                                          $stmt = $pdo->prepare($sql);
                                          $stmt->execute();
                                              while ($row = $stmt->fetch())
                                              {
                                                $optvalue = $row['paramdetails'];
                                                print '<option value ='.$optvalue.'>' .$row['paramdetails']. '</option>'; 
                                                
                                              } 
                                       
                                    ?>
                                </select>

php code

if(isset($_POST['add']))
{
    if($_SERVER["REQUEST_METHOD"] == "POST")
    {
      $staffid =$_POST['staffid'];
      $staffname =$_POST['staffname'];
      $gender =$_POST['gender'];
      $department=$_POST['department'];
      $emailid=$_POST['emailid'];
      $hpno=$_POST['hpno'];
      $address=$_POST['address'];
      $city=$_POST['city'];
      $state=$_POST['state'];
      $country=$_POST['country'];
      $status=$_POST['status'];
      $createdby=$_COOKIE['username'];
      $time = strftime("%X");
      $date = strftime("%B %d,%Y");
      $createdon = date("Y-m-d H:i:s");
      $terminal=$_COOKIE['terminal'];

      $bool = true;
      $sql="insert into tbl_staff_master(staffid,staffname,gender,department,emailid,hpno,address,city,state,country,status,createdby,createdon,terminal) 
                                values ('$staffid','$staffname','$gender','$department','$emailid','$hpno','$address','$city','$state','$country','$status','$createdby','$createdon','$terminal')";
      $stmt=$pdo->prepare($sql);
      $stmt->execute();
      $pdo = null;
      print '<script>alert("Saved");</script>';
      header("location:staff_add.php");  
    }
}  

[benanamen]

Where you went wrong was creating variables for nothing, using variables in your query, not using prepared statements, not killing the script after a header redirect, using SELECT * instead of naming the columns you want, creating an unnecessary POST check for "add" when you already have the correct check in place for REQUEST METHOD.............

[Barand]

You are not creating the option values correctly.

 

Currently you are creating

<option value =Accounts Dept>

What you should create is

<option value="Accounts Dept">

Without the quotes the value is terminated at the space after Accounts.