Jump to content

fetch_assoc Select Option value filter column


parrishpc

Recommended Posts

I have a form that i need to post to a database and send a email to user.

I have one page 

createmail.php 

Here is the the part of the code that works fine 

<select id="to" name="to" class="form-control">
	<?php 
	$sql = "SELECT * FROM apply_job_post INNER JOIN users ON apply_job_post.id_user=users.id_user WHERE apply_job_post.id_company='$_SESSION[id_company]' AND apply_job_post.status='2'";
	$result = $conn->query($sql);
	if($result->num_rows > 0) {
		while($row = $result->fetch_assoc()) {
			echo '<option value="'.$row['id_user'].' '.$row['email'].'">'.$row['firstname'].' '.$row['lastname'].'</option>';
		}
	}
	?>
</select>

I have another page

add-email.php

Here is the part of the code from that page that post both values from the form option select

$to .=  mysqli_real_escape_string($conn, $_POST['to']);

The problem is that the $_POST['to'] will post both $row['id_user'].' '.$row['email']. and i only need the $row['email']  but i have to have both in the string to update database with both values.

Any help would be greatly appreciated

Link to comment
Share on other sites

You need to look up how an <option> tag is designed.  One sets the 'value' attribute of the tag to be the value(s) that you want returned to your script and the info that you want the user to actually see in between the start and end tags.  YOu are including a bunch of things as the 'value' when you probably only need one thing that will identify what record you want to update.

I don't know what you mean by having to have "both" in the string in order to update the database with both values. Your database should already have these things and if not then how are they going to get there when you don't give the user anything to look at to verify his proper selection?

In your case:

	   echo '<option value="(some key value)">(some user viewable information)</option>';
	

Link to comment
Share on other sites

Oops - I see that I missed the closing > tag in my first review of this.  So - if you really need to include multiple values inside the 'value' attribute (which you shouldn't), you should separate them with some unique value.  Something like the pipe symbol perhaps ('|') and then do an explode on the 'to' value when your retrieve it from the POST array.

Care to explain why email and id are needed in the option tag?  Won't one get the other for you?  Afterall, something retrieved them both for you when you built the tag.

Link to comment
Share on other sites

Ok here is what i tried on the 

createmail.php

	<select id="to" name="to" class="form-control">
		<?php 
		$sql = "SELECT * FROM apply_job_post INNER JOIN users ON apply_job_post.id_user=users.id_user WHERE apply_job_post.id_company='$_SESSION[id_company]' AND apply_job_post.status='2'";
		$result = $conn->query($sql);
		if($result->num_rows > 0) {
			while($row = $result->fetch_assoc()) {
				echo "<option value=\"".$row['id_user']."$".$row['email']."\">".$row['firstname'].' '.$row['lastname']."</option>\n  ";
	
			}
		}
		?>
	</select>
</div>
<div class="form-group">
	<input class="form-control" name="subject" placeholder="Subject:">

	<input type="hidden" name="user_email" id="user_email "value="<?php
	if (isset($_POST['to'])) {
		$option = explode("$", $_POST['to']);
		echo $option[1];
	}
	?>" />

	<button type="submit" name="create_mail" class="btn btn-primary"><i class="fa fa-envelope-o"></i> Send</button>

Then on the 

add-email.php

if(isset($_POST['create_mail']))

$to =  mysqli_real_escape_string($conn, $_POST['user_email']);

$subject = mysqli_real_escape_string($conn, $_POST['subject']);

This does not work either i created the input hidden name="user_email"  using the explode when the submit button name="create_mail" I wanted it to post $to =  mysqli_real_escape_string($conn, $_POST['user_email']); this is where i just want the email address from the option value.

Thanks

For all the help.

 

Link to comment
Share on other sites

@parrishpc - When posting code, please use the <> button in your editor so the code appears in code tags. It makes your post easier to read. ?

As for your question, it looks like your <select> tag is in the same form as the hidden input field for the email address. Assuming that's correct, you'll need to use JavaScript to pull the value selected in the drop down to populate the hidden input field.

However, it would be better to populate the drop down values with each person's user ID (as recommended by mac_gyver). Then when the form is submitted to add-email.php you can use the ID to retrieve the selected person's email address.

Link to comment
Share on other sites

Ok I will try to explain better after some trial and error here is what i am trying to do 

I have a form with a select option value on a page create-mail.php 

<select id="to" name="to" class="form-control">
                      <?php 
                    $sql = "SELECT * FROM apply_job_post INNER JOIN users ON apply_job_post.id_user=users.id_user WHERE apply_job_post.id_company='$_SESSION[id_company]' AND apply_job_post.status='2'";
                    $result = $conn->query($sql);
                    if($result->num_rows > 0) {
                      while($row = $result->fetch_assoc()) {
						echo "<option value=\"".$row['id_user']."$".$row['email']."\">".$row['firstname'].' '.$row['lastname']."</option>\n  ";
                      }
                    }
                    ?>
                    </select>
                  </div>
                  <div class="form-group">
                    <input class="form-control" name="subject" placeholder="Subject:">
                    <input type="hidden" name="co_name" id="co_name" value="<?php echo $_SESSION['name'];?>" />
                  </div>
                  <div class="form-group">
                    <textarea class="form-control input-lg" id="description" name="description" placeholder="Job Description"></textarea>
                  </div>
                </div>
                <!-- /.box-body -->
                <div class="box-footer">
                  <div class="pull-right">
                    <button type="submit" name="create_mail" class="btn btn-primary"><i class="fa fa-envelope-o"></i> Send</button>
                  </div>
                  <a href="mailbox.php" class="btn btn-default"><i class="fa fa-times"></i> Discard</a> </div>

The option value

<option value=\"".$row['id_user']."$".$row['email']."\">

has the two values the $row['id_user'] post to my database table that dose not have the email value in it

The other value $row['email'] I would like to post to another page that sends an email that page is add-email.php

i have the line 

$message .=  $_POST['to'];       the results like this  136$email@email.com which is from the select option.

I tried to post using in a input hidden value like this

<input type="text" name="user_email" id="user_email" value="<?php $option = explode("$", $_POST['to']);
echo $option[1]; ?>"/>

Then on the add-mail.php

$message .=  $_POST['ueser_email']; 

Which dose not anything

Hope all is clear 

Any help is greatly appreciated 

 

 

Link to comment
Share on other sites

Ok i am trying to get just $row['email'] from the form select option  see the line below

echo "<option value=\"".$row['id_user']."$".$row['email']."\">".$row['firstname'].' '.$row['lastname']."</option>\n  "; 

then i have another page that is used to send the email and I want the $message= $row['email']  results only not .$row['id_user']."$".$row['email'].

when the form is submitted. 

I know i could modify the line

echo "<option value=\"".$row['id_user']."$".$row['email']."\">".$row['firstname'].' '.$row['lastname']."</option>\n  "; 

to 

echo '<option value="'.$row['email'].'">'.$row['id_user'].' '.$row['firstname'].' '.$row['lastname'].'</option>';

And then use

$message .=  $_POST['to']; to just get $row['email'].

But I also am posting the data $row['id_user'] to a database table that does not include the $row['email'].

Here is the code from the page that the form post to

<?php

session_start();

if(empty($_SESSION['id_company'])) {
  header("Location: ../index.php");
  exit();
}

require_once("../db.php");

if(isset($_POST['create_mail']))
{
   $to =  'email@email.com';
   $subject = mysqli_real_escape_string($conn, $_POST['subject']);
			          
		     $message .=  $_POST['to'];//this is where I want to post email address from select option from the create-mail.php page

			 $headers[] = 'MIME-VERSION: 1.0';
			 $headers[] = 'Content-type: text/html; charset=iso-8859-1';
			 $headers[] = 'To: '.$to;

			 $result = mail($to, $subject, $message, implode("\r\n", $headers)); // \r\n will return new line. 

}
if(isset($_POST)) {
	$to  = $_POST['to'];

	$subject = mysqli_real_escape_string($conn, $_POST['subject']);
	$message = mysqli_real_escape_string($conn, $_POST['description']);
	$message .=  $_POST['to'];//this is where I want to post $row['email']

	$sql = "INSERT INTO mailbox (id_fromuser, fromuser, id_touser, subject, message) VALUES ('$_SESSION[id_company]', 'company', '$to', '$subject', '$message')";

	if($conn->query($sql) == TRUE) {
		header("Location: create-mail.php");
		exit();
	} else {
		echo $conn->error;
	}
} else {
	header("Location: create-mail.php");
	exit();
}

Thanks

 

Link to comment
Share on other sites

i recommend that you review the replies you have received in the thread, particularly this one - https://forums.phpfreaks.com/topic/307650-fetch_assoc-select-option-value-filter-column/?tab=comments#comment-1560580

it lists two security holes with the way you are doing this now and suggests a simple and secure method of doing this so that it works.

 

Link to comment
Share on other sites

Ok here is what I tried 

<?php

session_start();

if(empty($_SESSION['id_company'])) {
  header("Location: ../index.php");
  exit();
}

require_once("../db.php");

if(isset($_POST['create_mail']))
{
	
$searchUserID = $_POST['to'];
$sql = "SELECT id_user, email, firstname, lastname FROM users where id_user=$searchUserID";
$result = $conn->query($sql);

if ($result->num_rows > 0) {
    // output data of each row
    while($row = $result->fetch_assoc()) {
      $userEmail = $row["email"];
    }
} else {
    echo "No email address found";
}

   $to =  $_POST['userEmail'];
   $subject = mysqli_real_escape_string($conn, $_POST['subject']);
			          
          $message = "We at"." ". $_POST['co_name']." "."Thank You"."\r\n"; 
		 $message .= "Your user id is :"." ". mysqli_real_escape_string($conn, $_POST['to'])."\r\n";
         $message .= "Message:". "\r\n" . $_POST['description'];

			 $headers[] = 'MIME-VERSION: 1.0';
			 $headers[] = 'Content-type: text/html; charset=iso-8859-1';
			 $headers[] = 'To: '.$to;
			/$headers[] = 'Bcc: testbbc@testdoamin.com';
			 $headers[] = 'From: jobs@testdoamin.com';
			// //you add more headers like Cc, Bcc;

			 $result = mail($to, $subject, $message, implode("\r\n", $headers)); // \r\n will return new line. 

}
if(isset($_POST)) {
	$to  = $_POST['to'];

	$subject = mysqli_real_escape_string($conn, $_POST['subject']);
	$message = mysqli_real_escape_string($conn, $_POST['description']);

	$sql = "INSERT INTO mailbox (id_fromuser, fromuser, id_touser, subject, message) VALUES ('$_SESSION[id_company]', 'company', '$to', '$subject', '$message')";

	if($conn->query($sql) == TRUE) {
		header("Location: mailtest.php");
		exit();
	} else {
		echo $conn->error;
	}
} else {
	header("Location: mailtest.php");
	exit();
}

The line       $userEmail = $row["email"];

I would like the results in this line

   $to =  $_POST['userEmail'];

Basically what i am trying to do is from my form page I have the select option line

  echo '<option value="'.$row['id_user'].'">'.$row['firstname'].' '.$row['lastname'].'</option>';

I use the id_user to lookup the email in the database on the posttest.php with this

$searchUserID = $_POST['to'];
$sql = "SELECT id_user, email, firstname, lastname FROM users where id_user=$searchUserID";
$result = $conn->query($sql);

if ($result->num_rows > 0) {
    // output data of each row
    while($row = $result->fetch_assoc()) {
      $userEmail = $row["email"];
    }
} else {
    echo "No email address found";
}

This looks up the email fine when i try this

$searchUserID = $_POST['to'];
$sql = "SELECT id_user, email, firstname, lastname FROM users where id_user=$searchUserID";
$result = $conn->query($sql);

if ($result->num_rows > 0) {
    // output data of each row
    while($row = $result->fetch_assoc()) {
      echo $row["email"];
    }
} else {
    echo "No email address found";
}

But I need the value to post $to = 

Hope this will clarify more what I trying to do

Thanks again.

 

 

Link to comment
Share on other sites

Since you are no longer attempting to pass the email address through the online form, which is good, the $_POST['userEmail'] will always be blank. Instead, the email address comes from your database.

Try changing this

$userEmail = $row["email"];

to this

$to =  $row["email"];

Note that you will also need to remove the following line:

$to =  $_POST['userEmail'];

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.