select form item populated from SQL table: how to save more variables data rather than its value alone?

[Dancode]

Hello,

I have a SQL table structured that way:

 

Quote

    Id_value         |              id_group_value                 |             name_group_value        |             name_value

 

 

 

I build a php/sql query to create a dropdown form getting its values which work like that:

 

    <label>item</label>                                                

    <?php

                $result = $conn->query("select id_ value,id_ group _ value, name _ group_ value, name_value FROM table WHERE id_ group _ value = 0");

 

                echo "<select name='name_value' ><option value='' disabled selected>choose value</option>";

                               

                while ($row = $result->fetch_assoc()) {

                                               unset($idv, $namev);

                                                $idv = $row['id_value'];

                                                $namev = $row['name_value'];

                                               $id_gv = $row['id_group_value'];

                                                $id_v = $row[' name_group_value '];                                                                                                                                

                                                echo '<option value="'.$ idv.'">'.$namev.'</option>';

                

                                                                                                                                              }

                                                                                                                             

                echo "</select>";

 

 

 

I can easily save values from that select form item using a '$_POST[form_item]' which I do this way and means get the $idv variable:

 

 

                $sql = "INSERT INTO table (form_select_value)

                                                                                                                             

                VALUES ('$_POST[name_value]')";

 

 

 

What should I do to save another extracted value which I retrieved from the original SQL query, let’s say $namev variable, together?

[Barand]

You must find it very difficult working with a database where all the tables have the name "table"

Having got the id value from the dropdown in $_POST['name_value'] you can query the table on the second page to get the associated name.

INSERT INTO table2 (form_select_value, form_select_name) SELECT id_value, name_value FROM table1 WHERE id_value = ?

If you are using a relational database you need to read up on data normalization and design your tables correctly. (group name should only be in a table which defines the groups, not in every member of that group)

Edited November 5, 2018 by Barand

[Dancode]

of course I did a mistake when wrote the answer, there are table1 and table2 - thanks for your attention

 

I apologize but did not really catch what you are telling me. In the first part of your statement:

4 hours ago, Barand said:

INSERT INTO table2 (form_select_value, form_select_name)

It is correct that form_select_value and for_select_name are the same? (this being the name of the input field)

 

 

in the second part of this statement:

SELECT id_value, name_value FROM table1 WHERE id_value = ?

1. Do you mean this is replacing the VALUES declaration?

        1a. If not, this should fill the VALUES of both data or only related to the second one?

2. What is doing the question mark at the end: should be replaced from a variable? Which?

[Barand]

INSERT ... SELECT ... is a form of insert statement that lets you select data from one table and insert the results into another table. (see mysql manual)

You should use prepared statements and not place user data directly into the query string. The "?" is a placeholder to hold the parameter value EG

$id = 123;

$stmt = $pdo->prepare("SELECT x,y,z FROM mytable WHERE id = ?");
$stmt->execute( [$id] );
$row = $stmt->fetch();
echo $row['x'];

 

[Dancode]

I understand this replace the VALUES declaration.

It seems me my semplification is causing some extra explaination problems, the form is quiet large including much more fields than those two. How can I mix that?

From my (poor) knowledge statement are useful to prevent SQL injection, being my purpose to run those pages in local are there other functional reason I should use it?

[Barand]

11 minutes ago, Dancode said:

It seems me my semplification is causing some extra explaination problems, the form is quiet large including much more fields than those two. How can I mix that?

We can only give you an answer based on the information you give us. You need to adapt the answer given to you regarding the small picture, which you gave us, to the big picture.