2

I am currently tring to create a form wherein there is three dropdown option boxes and one submit button. All three of the dropdown boxes are populated from the database and I would like the selected options to be included into a new query and printed. This example only shows one dropdown

PHP Code

// Create connection
$con=mysqli_connect('', '', '', '');

// Check connection
if (mysqli_connect_errno($con))
{
    echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$course_dropdown ="";
$query_course = "SELECT * FROM course";
$result_course = mysqli_query($con,$query_course) or die(mysqli_error());

while($row = mysqli_fetch_assoc($result_course))
{
    $course_dropdown .= "<option value='{$row['CourseName']}'{$row['CourseName']}           </option>";
}

Above is the code that is used to create the dropdown lists

HTML

<form="index.php" method="post">
<select name="Course"><?php echo $course_dropdown; ?></select>
<input name="button" value="Submit" type="submit">

I am at a loss over what way to proceed, I have tried various different techniques but cannot come up with an answer.

Latest attempt

$course = mysqli_real_escape_string($con, $_POST['Course']);
$query = mysqli_query($con,"SELECT * FROM course_module WHERE CourseName = $course");

this brought an error

Notice: Undefined index: Course in C:\Users\seanin\Desktop\xampp\htdocs\index.php on line 33

So have edited as suggested and stil have an error, may be missing something small.

// Check connection
if (mysqli_connect_errno($con))
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$course_dropdown ="";
$query_course = "SELECT * FROM course";
$result_course = mysqli_query($con,$query_course) or die(mysqli_error());

while($row = mysqli_fetch_assoc($result_course))
{
$course_dropdown .= "<option value='{$row['CourseName']}'>{$row['CourseName']}</option>";
} 

if ($_POST['button'] == 'Submit') {
$course = mysqli_real_escape_string($con, $_POST['Course']);
$query = mysqli_query($con,"SELECT * FROM course_module WHERE CourseName = $course"); 
}

Still have this error

Notice: Undefined index: button in C:\Users\seanin\Desktop\xampp\htdocs\index.php on line 30

submit button issue

Nearly done, thanks for all the help so far.

What do I need to do to get the results and print them???

Improve this question
10
  • 2
    Don't just use $_POST variables into MySQL query's; escape them properly or better, use prepared statements. Commented Mar 17, 2013 at 15:37
  • you can escape value by mysql_real_escape_string($_POST['my_key']) Commented Mar 17, 2013 at 15:40
  • that was my last ditch attempt I have tried to delare "Course" as a variable but I recieve the error message "Course" not indexed. Commented Mar 17, 2013 at 15:40
  • Notice: Undefined index: Course in C:\Users\seanin\Desktop\xampp\htdocs\index.php on line 33 Commented Mar 17, 2013 at 15:43
  • 1
    @kirugan: The OP is using mysqli_* functions, so Seanin should use mysqli_real_escape_string. Commented Mar 17, 2013 at 15:44

2 Answers 2

Reset to default
2

The reason why your dropdown is not working is missing " > " replace the line inside while loop with this

$course_dropdown .= "<option value='{$row['CourseName']}'>{$row['CourseName']}</option>";
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Don't forget to use htmlspecialchars to prevent XSS when echoing variables.
The dropdown is working 100% I want to take the selected item from the dropdown and run a query using the string selected
2

Please read about SQL injections. They can destroy your life.

I reckon that you are trying to access 'Course' in the following line and it is not defined:

$course = mysqli_real_escape_string($con, $_POST['Course']);

Are you able to submit the page? There is an error in your HTML form: <form="index.php" is not a valid HTML tag so you are not able to submit the page, that is if you posted the exact code you are using. Your form should be:

<form action="index.php" method="post">
<select name="Course"><?php echo $course_dropdown; ?></select>
<input name="button" value="Submit" type="submit">
</form> <!-- and don't forget the closing tag -->

You can check whether the page was submitted or not by doing something like this:

if ($_POST['button'] == 'Submit') {
    $course = mysqli_real_escape_string($con, $_POST['Course']);
     // please note the missing single quotes, and please read the first line of my answer
    $query = mysqli_query($con,"SELECT * FROM course_module WHERE CourseName = '$course'");
}

There is also an invalid HTML syntax in the following line:

$course_dropdown .= "<option value='{$row['CourseName']}'{$row['CourseName']}           </option>";

The format for <option> is: <option value="value">label</option>.

Improve this answer

11 Comments

Don't forget to use htmlspecialchars to prevent XSS when echoing variables. And there's still an SQL injection vulnerability, surround $count by single quotes.
if ($_POST['button'] == 'Submit') { is giving me bother Notice: Undefined index: button in C:\Users\seanin\Desktop\xampp\htdocs\index.php on line 30
@SeaninLedgewood: Then $_POST['button'] is not defined, perhaps due to your malformed markup. Change the form to the above mentioned syntax.
@SeaninLedgewood: Strange, you're not redirecting somewhere? Do you have an example page? Or a phpfiddle.org?
im redirecting to the page im using, index.php. After I hit the submit button the error disappears
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.