3

I have MySQL database table like this:

Id   Value
1    Etc1
2    Etc2
3    Etc3
4    Etc4

I need to achieve HTML list like this dynamically populating data from table above:

<select>
   <option value="1">Etc1</option>
   <option value="2">Etc2</option>
   <option value="3">Etc3</option>
   <option value="4">Etc4</option>
</select>

Using PHP I could do something like:

$sql = "SELECT Id, Value FROM Tbl";
$result = mysql_query($sql);

echo "<select>";
while ($row = mysql_fetch_array($result)) {
    echo "<option value='" . $row['Id'] ."'>" . $row['Value'] ."</option>";
}
echo "</select>";

But in this case I can't use HTML extension, what means that my website address will be like:

www.mysite.com/something/index.php

instead of:

www.mysite.com/something/

Maybe It sounds silly, but It is good practice to let user access PHP files? I thought that better way is when user is redirecting to HTML files. (I don't know If there is any real disadvantage of redirecting to PHP files, but It looks better when redirecting to HTML file like .../something/ instead of .../something/index.php)

Or should I write HTML dropdown lists manually without accessing database?

Provide me correct way, please.

Improve this question
5
  • 1
    try .htaccess or you can also use ajax Commented May 3, 2017 at 7:10
  • you can use .htacces to change url Commented May 3, 2017 at 7:12
  • I didn't understand any of that Commented May 3, 2017 at 7:13
  • i am very confused here. what does .htaccess have to do with a dropdown list? and why is this question upvoted? Commented May 3, 2017 at 7:15
  • The title doesn't reflect the question. Maybe something like "Is it bad to have '.php' in your URLs?" or "How to avoid having '.php' in URLs?"? Commented May 3, 2017 at 10:58

4 Answers 4

Reset to default
2

From a security perspective, it is not bad practice to let users access PHP files.

It might be prettier to remove the extension, but it is not relevant to security. Even if you rewrite the urls via .htaccess or if you fetch the values via Ajax, as both have been suggested, you still access PHP files.
The only difference is appereance - if that is important to you, hide the extension, but you'll still be accessing PHP files - if you want to fetch the option values via PHP (there's nothing bad about that), there's no way around it.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

There are two scenario here

  1. if you want to create index.php

    Then you can use htaccess to allow user to .html or domain for index.php

  2. If you want to create index.html

    Then you can use ajax for your drop down. (in this case also if you want to allow user type index.php then you have to follow first method)

Improve this answer

3 Comments

Thank you for an answer but how about my home page? If I've used www.mysite.com/index.html I could access home page by www.mysite.com, but If I use PHP like that www.mysite.com/index.php and with .htaccess remove PHP extension I will need to access home page like this www.mysite.com/index? How could I access home page directly (www.mysite.com) and use PHP file?
@Infinity you can also create rules for www.mysite.com/index to access www.mysite.com/index.php
But I need to access www.mysite.com/index.php when entering www.mysite.com. How could I achieve It?
1

I'm bit confused from your question about what exactly you want... but, let me try to explain.

1 - According to you, if URL is www.mysite.com/something/ it means it's pointing to some .html file & if the URL is like www.mysite.com/something/index.php it's pointing to PHP file.

So, what I want to say at here... www.mysite.com/something/ doesn't mean it's pointing to any HTML file. It could be a PHP file also. You can do that by making changes in your .htaccess file.

2 - "good practice to let user access PHP files".

There is no security concern on what kind fo file you are accessing, whether it's PHP or HTML it doesn't create any security issue.

3 - About creating dropdown dynamically or Statically... it all depends on your requirements & use cases. If those drop-down list is always going to constant then maybe u don't require those data to save in DB & fetch from DB to build it. But, if it can change in different cases according to your business rules.. u can fetch this info from DB will be the right thing to do. In this way, you can avoid yourself to make any kind fo hard coding in your code.

Improve this answer

Comments

0

Its ok that not to use database if you are creating a static web site. but if you are doing a dynamic web site you must use a database. in my opinion it dose not matter if you are showing php file or not.

<select name="..." >
<?php 
$select = $db->query("SELECT * FROM table");
while($row=$select->fetch_assoc()):
?>
<option value="<?php echo $row['id']; ?>><?php echo $row['value']; ?></option>
<?php endwhile; ?>
</select>
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.