Update field based on select tag input

elmehdielfahmi183 · March 26, 2018, 1:10pm

 <form method="post" action="server.php">
        <?php include('errors.php'); ?>
<?php $db = mysqli_connect('localhost', 'root', '', 'dbai');// Establishing Connection with Server..
$qery2=  "SELECT * FROM stock ";
$produit=mysqli_query($db, $qery2);


 ?>

        <div class="input-group">
          <label>Designation</label>
          <select name="desi">
<?php
while($rang=mysqli_fetch_assoc($produit))
{

  $designat= $rang['designation'];


?>
    <option name ="" value=" <?php echo $designat;?>"><?php echo $designat; ?></option>


<?php }; ?>
  </select>
  <input type="text" name="designated" value="<?php echo $_POST['desi']; ?>" readonly>
        </div>
        <div class="input-group">
          <label>Quantité cartons</label>
          <input type="text" name="quantitt" value="<?php echo $quantitt ; ?>">
        </div>
 


        <div class="input-group">
          <button type="submit" class="btn" name="reg_ar">Enregister produit</button>
        </div>

      </form>

//php code to be executed when button clicked:

if (isset($_POST['reg_ar'])) {
  // receive all input values from the form

  $designate=$_POST['desi'];

  $quantitt = mysqli_real_escape_string($db, $_POST['quantitt']);
  $quantitu = mysqli_real_escape_string($db, $_POST['quantiu']);
  $quantitp = mysqli_real_escape_string($db, $_POST['quantip']);
  $prixt = mysqli_real_escape_string($db, $_POST['prixt']);
  $prixu = mysqli_real_escape_string($db, $_POST['priu']);
  $prixp = mysqli_real_escape_string($db, $_POST['prip']);

  // form validation: ensure that the form is correctly filled ...
  // by adding (array_push()) corresponding error unto $errors array
      if (empty($designate)) { array_push($errors, "designation is required"); }

  if (empty($quantitt)) { array_push($errors, "quantitt is required"); }

  // first check the database to make sure
  // a user does not already exist with the same username and/or email


  // Finally, register user if there are no errors in the form
  if (count($errors) == 0) {
    $query0="SELECT * FROM stock WHERE designation= '$designate' ";
      $alt0= mysqli_query($db, $query0);
  

  $query2= "UPDATE stock SET quantitt='$quantitt' WHERE designation= '$designate'";
  mysqli_query($db, $query2);
    header('location: index.php');






 
  }
}

What happens is the the “WHERE” in mysql statement does not read the input from the select tag , it works fine if I type some input , but not if i want it to get it from select tag. some helps would be much appreciated because to me everything looks fine yet its not working it’s driving me nuts. thanks

chorn · March 26, 2018, 1:55pm

var_dump($designate);
var_dump($_POST['desi']);
var_dump($_POST);

http://php.net/manual/en/security.database.sql-injection.php

elmehdielfahmi183 · March 26, 2018, 4:33pm

Could you be more specific please .

spaceshiptrooper · March 26, 2018, 5:11pm

That’s actually pretty specific. He’s telling you to use var_dump to see what each variable holds. You said your issue is that it doesn’t read any of the inputs. Your next step is to var_dump to see what gets outputted. From there, you can determine what is causing the issue.

@chorn Also provided a link to avoid SQL Injections as you are very prone to it. Switch to using prepare statements when handling user input or user data. Also, when using prepared statements, avoid deliberately putting the variable inside the SQL statement as such

WHERE column_name = '$variable'
// or
WHERE column_name = $variable
// or
WHERE column_name = "$variable"

Avoid those at all cost. This is not the proper way of using prepared statements and will lead you defenseless from attacks.

droopsnoot · March 26, 2018, 5:13pm

Is it correct that you seem to add a space to the beginning of the option values?

<option name ="" value=" <?php echo $designat;?>"><?php echo $designat; ?></option>
                   here ^

Simply displaying the value of $_POST['desi'] with var_dump() will show you if that’s the case, as @chorn mentioned above. Is there a reason to set the name parameter to nothing for each option? I don’t think that’s a valid parameter for <option> but I haven’t checked.

spaceshiptrooper · March 26, 2018, 6:41pm

I believe the option element doesn’t really require one, but select does. It only needs a value. Though I may be mistaking.

SamA74 · March 26, 2018, 6:48pm

A name attribute for an option is invalid. It is a sub-elelment of a select which holds the name attribute. The options merely provide values for the named select.

system · June 26, 2018, 1:48am

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Need Help with PHP Please PHP	11	1141	October 8, 2014
How to update a specific record in mysql from html button PHP	4	1732	May 7, 2017
Populating a form PHP	3	545	October 8, 2014
Update the content of a select tag after new data been inserted JavaScript	3	633	October 21, 2015
Echoing the value from a select option tag to another input tag PHP	5	1234	September 24, 2015

Update field based on select tag input

Related topics