Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
i am trying to make a combo box, choose from a list or type in new. i
lifted code from another page i did that had the drop-down list, and
tried to add it to several text boxes. it is not pushing the choice
choosen from the drop-down on to the nextpage/sql. frustraded, i
didn't do much more then copy pasta from the other page, just massaged
it a little to fit in, just does not work. have excluded the fluff
html surrounding this, just imagine basic html,head,body tags.


$host="localhost"; // Host name
$username="name"; // Mysql username
$password="pword"; // Mysql password
$db_name="name"; // Database name
$tbl_name="othername"; // Table name
mysql_connect("$host", "$username", "$password")or die("cannot
mysql_select_db("$db_name")or die("cannot select DB");
$result = mysql_query("SELECT DISTINCT client FROM client ORDER BY
client ASC") or die(mysql_error());
echo '<form action="./page5.php" method="post"><pre>';
echo 'Client          ';
echo '<select name="option">';
while($row= mysql_fetch_array($result)){
echo "<option value=\"$row[client]\">$row[client]</option>\n";}
echo '</select>';
echo '<input type="text" maxlength="70" name="Client"><br />';
echo 'Site            <input type="text" maxlength="70"
name="Site"><br />';
echo 'First,Last Name <input type="text" maxlength="20"
name="Uname"><br />';
echo 'User ID         <input type="text" maxlength="20"
name="Uid"><br />';
echo 'Password        <input type="text" maxlength="20"
name="Password"><br />';
echo 'Status          <input type="text"  maxlength="20"
name="Status"><br />';
echo '<input type="submit" value="submit" name="submit"><br />';
echo '</pre></form>';
if(isset($_POST['Client'])) $Client = $_POST['Client'];
if(isset($_POST["Site"])) $Site = $_POST["Site"];
if(isset($_POST["Uname"])) $Uname = $_POST["Uname"];
if(isset($_POST["Uid"])) $Uid = $_POST["Uid"];
if(isset($_POST["Password"]))    $Password = $_POST["Password"];

Re: combobox

On 3/7/2012 1:15 PM, ecu_jon wrote:
Quoted text here. Click to load it

It would be nice if you could at least put some effort and clean up this
code so it is a bit more readable since you are asking others to
decipher it.

So I will work backwards.

What code is on page5?

What do you get on page5 if you add


Re: combobox

here is page5
there is the first 6 lines that set up stuff to connect to db.
the 4 if isset's get the Post variables from inputpage(above)
then the mysql insert into db command.
and it looks like it mangled the longer lines. the sql statement will
probably come out weird.
<link rel="stylesheet" type="text/css" href="mystyle.css" />
$Status = $_POST["Status"];
$host="localhost"; // Host name
$username="user"; // Mysql username
$password="password"; // Mysql password
$db_name="name"; // Database name
$tbl_name="name"; // Table name
mysql_connect("$host", "$username", "$password")or die("cannot
connect"); //sql connection to db
mysql_select_db("$db_name")or die("cannot select DB"); //select db sql
if(isset($_POST['Client'])) $Client = $_POST['Client']; //check if
value from POST, sev variable to value
if(isset($_POST["Site"])) $Site = $_POST["Site"];
if(isset($_POST["Uname"])) $Uname = $_POST["Uname"];
if(isset($_POST["Uid"])) $Uid = $_POST["Uid"];
if(isset($_POST["Password"]))    $Password = $_POST["Password"];
mysql_query("INSERT INTO client
(client, site, user, userid, password, status) VALUES('$Client',
'$Site', '$Uname', '$Uid', '$Password', '$Status') ")
or die(mysql_error());  //insert above variables into db
echo "user added".$Client;
<a href="./login_success.php">Back Home</a>

Re: combobox

On 3/8/2012 8:27 AM, ecu_jon wrote:
Quoted text here. Click to load it

What a mess.

First of all, as Scott indicated, if you want help, make the effort to
clean up your code.  This may mean you actually have to do something
other than cut and paste - that is, you might have to actually put a
little effort into formatting your test.

Also, you never posted the contents of the $_POST superglobal like Scott

As to your problems.  First of all, don't use "or die('message')" in
production code.  This will send invalid HTML to the browser (i.e. it
terminates all output in the middle of the page).  If the query fails,
handle it gracefully (and perhaps log the error so you can see what
happened later).

Your select box has a name of "option", but you are never referring to
that item on your second page.  That's why you're not getting anything.

You're checking to see if $_POST('Client') is set, which is good.  But
what happens if it's not set (the same for the rest of your values)?
You're still going to try to insert the data into the database, which
will result in an invalid SQL statement.

Also, try to insert the name "O'Casey".  It will fail.  ALL strings used
in SQL statements need to be processed by mysql_real_escape_string().

That's a place for you to start, anyway.

Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.

Re: combobox

i got it to work. thanks for forcing me to look again at what was
getting POST 'ed on page5. once i saw the values were not exactly what
i though, i could figure it out. i made the drop-down part of the box
a new variable, and added an option for creating a new(using the
textbox). then on page5 did a if drop-down != first option, set
variable to Client. Just below
if(isset($_POST['Client'])) $Client = $_POST['Client']; so it would
overwrite the Client variable.
did some testing, if i choose something else in drop-down nothing in
textbox, it does as expected.
if i choose first value and write in text box it adds new, as
and if you do both pick from drop-down (not first value) and write in
text it chooses the drop-down value to write to db.

now if we could just get a real combo-box option somehow ...

Re: combobox

On 3/8/2012 3:21 PM, ecu_jon wrote:
Quoted text here. Click to load it

Please reread Jerry's warning.
You said nothing about avoiding SQL-injection.
If the code stays the same, you have just opened a security hole.

SQL-injection primer:

======== WRONG ===========
$firstname = $_POST["firstname"];
$favcolor = $_POST["favcolor"];
$SQL = "INSERT INTO tblprefs (firstname,color) VALUES ";
$SQL .= "('"& $firstname  &"','"& $favcolor &"');";
some_db_execute ($SQL);

No, if $_POST["firstname"] contains something nice like "Joe" (without
the ") and $favcolor contains "blue" you'll get the following SQL:

INSERT INTO tblprefs (firstname,color) VALUES ('Joe','blue');

Which is fine. So if you test with Joe and blue you won't notice any
Now to SQL injection:

Suppose a funny guy posts the following:
$_POST["firstname"] contains: Joe
$_POST["favcolor"] contains:
ha!'); DELETE FROM tblprefs; INSERT INTO tblprefs (firstname,color)
VALUES ('Hacked by','whitehat

Now you SQL becomes:
INSERT INTO tblprefs (firstname,color) VALUES ('Joe','ha!');
DELETE FROM tblprefs;
INSERT INTO tblprefs (firstname,color) VALUES ('Hacked by','whitehat');

You don't want that SQL to execute, do you?
And all

All databases offer functions for this.

Erwin Moller

"That which can be asserted without evidence, can be dismissed without
-- Christopher Hitchens

Site Timeline