473,473 Members | 1,415 Online
Bytes | Software Development & Data Engineering Community
Create Post

Home Posts Topics Members FAQ

How to make php parsing script to insert "<option> from <select>" into database?

ilya Kraft
134 New Member
Hello,

Alright so I have had this problem for a while. I have a page on a website where members write their articles and they select a category that is relevant to that article. I have made a following <select> form with <options>

Expand|Select|Wrap|Line Numbers
  1. <SELECT NAME="Categories">
  2. <OPTION VALUE="option 1">option 1
  3. <OPTION VALUE="option 2">option 2
  4. <OPTION VALUE="other ....">other ...
  5. </SELECT>
  6.  
I need to insert selected option into database table called "articles" into field named "Category". How do I make a PHP parsing script that inserts selected value into database ???

Thank You )))

I also made this image that kind of shows what I want to do, so you can understand better.
http://bytes.com/attachment.php?atta...2&d=1307376479
Attached Images
File Type: jpg preview.jpg (59.7 KB, 1005 views)
Jun 6 '11 #1
13 4516
dlite922
1,584 Recognized Expert Top Contributor
<select> works just like <input>, grab it like you grab the rest of the fields with $_POST, $_GET, or $_REQUEST.

Make sure you still clean the values like an <input> to avoid sql injection attacks before putting it in your database.

Dan
Jun 6 '11 #2
ilya Kraft
134 New Member
Hello Dan,

Thnx for reply, The thing is I have little experience with php and just started working with server side aspect of it. If it's not hard for you could you please explain it in more depth? I've done a little research on $_POST method and here is what I understood so far. I would have something like this, a variable with post function.

Expand|Select|Wrap|Line Numbers
  1. $category = $_POST['Categories'];
  2.  
Than I would connect to my database and use $sql to put in the category, so I would have something like this

Expand|Select|Wrap|Line Numbers
  1.  $sql = mysql_query("INSERT INTO articles (category) VALUES ('$category')") 
  2.  
  3.  or die (mysql_error());
  4.  
So then I can filter by category (for example category of option1) by using something like $sql2 that looks like this.

Expand|Select|Wrap|Line Numbers
  1. sql2 = ("SELECT * FROM articles WHERE category=option1");
  2.  
Am I right so far or do I miss something And also could you explain what do you mean by cleaning the values to prevent sql injections?

Thank you ))) sorry for asking so many questions :/
Jun 6 '11 #3
nathj
938 Recognized Expert Contributor
In a nutshell the SQL Injection can be prevented by making sure a given $_POST variable is exactly what you expect it to be. So if you are expecting just a date check that it is a date.

This article here looks good but I haven't read it all yet.

I did take a quick look over the code and I thiknk you are heading in the right direction. I would suggest testing it and posting any errors you may encouter.

Cheers
nathj
Jun 9 '11 #4
ilya Kraft
134 New Member
Alright ))) so for example in my option list I will have something like "Animals,Home,Cars ..." so to prevent sql injections I would filter all numbers and symbols out so I only get letters as I only use them in option list?
Jun 9 '11 #5
nathj
938 Recognized Expert Contributor
That shoudl do it yeah. In a nutshell ensuring that any data passed to the server is as expected is the way to prevent SQL Injection attacks.

Cheers
nathj
Jun 10 '11 #6
ilya Kraft
134 New Member
Hi,

I have tried to finalize it ))) and it works, but I have issue with story title. It doesn't get stored and when I look into database instead of title I see blank space ((( I store title in st_title field. Do you have any ideas what's wrong?

Here is parsing script I use:

Expand|Select|Wrap|Line Numbers
  1. //Parsing Story
  2. if ($_POST['parse_var'] == "submitstory"){
  3.     $storyTitle = $_POST['storyTitle'];
  4.     $category = $_POST ['categories'];
  5.     $theStory = $_POST['myStory'];
  6.         include ("scripts/connect_to_mysql.php");
  7.         $auth_name = $_SESSION['username'];
  8.         $Articlesql = mysql_query("INSERT INTO stories (auth_id, auth_name, cr_date, st_title, st_category, st_body) VALUES('$id','$auth_name', now(), '$storyTitle','$category','$theStory')")
  9.         or die (mysql_error());
  10.  
And here is HTML for <form> I use:

Expand|Select|Wrap|Line Numbers
  1. <form action="story.php" method="post" enctype="multipart/form-data">
  2.                 Title:<br>
  3.                 <input name="stroyTitle" type="text" size="50" maxlength="50" value="<?php echo $storyTitle; ?>" />
  4.                 <br>
  5.                 Your Story:<br>
  6.                 <textarea name="myStory" class="tinymce" cols="39" rows="1" /><?php echo $myArticle; ?></textarea>
  7.                 <br>
  8.                 Select Category<br>
  9.                 <select name="categories">
  10.                     <option value="<?php print "$category";?>"><?php print "$category";?></option>
  11.                     <option value="Love">Love</option>
  12.                     <option value="Work">Work</option>
  13.                     <option value="Sex">Sex</option>
  14.                     <option value="Money">Money</option>
  15.                     <option value="Kids">Kids</option>
  16.                     <option value="Health">Health</option>
  17.                     <option value="Friends">Friends</option>
  18.                     <option value="Education">Education</option>
  19.                     <option value="Other">Other</option>
  20.                 </select>
  21.                 <br><br>
  22.                 <button name="addStory" type="submit" id="addStory">Submit</button>
  23.                 <input name="parse_var" type="hidden" value="submitstory" />
  24.                 <input name="thisWipit" type="hidden" value="<?php echo $thisRandNum; ?>" /></td>
  25.  
  26. </form>
  27.  
Jun 11 '11 #7
nathj
938 Recognized Expert Contributor
Hi,

Good progress has been made. The trouble you know have is a classic typing error.

The form contains an item named stroyTitle and you are accessing a POST variable storyTitle.

I suggest you change the name in the form and all should be well.

Cheers
nathj
Jun 11 '11 #8
ilya Kraft
134 New Member
Oh ;D my bad, it works now )), but I couldn't make that moderation system we were working on, I can't create a field (showing), I always get sort of error, I'll link a screenshot of what I'm doing maybe you could point what's wrong with values I enter.

Thank You very much for your great help )))

here is the screenshot;
inelmo.com/db_showing.jpg
Jun 11 '11 #9
nathj
938 Recognized Expert Contributor
I took a look and the field length shoul be 1. You can set a default value of 0.

Changing the length should allow you to create the field which you can then use as de discussed previously.

Thanks
nathj
Jun 11 '11 #10
ilya Kraft
134 New Member
Well, looks like it should work now ))) I can manually change it from 0 to 1 now ))) Thank You very much ))) One last question about that checkbox, say I have account types and one of them is admin so I can see that checkbox, how would I use it? I mean what condition do I need to set "showing" to 1 if checkbox is clicked? Do I use $_POST again or something additional?

Thnx again )))
Jun 11 '11 #11
Markus
6,050 Recognized Expert Expert
Can you please clarify? Is your latest question: how to display a checkbox is user is an administrator, otherwise do not display it?
Jun 11 '11 #12
ilya Kraft
134 New Member
Hello,

Sory for confuse, what I meant was "Let's assume that I have admin system, what would be the php script for admin checkbox to set value of (showing) from 0 to 1" Nothing about displaying checkbox to admin or normal user )))
Jun 11 '11 #13
nathj
938 Recognized Expert Contributor
Hi,

I normally use a little javascript so when the box is checked I set the value to 1 and when it is unchecked set the value to 0. Then you can use $_POST to access the value. You may need to parse it from a string to an int to put it in the db.

nathj
Jun 12 '11 #14

Sign in to post your reply or Sign up for a free account.

Similar topics
6
problem with <select multiple="true">
by: Rolf Wester | last post by:
Hi, I have a form with a select element with multiple="true". When using the GET method (I suppose the same happens with the POST method) I can seen that the form sends channels=CH1&channels=CH2...
Latest Bytes
1
array query with multiple <SELECT> form field
by: Burton Figg | last post by:
I have a SELECT statement which holds a list of times (for adding appointments to a database): e.g. <select name="time" id="time" size="3" multiple> <option value="00:00">00:00</option>...
Latest Bytes
4
scrolling through a <select> control
by: headware | last post by:
I have a <select> control that contains many entries. It allows the user to multi-select a group of them, click a button, and store the selected data in a database. Normally they do this starting...
Latest Bytes
7
IE won't see <SELECT> fields
by: | last post by:
I can't get IE 6 to read the values in my <SELECT..> data entry fields. Netscape 7 and Opera see them, and IE will pass the values to the database, but the javascript validation script gets a null...
Latest Bytes
6
Dumb question about using a <SELECT> menu to change the state of<SELECT> menu...
by: Bonge Boo! | last post by:
This has got to be obvious, but I can't make it work. I have a form called with 3 pull down menus. They are linked to a database which generates the values for the <SELECT? Pull-downs. Lets...
Latest Bytes
6
Can't make this page work
by: scottyman | last post by:
I can't make this script work properly. I've gone as far as I can with it and the rest is out of my ability. I can do some html editing but I'm lost in the Java world. The script at the bottom of...
Latest Bytes
7
Client-Side JavaScript Problem in runat=server "<SELECT>"
by: Alex Maghen | last post by:
I have some client-side JavaScript that I want to run whenever a pulldown <SELECT> is changes on th client. I'm trying to do this as follows... <select id="MyPulldown"...
Latest Bytes
5
<select> value ?
by: = poster = | last post by:
Hi all , I have a script which let the user choose between four days : Day: <select name=\"day\" value=\"$day\"> <option value=\"01\">1</option> <option value=\"02\">2</option> <option...
Latest Bytes
1
Controlling the sort order for records retrieved from an Access database
by: Brit | last post by:
I have an ASP file that retrieves names from an Access database for 4 different categories of membership, which the visitor to the page selects (corporate, institutional, regular, or student). The...
Latest Bytes
14
<select onchange="this.form.submit()"> and Submit button on one form
by: white lightning | last post by:
How to have <select onchange="this.form.submit()"and also a Submit button on one form? I have something like this: <form action="<?php $_SERVER; ?>" method="post"...
Latest Bytes
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Latest Bytes
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Latest Bytes
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Latest Bytes
1
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Latest Bytes
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
Latest Bytes
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Latest Bytes
0
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
Latest Bytes
0
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Latest Bytes
0
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
Latest Bytes

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us