Antraxek Posted January 18, 2011 Share Posted January 18, 2011 I have dropdown populated from mysql and now I want to add ID of selected value into other table, it doesn't get the ID. here's the code I have if (isset($_REQUEST['subcat'])) { $id_main = $_GET['categoriesID']; $DB-> Query('INSERT INTO subcat(id_main_cat,name_subcat) VALUES ("'.$id_main.'","'.$newSub.'")'); } ?> <br /> <?php $result = mysql_query("SELECT id,name_cat FROM category") or die(mysql_error()); echo "Pick main:"; echo "<select name='categoriesID'>"; //reads from table 'categories' while($row = mysql_fetch_array( $result )) { // display them in dropdown echo '<option value="'.$row['id'].'">'; echo $row['id'],$row['name_cat'] . '</option>'."\n"; } echo "</select><br />"; $_POST['categoriesID']; ?> <form method="post" action=""> <b>Add new:</b> <input type="text" name="newSubCat"> <input type="submit" name="addSubCat" value="Add"> </form> Table is populated only with $newSub but not with $id_main... Link to comment Share on other sites More sharing options...
0 ncc50446 Posted January 19, 2011 Share Posted January 19, 2011 Your select is outside of the form. Move it down into the form, and might work :) Link to comment Share on other sites More sharing options...
0 The_Decryptor Veteran Posted January 19, 2011 Veteran Share Posted January 19, 2011 And sanitise your input, you're passing $id_main directly into your MySQL query without checking the contents (So you could append your own SQL queries to it and run them) Link to comment Share on other sites More sharing options...
0 Tekkerson Posted January 19, 2011 Share Posted January 19, 2011 Or he could use parameterized queries. http://www.codinghorror.com/blog/2005/04/give-me-parameterized-sql-or-give-me-death.html Main points: Fewer string concatenations No need to worry about any kind of manual string escaping A more generic query form is presented to db, so it's likely already hashed and stored as a pre-compiled execution plan Smaller strings are sent across the wire Link to comment Share on other sites More sharing options...
Question
Antraxek
I have dropdown populated from mysql and now I want to add ID of selected value into other table, it doesn't get the ID.
here's the code I have
if (isset($_REQUEST['subcat'])) { $id_main = $_GET['categoriesID']; $DB-> Query('INSERT INTO subcat(id_main_cat,name_subcat) VALUES ("'.$id_main.'","'.$newSub.'")'); } ?> <br /> <?php $result = mysql_query("SELECT id,name_cat FROM category") or die(mysql_error()); echo "Pick main:"; echo "<select name='categoriesID'>"; //reads from table 'categories' while($row = mysql_fetch_array( $result )) { // display them in dropdown echo '<option value="'.$row['id'].'">'; echo $row['id'],$row['name_cat'] . '</option>'."\n"; } echo "</select><br />"; $_POST['categoriesID']; ?> <form method="post" action=""> <b>Add new:</b> <input type="text" name="newSubCat"> <input type="submit" name="addSubCat" value="Add"> </form>Table is populated only with $newSub but not with $id_main...
Link to comment
Share on other sites
3 answers to this question
Recommended Posts