0

So I need to get information out of sql and put it in my dropdown in my form. Here's what I have... I'm very lost.. The info has been prepopulated into sql. I believe the top part is relatively right and then I don't know how to reference it in the form.

PHP

<?php
$id= $_GET['id'];

$conn = mysql_connect("localhost", "root", "") or die (mysql_error());

mysql_select_db("assignment 3", $conn);

$sql = "select schoolname FROM schooltable WHERE id=$id";

$result=mysql_query($sql, $conn) or die(mysql_error());

while ($row=mysql_fetch_assoc($result)){
    foreach($row as $name => $value){
        print "$name = $value</br>";
    }
}

mysql_data_seek($result, 0);
while ($row=mysql_fetch_assoc($result)){
    //select id, firstname, lastname from userlist
    $school = $row["schoolname"];
    $grad = $row["lastname"];
}
?>

HTML

                     <div class="form-group">
                    <label class='col-xs-4 control-label'>What school did you go to for your undergrad?  </label>
                    <div class='col-xs-8'>
                        <select class="form-control background" id='dropdown'>
                          <option>"<?php print $schoolname ?>"</option>
                          <option>"<?php print $schoolname ?>"</option>
                          <option>"<?php print $schoolname ?>"</option>
                          <option>"<?php print $schoolname ?>"</option>
                          <option value="bing">"<?php print $schoolname ?>"</option>
                        </select>
                        <input type="hidden" name="id" id='id' value="<?php print $id ?>">
                        <input type="hidden" name="editMode" value="edit">
                    </div>
                </div
Mic1780
  • 1,774
  • 9
  • 23
esaunde1
  • 91
  • 2
  • 3
  • 11
  • 4
    You are vulnerable to [sql injection attacks](http://bobby-tables.com) And you need to build your html inside your `while()` loop. RIght now you're just dumping out 4 copies of the **SAME** school name. PHP won't magically remember every name that came out of the DB for you, and somehow make $schoolname change in each print call.. that's up to you – Marc B Nov 14 '14 at 19:04
  • 2
    Please, [don't use `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php), They are no longer maintained and are [officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). Learn about [prepared statements](http://en.wikipedia.org/wiki/Prepared_statement) instead, and use [PDO](http://us1.php.net/pdo) or [MySQLi](http://us1.php.net/mysqli). – Jay Blanchard Nov 14 '14 at 19:12

1 Answers1

1

Here you go

<?php
if(!isset($_GET['id']]){
    echo 'id= not present in URL. Exiting.';
    return false;
}
$id = intval($_GET['id']);

$conn = mysql_connect("localhost", "root", "MIS42520!$") or die (mysql_error());

mysql_select_db("assignment 3", $conn);

$sql = "select * FROM schooltable WHERE id='" . mysql_real_escape_string($id) . "'";

$result = mysql_query($sql, $conn) or die(mysql_error());

$schools = array();
while ($row = mysql_fetch_assoc($result)) {
    $schools[] = $row;
}
?>

<div class="form-group">
    <label class='col-xs-4 control-label'>What school did you go to for your undergrad?  </label>
    <div class='col-xs-8'>
        <select class="form-control background" id='dropdown'>
            <?php foreach($schools as $school){?>
                <option value="<?php echo $school['schoolname'];?>"><?php echo $school['schoolname'];?></option>
            <?php } ?>
        </select>
        <input type="hidden" name="id" id='id' value="<?php echo $id ?>">
        <input type="hidden" name="editMode" value="edit">
    </div>
</div
heXer
  • 304
  • 1
  • 10