10

I have a dropdown input selection "Evaluation Test Type" that based on the selection certain data appear with beneath it a submit button. Now i added to : "Evaluation Test Type" a default value of <option selected='selected'></option> however i want to prevent the submit button from appearing if this option was chosen and submit1 was clicked

$options = '';
$filter=mysql_query("select afnumber from employees WHERE Status='Employed'");
while($row = mysql_fetch_array($filter)) {
    $options .="<option >" . $row['afnumber'] . "</option>";
}
$menu="<form id='filter' name='filter' method='post' action=''>
AFNumber : <select name='SelectAF' id='filter' style='color:grey;'>" . $options . "</select>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
Evaluation Test Type : <select name='Type' id='type' style='color:grey;'><option selected='selected'></option><option value='loyalty'>Loyalty</option><option value='performance'>Performance</option></select>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
<input type='submit' name='submit1' value='Submit' style='width:80px; height:30px; text-align:center; padding:0px;'>
</form>
<br>
";
 echo $menu;

if(isset($_POST['submit1']))

{   
$type = $_POST['Type'];

$mysqli = new mysqli("localhost", "root", "Js", "jr");
/* check connection */
if ($mysqli->connect_errno) {
    printf("Connect failed: %s\n", $mysqli->connect_error);
    exit();
}

 if ( $result = $mysqli->query( "SELECT questiontext FROM questioninfo WHERE type='$type'" ) ) {


        $html=array();

        $html[]="
        <form action='' method='post' id='quiz'>
            <ol>";

        $counter=1;

        while( $row = $result->fetch_array() ) {


            $question=$row['questiontext'];
            $answerA=1;
            $answerB=2;
            $answerC=3;
            $answerD=4;
            $answerE=5;

            $html[]="
             <br/>
                <h3>Question {$counter}:&nbsp; {$question}</h3>

                <li>
                    <br/>
                    <input type='radio' name='question-{$counter}-answers' id='question-$counter-answersA' value='1' />
                    <label for='question-{$counter}-answers-A'> {$answerA} </label>
                    <br/>
                    <input type='radio' name='question-{$counter}-answers' id='question-{$counter}-answersB' value='2' />
                    <label for='question-{$counter}-answers-B'> {$answerB} </label>
                    <br/>
                    <input type='radio' name='question-{$counter}-answers' id='question-{$counter}-answersC' value='3' />
                    <label for='question-{$counter}-answers-C'> {$answerC} </label>
                    <br/>
                    <input type='radio' name='question-{$counter}-answers' id='question-{$counter}-answersD' value='4' />
                    <label for='question-{$counter}-answers-D'> {$answerD} </label>
                    <br/>
                    <input type='radio' name='question-{$counter}-answers' id='question-{$counter}-answersE' value='5' />
                    <label for='question-{$counter}-answers-E'> {$answerE} </label>

                </li>";

            $counter++;

        }

        $html[]="
            </ol>
        <input type='submit' name='submit' value='Submit' style='width:80px; height:30px; text-align:center; padding:0px;'>
        <input type='hidden' name='type' value='{$type}' />
        </form>";

        echo implode( PHP_EOL, $html );



    $result->close();

 }
}

if( isset( $_POST['submit'] ) ){ 

    $mysqli = new mysqli("localhost", "root", "Js", "jr");
    if ($mysqli->connect_errno) {
    printf("Connect failed: %s\n", $mysqli->connect_error);
    exit();}

if ($result = $mysqli->query("SELECT * FROM questioninfo WHERE Type='performance'")) {

    $row_cnt = $result->num_rows;
    $result->close();
}
if ($result = $mysqli->query("SELECT * FROM questioninfo WHERE Type='loyalty'")) {

    $row_cnt1 = $result->num_rows;
    $result->close();
} 

$numQuestions=$row_cnt;
$numQuestions1=$row_cnt1; 
    $type = $_POST['type']; 
if($type == 'performance')
{
for( $counter=1; $counter <= $numQuestions; $counter++ ){
$type = $_POST['type']; 
$answer = $_POST['question-'.$counter.'-answers']; 
$sql="insert into `question` (`Type`,`Value`) values ('".$type."','".$answer."')"; 
$mysqli->query($sql);
} 
}
    else if($type == 'loyalty')
    {
for( $counter=1; $counter <= $numQuestions1; $counter++ ){
$type = $_POST['type']; 
$answer = $_POST['question-'.$counter.'-answers']; 
$sql="insert into `question` (`Type`,`Value`) values ('".$type."','".$answer."')"; 
$mysqli->query($sql);
} 

}
    else
    {
    }

}
aimme
  • 6,385
  • 7
  • 48
  • 65
dan
  • 593
  • 6
  • 19
  • Check in PHP what you get by doing `echo $_SERVER['REQUEST_METHOD'];` and `var_dump($_REQUEST);`. – Sergio Aug 13 '15 at 06:45
  • 2
    Your code is open to SQL injection. [Please take use of mysqli's preparation and binding of variables to avoid hackers taking advantage of your security hole](http://php.net/manual/en/mysqli-stmt.bind-param.php). – h2ooooooo Aug 17 '15 at 08:45
  • @h2ooooooo the sql injection is on the insert statements? – dan Aug 17 '15 at 09:23
  • @dan I don't see any insert statements, but `"SELECT questiontext FROM questioninfo WHERE type='$type'"` has `$type` being injected. Bind it instead. – h2ooooooo Aug 17 '15 at 09:24
  • @h2ooooooo because $type is provided by the user? – dan Aug 17 '15 at 09:25
  • @dan Yes. Imagine if `$type` was `' OR 1 = 1 --`. Suddenly they'd see all types even though you "required a type". I suggest you read up on [SQL injections](https://en.wikipedia.org/wiki/SQL_injection). You're also going to hit this issue as soon as you have a table with user input that includes `'`. Eg. a name being `Mc' Donald`. It's much better just to _always_ bind your variables. – h2ooooooo Aug 17 '15 at 09:26
  • @h2ooooooo i just watched a 20 min video after your first comment.. So everything provided by the user needs bind? – dan Aug 17 '15 at 09:27
  • @dan Absolutely - everything you cannot be sure is safe (everything provided by the user) needs to be protected. The general rule of web development (and any other programming for that matter) is to *never* trust the user. If they don't purposely inject bad characters into your strings they'll do it by accident and you'll end up with horrible bugs. – h2ooooooo Aug 17 '15 at 09:29
  • @h2ooooooo sorry for asking too much, but even if i have a dropdown list where nothing can be input by the user, except the choices provided? – dan Aug 17 '15 at 09:30
  • Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/87149/discussion-between-dan-and-h2ooooooo). – dan Aug 17 '15 at 09:40

6 Answers6

9

If you just want to prevent users from choosing the blank option, just use disabled attribute on it. Then use required attribute for the select element to prevent them from submitting with a blank "Evaluation Test Type" value. Don't forget to add value='' on the blank option for the required attribute to work as answered here.

Evaluation Test Type : 
<select name='Type' id='type' style='color:grey;' required>
    <option value='' selected disabled></option>
    <option value='loyalty'>Loyalty</option>
    <option value='performance'>Performance</option>
</select>
Community
  • 1
  • 1
Chester M
  • 376
  • 2
  • 8
0

Make use of while loop. You are using while loop means there will reduce code number and it will automatically adjust the dropdown list. If there are 5 list in database then it will automatically adjust into 5 . Thank you

bin
  • 534
  • 4
  • 6
0

Does this have to be done in PHP? It looks like you're reloading the page after submit1 is pressed, which isn't a very user-friendly approach.

Usually the best way to solve an interface issue like this is jQuery, using ajax requests to query the database as needed. That lets you use jQuery to evaluate and manipulate the DOM directly, something PHP isn't good it.

Basic pattern: When submit1 is clicked, check the value of the dropdown. Use Ajax to query the database with that value so you can populate and show the second dropdown. If the first dropdown's value is the default, keep the second submit button hidden. If it's not, show the second submit button.

So something like this:

$('#submit1').click(function() {
    selectValue = $('#EvaluationTestType').val();
    $.post('path-to-php-script.php',{testType:selectValue},function(data) {
        //get new data from database, build second dropdown

        //show second dropdown
        $('#secondDropdown').show();
        //conditionally show second submit button
        if(selectValue != 'defaultValue') {
            $('#submit2').show();
        }
});
Steve Ray
  • 158
  • 8
0

You can check for the $type value and contenate the submit button only if it is not empty:-

$html[]="
    </ol>
".if($type!=""){"<input type='submit' name='submit' value='Submit' style='width:80px; height:30px; text-align:center; padding:0px;'>"}.
<input type='hidden' name='type' value='{$type}' />
</form>";

Another thing, I don't see the neccessity of using conditions there:-

if ($result = $mysqli->query("SELECT * FROM questioninfo WHERE Type='performance'")) {

    $row_cnt = $result->num_rows;....

You can just do:

$result = $mysqli->query("SELECT * FROM questioninfo WHERE Type='$type'");

There is no need for the conditions.

cbugs
  • 11
  • 1
  • 1
  • `$mysqli->query()` will return `false` if there is an error/failure. So, the conditions do have a purpose. Without the conditions, a failed query would cause the `$result->num_rows` or `$result->fetch_array()` to throw an exception, because $result would equal `false`, which of course does not have a `num_rows` property or a `fetch_array` method. – Evan de la Cruz Aug 20 '15 at 20:52
  • The query will only return empty number of rows. The $type values are from a dropdown, it will be more dynamic if the query just contains '$type' instead of the conditions. If new options are added to the dropdown, this will avoid the adding of new conditions again. – cbugs Aug 21 '15 at 08:36
  • "The query will only return empty number of rows." That is incorrect. You are making a huge assumption that there are no other issues. What if the network goes down? The database goes down? The machine is out of memory? out of disk space? Or any other infinite number of reasons why the query would fail. I'm not talking about returning empty result sets. Im talking about failure. http://php.net/manual/en/mysqli.query.php That is the reason for the conditions. And it makes total sense to have the conditions. To assume that query returns a result set every time is short-sighted imo. – Evan de la Cruz Aug 21 '15 at 23:22
  • "Returns FALSE on failure. For successful SELECT, SHOW, DESCRIBE or EXPLAIN queries mysqli_query() will return a mysqli_result object. For other successful queries mysqli_query() will return TRUE." -php.net, regarding the return value of mysqli->query() – Evan de la Cruz Aug 21 '15 at 23:23
0

What's the point of an empty default? I'm sure you have a reason. I'd probably just check the value if it's empty (default). If it's not empty, render the submit, else don't.

0

This answer is basically the same as cbugs, but easier to read/understand. Note that the third $html[] assignment is now dependent on the value of type (if ($type) { ....).

$options = '';
$filter=mysql_query("select afnumber from employees WHERE Status='Employed'");
while($row = mysql_fetch_array($filter)) {
    $options .="<option >" . $row['afnumber'] . "</option>";
}
$menu="<form id='filter' name='filter' method='post' action=''>
AFNumber : <select name='SelectAF' id='filter' style='color:grey;'>" . $options . "</select>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
Evaluation Test Type : <select name='Type' id='type' style='color:grey;'><option selected='selected'></option><option value='loyalty'>Loyalty</option><option value='performance'>Performance</option></select>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
<input type='submit' name='submit1' value='Submit' style='width:80px; height:30px; text-align:center; padding:0px;'>
</form>
<br>
";
 echo $menu;

if(isset($_POST['submit1']))

{   
$type = $_POST['Type'];

$mysqli = new mysqli("localhost", "root", "Js", "jr");
/* check connection */
if ($mysqli->connect_errno) {
    printf("Connect failed: %s\n", $mysqli->connect_error);
    exit();
}

 if ( $result = $mysqli->query( "SELECT questiontext FROM questioninfo WHERE type='$type'" ) ) {


        $html=array();

        $html[]="
        <form action='' method='post' id='quiz'>
            <ol>";

        $counter=1;

        while( $row = $result->fetch_array() ) {


            $question=$row['questiontext'];
            $answerA=1;
            $answerB=2;
            $answerC=3;
            $answerD=4;
            $answerE=5;

            $html[]="
             <br/>
                <h3>Question {$counter}:&nbsp; {$question}</h3>

                <li>
                    <br/>
                    <input type='radio' name='question-{$counter}-answers' id='question-$counter-answersA' value='1' />
                    <label for='question-{$counter}-answers-A'> {$answerA} </label>
                    <br/>
                    <input type='radio' name='question-{$counter}-answers' id='question-{$counter}-answersB' value='2' />
                    <label for='question-{$counter}-answers-B'> {$answerB} </label>
                    <br/>
                    <input type='radio' name='question-{$counter}-answers' id='question-{$counter}-answersC' value='3' />
                    <label for='question-{$counter}-answers-C'> {$answerC} </label>
                    <br/>
                    <input type='radio' name='question-{$counter}-answers' id='question-{$counter}-answersD' value='4' />
                    <label for='question-{$counter}-answers-D'> {$answerD} </label>
                    <br/>
                    <input type='radio' name='question-{$counter}-answers' id='question-{$counter}-answersE' value='5' />
                    <label for='question-{$counter}-answers-E'> {$answerE} </label>

                </li>";

            $counter++;

        }


        if ($type)
        {

            $html[]="
             </ol>
             <input type='submit' name='submit' value='Submit' style='width:80px; height:30px; text-align:center; padding:0px;'>
             <input type='hidden' name='type' value='{$type}' />
             </form>";

        } else {

            $html[]="
            </ol>
            <input type='hidden' name='type' value='{$type}' />
            </form>";

        }
        echo implode( PHP_EOL, $html );



    $result->close();

 }
}

if( isset( $_POST['submit'] ) ){ 

    $mysqli = new mysqli("localhost", "root", "Js", "jr");
    if ($mysqli->connect_errno) {
    printf("Connect failed: %s\n", $mysqli->connect_error);
    exit();}

if ($result = $mysqli->query("SELECT * FROM questioninfo WHERE Type='performance'")) {

    $row_cnt = $result->num_rows;
    $result->close();
}
if ($result = $mysqli->query("SELECT * FROM questioninfo WHERE Type='loyalty'")) {

    $row_cnt1 = $result->num_rows;
    $result->close();
} 

$numQuestions=$row_cnt;
$numQuestions1=$row_cnt1; 
    $type = $_POST['type']; 
if($type == 'performance')
{
for( $counter=1; $counter <= $numQuestions; $counter++ ){
$type = $_POST['type']; 
$answer = $_POST['question-'.$counter.'-answers']; 
$sql="insert into `question` (`Type`,`Value`) values ('".$type."','".$answer."')"; 
$mysqli->query($sql);
} 
}
    else if($type == 'loyalty')
    {
for( $counter=1; $counter <= $numQuestions1; $counter++ ){
$type = $_POST['type']; 
$answer = $_POST['question-'.$counter.'-answers']; 
$sql="insert into `question` (`Type`,`Value`) values ('".$type."','".$answer."')"; 
$mysqli->query($sql);
} 

}
    else
    {
    }

}

So, the portion of the code that changed is:

    if ($type)
    {

        $html[]="
         </ol>
         <input type='submit' name='submit' value='Submit' style='width:80px; height:30px; text-align:center; padding:0px;'>
         <input type='hidden' name='type' value='{$type}' />
         </form>";

    } else {

        $html[]="
        </ol>
        <input type='hidden' name='type' value='{$type}' />
        </form>";

    }
Evan de la Cruz
  • 1,966
  • 1
  • 13
  • 17