how to chose MySQL table via drop down list

Question

for example i have i have two table in my datbase 1st is list1 and 2nd is list2

<select>
<option name='select' value="0">Select</option>
<option value="list1">List1</option>
<option value="List2">List2</option>
</select>

suppose user in drop down option chose list 1 then data insert in list1 option if user select list2 then data insert in to list2 how to do this please help me to fix this issue thanks

mysql_query("INSERT list1 SET title='$titile', subject='$subject'")

and here is complete code

 <?php 
 }

    //connect to database

     mysql_connect('localhost','root','');
     mysql_select_db('pdsd');



 // check if the form has been submitted. If it has, start to process the form and save it to the database
 if (isset($_POST['submit']))
 { 
 // get form data, making sure it is valid

 $title = mysql_real_escape_string(htmlspecialchars($_POST['title']));
 $subject = mysql_real_escape_string(htmlspecialchars($_POST['subject']));



 // check to make sure both fields are entered
 if ($title == '' || $subject == '')
 {
 // generate error message
 $error = 'ERROR: Please fill in all required fields!';

 // if either field is blank, display the form again
 renderForm($title, $subject,$date, $error);
 }
 else
 {



 // save the data to the database



$tables = array('list1', 'list2');
if (in_array($_POST['select'], $tables)) {
   mysql_query("INSERT {$_POST['select']}  SET title='$title',subject='$subject'");

}


or die(mysql_error()); 

 echo "<center>Succesfully add</center>";
 echo "<script>setTimeout(\"location.href = 'login.php';\",1500);</script>";
 // once saved, redirect back to the view page

 }
 }
 else
 // if the form hasn't been submitted, display the form
 {
 renderForm('','','','','','','','','','','','','','','','','','','','');
 }




?>

simple, use a conditional statement and 2 separate queries based on the conditional statement. — Funk Forty Niner, Mar 03 '16 at 18:48
[Your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) — Jay Blanchard, Mar 03 '16 at 18:52
Please [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really pretty easy](http://jayblanchard.net/demystifying_php_pdo.html). — Jay Blanchard, Mar 03 '16 at 18:52
There is also SQL error - insert into xxx set yyy=bbb... Additionally you could just include the variable in the query (if both tables have same structure), something like "insert into $table..." where table would be name of select HTML tag. — TomasH, Mar 03 '16 at 19:01

Funk Forty Niner · Answer 1 · 2016-03-03T19:18:55.373

As I stated in comments, use a conditional statement and 2 separate queries based on the conditional statement and what the choice equals to the value chosen.

For example and assuming you are using as pure PHP and using a form:

Sidenote: You will need use your own queries here, as seen in commented // query for LIST X.

Another sidenote: The name attribute belongs to <select> and not <option>.

Last sidenote: My omission of action="" is equal to "self". So, you can add action="handler.php" to it if you wish to use separate files.

<form method="post">

    <select name="select">
    <option value="0">Select</option>
    <option value="list1">List1</option>
    <option value="list2">List2</option>
    </select>

<input type = "submit" name = "submit" value = "Submit">

</form>

<?php 

if(isset($_POST['submit'])){

if(isset($_POST['select']) && $_POST['select'] == 'list1'){

   // query for LIST 1

}

if(isset($_POST['select']) && $_POST['select'] == 'list2'){

   // query for LIST 2

}

if(isset($_POST['select']) && $_POST['select'] == '0'){

   // Do nothing

}

}

This is but an example and the use of a prepared statement should be taken into account.

https://en.wikipedia.org/wiki/Prepared_statement

Other references you should read related to MySQL:

Edit:

You can also use a switch/case statement:

if(isset($_POST['submit'])){

    switch($_POST['select']) {

    case 'list1':
       // query for LIST 1
       break;
    case 'list2':
       // query for LIST 2
       break;

    case '0':
       // Do nothing
       break;
    }

}

Would be a lot less messy with a [`switch`](http://php.net/manual/en/control-structures.switch.php) statement. — tadman, Mar 03 '16 at 19:08
@tadman I agree which is what I had in mind earlier, but TBH I don't remember how to do those by memory. I typed all that up by *memory* ;-) — Funk Forty Niner, Mar 03 '16 at 19:09
@tadman *Heh heh*, sometimes I wonder *lol* But usually a double Espresso shot kicks me back into gear. — Funk Forty Niner, Mar 03 '16 at 19:31
It's true, a programmer is often someone who turns coffee into code. — tadman, Mar 03 '16 at 19:33
@tadman So I take it that the stronger the (Espresso) shot, the more *horsepower* code's going to pull from it ;-) — Funk Forty Niner, Mar 03 '16 at 19:37

Barmar · Answer 2 · 2016-03-03T19:41:01.820

0

You should first verify that the input is valid, then you can just substitute it into the SQL.

$tables = array('list1', 'list2');
if (in_array($_POST['select'], $tables)) {
    mysql_query("INSERT INTO {$_POST['select']} SET title='$titile', subject='$subject'") or die(mysql_error());
}

Make sure you're properly escaping the variables $titile and $subject if they derive from user input, to protect against SQL-inject (use mysql_real_escape_string()). It would be even better if you used MySQLI or PDO so you could use a prepared statement instead of substituting variables into the query.

edited Mar 03 '16 at 19:41

answered Mar 03 '16 at 19:09

Barmar

741,623
53
500
612

@tadman After checking it against a list, I don't see a problem. – Barmar Mar 03 '16 at 19:26
@tadman I'm talking about `$_POST['select']`. The rest is outside the scope of the question. – Barmar Mar 03 '16 at 19:28
Where does it say that `$title` is from `$_POST` data? – Barmar Mar 03 '16 at 19:28
And how do you know he didn't use `mysql_real_escape_string` when assigning to `$title` and `$subject`? None of that code is in the question. I just showed how to do the variable table name, I'm not going to try to debug all the problems in his code here. – Barmar Mar 03 '16 at 19:30
My specific complaint here is that putting `$_POST` data directly in the query means you've got a single point of failure. If your whitelist code produces a new variable, then disabling the whitelist code by accident makes the query automatically fail in a safe way. It doesn't suddenly weaponize it. `"INSERT INTO $table_name ..."` is a safer way to do it where `$table_name` comes from a lookup array, a `switch` or something else. – tadman Mar 03 '16 at 19:32
it is not working bro it is showing error on this line } – msalman Mar 03 '16 at 19:33
I left out the `;` at the end of the line. – Barmar Mar 03 '16 at 19:34
Parse error: syntax error, unexpected 'or' (T_LOGICAL_OR) it is showing one more error on this line or die(mysql_error()); – msalman Mar 03 '16 at 19:38
There's something wrong with where you put the `or die`. Maybe you have `;` before it? – Barmar Mar 03 '16 at 19:41
before ; this is not there – msalman Mar 03 '16 at 19:45
Without seeing what you've written, I can't tell what's wrong. – Barmar Mar 03 '16 at 19:49
`or die` needs to be at the end of the `mysql_query()` line, it can't be a statement by itself. See my answer. – Barmar Mar 03 '16 at 20:02
You apparently don't know basic PHP syntax if you couldn't see what was wrong there. – Barmar Mar 03 '16 at 20:03
Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/105302/discussion-between-msalman-and-barmar). – msalman Mar 03 '16 at 20:10

how to chose MySQL table via drop down list

2 Answers2