PHP MySQL Get the value of a dynamic select

Question

I have a table item (id, name, content, categories id (foreign key table category)) and a category table (id, title)

name: type text
content: textarea
categories_id: select dynamics related to the category table

Inserting the item table that works very well but in the modification. I have a problem with the dynamic select to the list of categories, not pick me a choice that I chose to add a article.

How I can get the value of the select tag? <select> <option></option> </select>

<?php
    include 'dbconnect.php';

    $id = $_GET['id'];
    $sql = mysql_query("SELECT * FROM articles WHERE id ='".$id."'");
    $res = mysql_fetch_assoc($sql);

    if (@$_REQUEST['do'] == "update") {
        $m_id = $_POST['id'];
        $nom = $_POST["nom"];
        $contenu = $_POST["contenu"];
        $categories_id = $_POST["categories_id"];

        $sql = mysql_query("UPDATE articles SET nom='$nom', contenu='$contenu', categories_id='$categories_id' WHERE id =' $m_id' ");

        if($sql)
            header("Location:listArticles.php");
        else
            header("Location:updateArticle.php");
    }  
?>
<html lang="en">
    <body class="nav-md">
        <?php if (isset($_GET['id']) && $_GET['id'] == $id) { ?>
            <form action="" method="post" accept-charset="utf-8">
                <table>
                    <td>Nom: <input type ="text" name ="nom" value="<?php echo $res['nom'] ?>"></td>
                    </br>
                    <td>Contenu: <textarea name ="contenu"><?php echo $res['contenu'] ?></textarea></td>
                    </br>
                    <td>
                        Categories:
                        <select class="form-control" name="categories_id" value="<?php echo $res['categories_id'] ?>" >
                            <option></option>
                        </select>
                    </td>
                    <td>
                        <button type="submit" class="btn btn-success" name ="do" value="update">Modifier</button>
                    </td>
                    <input type="hidden" name="id" value="<?php echo $id; ?>"/>
                </table>
            </form>
        <?php } ?> 
    </body>
</html>

That is what the page currently looks like:

Please rewrite the first paragraph where you explain your problem using line feeds, and clearly explaining expected behaviour and current behaviour. As it is now, it's unreadable. — Eloims, Apr 22 '16 at 09:29
Inside your `?id=` You should put `' OR (TRUNCATE TABLE articles) -- ` — Ash, Apr 22 '16 at 09:30

score 0 · Answer 1 · edited May 23 '17 at 12:31

0

Update your update query:

 $sql = mysql_query("UPDATE articles SET nom='$nom', contenu='$contenu', categories_id='$categories_id' WHERE id ='$m_id' ");

For suggestion:

use mysqli_() as mysql_ are depreciated please follow the link: Why shouldn't I use mysql_* functions in PHP?
take care of sql injection
don't suppress the warning using (@)

edited May 23 '17 at 12:31

Community

1
1

answered Apr 22 '16 at 09:27

Dipanwita Kundu

1,637
1
9
14

If you're going to give an answer with suggestions at least give some good information not half-bothered bullet points – Ash Apr 22 '16 at 09:31

score 0 · Accepted Answer · edited May 23 '17 at 11:59

If I understand you correctly (and judging by the picture), you want to show the categories and select the category associated with the article.

Here's a rough, untested sketch of how you can approach. Read my comments also.

<?php
include 'dbconnect.php';

// assuming ID is integer, we'll use intval()
$id = isset($_GET['id']) ? intval($_GET['id']) : null;

// query article matching given ID
$articleRes = mysql_query("SELECT * FROM articles WHERE id ='" . $id . "'");
$article = mysql_fetch_assoc($articleRes);

// query categories
$categoriesRes = mysql_query("SELECT * FROM categories");

// check if form has been submitted
// if you are expecting POST, use $_POST not $_REQUEST
// don't use @, it's sloppy
if (!empty($_POST['do'])) {
    $m_id = $_POST['id'];
    $nom = $_POST["nom"];
    $contenu = $_POST["contenu"];
    $categories_id = $_POST["categories_id"];

    // update article with given ID
    // is it nom or name? 
    $updateRes = mysql_query("UPDATE articles SET nom='$nom', contenu='$contenu', categories_id='$categories_id' WHERE id='$m_id'");
    if ($updateRes) {
        header("Location: listArticles.php");
    } else {
        header("Location: updateArticle.php");
    }
    // good practice to die after you redirect
    die();
}  
?>


<html lang="en">
    <body class="nav-md">
    <?php if ($article) : ?>
    <form action="" method="post" accept-charset="utf-8">
        <table>
            <td>Nom: <input type="text" name="nom" value="<?php echo $article['nom'] ?>"></td>
            <!-- you cannot have a BR tag in between TD tags -->
            <!--/br-->
            <td>Contenu: <textarea name="contenu"><?php echo $article['contenu'] ?></textarea></td>
            <!-- you cannot have a BR tag in between TD tags -->
            <!--/br-->
            <td>
                Categories:
                <!-- SELECT tag does not have a VALUE attribute -->
                <select class="form-control" name="categories_id">
                    <!-- loop through the categories and build the OPTION tag -->
                    <!-- for each iteration, check if the category ID matches the article's category ID -->
                    <!-- if so, mark the option as selected -->
                    <?php while ($category = mysql_fetch_assoc($categoriesRes)) : ?>
                        <option <?php echo $category['id'] == $article['categories_id'] ? 'selected' : '' ?>><?php echo $category['title'] ?></option>
                    <?php endwhile ?>
                </select>
            </td>
            <td>
                <!-- unnecessary to have VALUE attribute as this element will always be submitted -->
                <button type="submit" class="btn btn-success" name="do">Modifier</button>
            </td>
            <input type="hidden" name="id" value="<?php echo $article['id'] ?>">
        </table>
    </form>
    <?php endif ?> 
    </body>
</html>

Additional points:

Stop using mysql_* functions! They are deprecated for good reasons. Use mysqli_* or better PDO functions.
Your queries are prone to SQL injection.
When mixing PHP control structures (e.g. if, while, etc) with HTML, I like to use their alternative syntax (e.g. if (condition): and endif; while (condition): and endwhile; etc). It looks more readable, imo.
I am using the ternary operator which is a shorter syntax for simple if/else statements.
Add comments!

PHP MySQL Get the value of a dynamic select

2 Answers2