using a variable in $_POST in php?

Question

i have a page in which i am using a dropdown menu. i have passed a variable in the name field of the select tag whose value comes from an array.

$query1="Select SSAP from project where projname='$project'";

 $result=mysql_query($query1);
 while($row=mysql_fetch_assoc($result))
  {
$ssap = $row['SSAP'];
$query2="Select * from student where SSAP='$ssap'";
$res=mysql_query($query2);
$row1=mysql_fetch_assoc($res);
$name=$row1['name'];
echo $name; ?> <select name="<?php echo $name;?>">
                 <option value="A"> Exceptional </option>
                 <option value="B"> Highly Effective </option>
                 <option value="C"> Effective </option>
                 <option value="D"> Good </option>
                 <option value="E"> Not Satisfactory </option>
                 </select> <br> <?php

  }

and i need to retrive the value of each select tag created in another variable on the action page.

$grade=$_POST[$name];

echo $grade;

the first code snippet works fine but i am unable to fetch the value in the second snippet.

You have a SQL injection on your first line of code and $query2 contains one aswell. And also XSS by echoing the $name. — Maantje, May 14 '16 at 11:59
**Danger**: You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) that has been [removed](http://php.net/manual/en/mysql.php) from PHP. You should select a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are probably **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. — Quentin, May 14 '16 at 12:02
you have pass the name in hidden field because you got $name from previous page and you now submit its post value re setted so you have to add like this to post a name again to your future action page — JYoThI, May 14 '16 at 12:28
Can you post the result of var_dump($_POST); on your action script? — Amar Pratap, May 14 '16 at 12:35

score 0 · Answer 1 · answered May 14 '16 at 12:02

0

When the form containing the <select> with the dynamic name is submitted, it is a different request, so $name hasn't been set.

answered May 14 '16 at 12:02

Quentin

914,110
126
1,211
1,335

score 0 · Answer 2 · edited May 15 '16 at 08:02

When your form is submitted, the <select> names are getting evaluated like <select name="Raj">, <select name="Kiran">, ..........<select name="Sameer"> etc depending on the values of $name=$row1['name']; from your query on 'student' table. Also you should pay consideration to the fact that your query $query2="Select * from student where SSAP='$ssap'"; might return more than one rows, it seems you are assuming only one row will be returned.

Also note $_POST is an associative array that accept parameters as KEY=>VALUE pairs from submission of HTML. In $_POST key is name of element in input form value is value of that element in input form

So you can not use a variable as the KEY in your SUPER GLOBAL $POST like this $_POST[$name]; when $name is undefined on your action script. I would suggest you use an named array in your multiple <Select>. Do a var_dump($_POST) on your action script. That may reveal most of the stuffs for you.

using a variable in $_POST in php?

2 Answers2