0

I don't know if what I want to do is possible (or too complicated).

I have a form that inserts the data into my DB. In it I have a select. I want to hide or remove the options that are already in my DB (so the user can't see them).

Every user has his own .php page where I edit the form with new options after the old ones are used.

PHP (In the same page, above the form):

<?php
if ($registro != "") {
include("conexao.php"); 
$conexao = @mysql_connect($host,$user,$pass)
or die("Cadastro");
$query = "INSERT INTO certificados VALUES ('$id','$registro','$name', now() )";
mysql_select_db($db);
mysql_query($query,$conexao);
}
else {
?>

HTML:

<form name="inserir" action="<? echo $PHP_SELF; ?>" method="post">
   <select name="registro" id="registro">
      <option value="">Select one</option>
      <option value="11891">11891</option>
      <option value="11892">11892</option>
      <option value="11893">11893</option>
      <option value="11894">11894</option>
      <option value="11895">11895</option>
   </select>
   <input type="text" name="name" placeholder="Name">
   <button type="submit" id="submit" name="B3">Send</button>
</form>

Edit 1: I'll try to explain better what I want to do.

Imagine that the user selected the first option value "11891" and submitted the form (thus inserting this value in the DB). After the page reloads, this value is no longer listed for him in the select. So based on the form that I posted here, now he would only have the options "11892", "11893", "11894" and "11895".

PS: Sorry for any mistakes or use of outdated parameters. My father wrote this code (he has some knowledge of php). In my case, my knowledge is almost nonexistent.

Thank you all for the help.

Alan Franco
  • 3
  • 6
  • 1
    `if ($registro != "")` that's unknown and what the query is for it, as are the other variables, and you have a missing brace for the `else`. Check for errors via error reporting and on the query. – Funk Forty Niner Mar 16 '17 at 14:41
  • 1
    ***Please [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php).*** [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really pretty easy](http://jayblanchard.net/demystifying_php_pdo.html). – Jay Blanchard Mar 16 '17 at 14:48
  • 1
    [Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)***. Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! – Jay Blanchard Mar 16 '17 at 14:48
  • I feel the question's unclear and also too broad. If you want to hide something, then use a ternary operator. http://php.net/manual/en/language.operators.comparison.php – Funk Forty Niner Mar 16 '17 at 14:49
  • @JayBlanchard Thank you, I'll try to improve the script using PDO. – Alan Franco Mar 16 '17 at 15:00
  • @Fred-ii- Sorry, I edited the post to better explain myself – Alan Franco Mar 16 '17 at 15:07
  • you need to use a comparison operator `==` then in a loop. I.e.: `while($row=mysql_fetch_X_function($query) ){ if($row['Y'] == 'z' ){ // do something } ... }` type of thing. A ternary would be more powerful. Complex but well worth the effort. – Funk Forty Niner Mar 16 '17 at 15:11
  • `mysql_fetch_X_function` - is only a pseudo method. There are a few functions for this, `mysql_fetch_array()` or `mysql_fetch_assoc()` etc. depending on what you want to use/do. – Funk Forty Niner Mar 16 '17 at 15:15
  • @AlanFranco I revisited the question to see how you were doing. So, did my comments help you at all? If not, then see the answer that was posted below. If it's what you were looking for, let them know. If it wasn't, let them know also. – Funk Forty Niner Mar 16 '17 at 20:22

1 Answers1

0

You should have 2 more tables. One 'tb_options' where you retrieve all the options. Another one 'tb_users_options' where you store all option based on user ID. So when retrieving the options from tb_options you select only those not present in tb_users_options Taking into account the user ID. This is a logic matter.

Ulrich Dohou
  • 1,509
  • 14
  • 25