0

Im writing a page in HTML and PHP that connects to a Marina database(boats,owners etc...), displays all of the owners last names in a drop down list and then displays all the boats under the last name that was chosen.

here is my relevant code...

$sql = 'select LastName from Owner';
    $result = $conn->query($sql);
    while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) {
        $values[] = array(
        'LastName' => $row['LastName']
        );
    }

    echo '<form align="left" top="200" action="page2.php" method="post">
        <p>Select an owner:</p>
        <select top="200" name="form1" id="form1">';

    foreach($values as $v){
        echo '<option value="'.$v['LastName'].'">'.$v['LastName'].'</option>';
    }

    echo '</select>
      <input type="submit" value="Submit">
      </form>';

    if(isset($_POST['form1'])){//if there was input data submitted
        $form1 = $_POST['form1'];

        $sql = 'select BoatName from MarinaSlip,Owner where MarinaSlip.OwnerNum = Owner.OwnerNum and Owner.LastName = '.$form1;

        $result = $conn->query($sql);

        while ($row = mysqli_fetch_array($result1, MYSQLI_ASSOC)) {
            $values[] = array(
            'BoatName' => $row['BoatName']
            );
        }
        echo '<ol>';
        foreach($values as $v){
            echo '<li>'.$v.'</li>';
        }
        echo '</ol>';
    }

I have managed to properly display the last names in the drop down list and keep the name chosen as a variable but I am running into a few errors that I cannot solve.

1) when I attempt to reload the page(using Firefox) I get a message "To display this page, Firefox must send information that will repeat any action (such as a search or order confirmation) that was performed earlier" So i was wondering how I could code it so that I don't need to have data being sent initially.

2)After a last name is submitted and I attempt to run a query to match all the boats under that last name I get an error that the $result variable is not a MYSQLI result type even though I used the same code earlier in the script.

I am new to HTML and PHP so any help is greatly appreciated.

Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
backfire19
  • 3
  • 2
  • `To display this page, Firefox must send information that will repeat any action (such as a search or order confirmation) that was performed earlier` appears because you have posted an information to the web server and the current website output is depends on the posted information. also, avoid using raw queries.. – Bagus Tesa Apr 19 '18 at 00:56
  • 1
    You're **wide open** to SQL injection attacks, and **you will be hacked** if you haven't been already. Use prepared/parameterized queries with PDO or similar to avoid this problem entirely. – Brad Apr 19 '18 at 00:58
  • Are you submitting the form to same page ? – jerome Apr 19 '18 at 01:02

1 Answers1

1

  1. That message happens when you reload a page that was the result of a form submission. It means it has to resubmit the form to reproduce the same result. The way to prevent it is to have the form redirect the user to a page that displays the result, rather than displaying the result itself. This can be complicated unless the form submission just makes a change to the database, and then you want to display the contents, rather than display something dependent directly on the form submission.

  2. You need to put quotes around the name:

    $sql = 'select BoatName from MarinaSlip,Owner where MarinaSlip.OwnerNum = Owner.OwnerNum and Owner.LastName = "'.$form1.'"';

But it would be better to use a parametrized query. See How can I prevent SQL injection in PHP?

Barmar
  • 741,623
  • 53
  • 500
  • 612