Stack Overflow
Stack Overflow

Tried to display data in tag does not submit any data...as for the tas, description, status and date they all appear in the database – Gervin Jul 26 '18 at 14:57

  • Your code is vulnerable to [**SQL injection**](https://en.wikipedia.org/wiki/SQL_injection) attacks. You should use prepared statements with bound parameters, via either [**mysqli**](https://secure.php.net/manual/en/mysqli.prepare.php) or [**PDO**](https://secure.php.net/manual/en/pdo.prepared-statements.php). [**This post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) has some good examples. – Alex Howansky Jul 26 '18 at 14:58
  • don't worry I'll do. I just have to figure out first the problem I'm facing rn – Gervin Jul 26 '18 at 14:59
  • 1
    Lots of problems with your code. First of all you don't have any values in your options, then you don't submit anything with a name `task` `description` or `status` and lastly you have some syntax errors like `` – Dimitris Filippou Jul 26 '18 at 15:00
  • I have submited the task description and status in the database I just cant post the image I dont know how because its my first time posting here haha – Gervin Jul 26 '18 at 15:07
  • @Gervin we generally don't like images, as those can vanish over time. Its better to always supply text to your questions, so its right there, in plain sight. Welcome to SO :) – IncredibleHat Jul 26 '18 at 15:09
  • the only problem is that – Gervin Jul 26 '18 at 15:09

    • 2 Answers2

    1

    Your options do not have any values set. The string in the value attribute is what comes in on the $_POST['patientname'] variable.

    So you have:

    echo "<option value=''> $type $username $Lastname</optioin>";

    Change to like:

    echo "<option value='$username $Lastname'> $type $username $Lastname</option>";
//                        ^-add the value you want                      ^- fixed typo

    However you do have some other issues you will need to overcome, like SQL injection prevention, and also escaping data in your html so the html wont break if user names have anything in them that is considered html. For example, it would best to echo your options like this:

    echo '<option value="'. htmlspecialchars($username) .'">'. htmlspecialchars("$type $username $Lastname") .'</option>';
    IncredibleHat
    • 4,000
    • 4
    • 15
    • 27
    • OOOHHH it really did work!! I thought the value is not needed since I echoed the variables between Thanks @IncredibleHat your name really suits you haha super thanks a lot! – Gervin Jul 26 '18 at 15:13
    • @Gervin I added a little more to the answer, to help you with any possible html breakage from names. For example if a name was `Joe "stinky" Doe`... the `htmlspecialchars` helps prevent the break. – IncredibleHat Jul 26 '18 at 15:15
    • thank you so much for helping me and also about the SQL injection I will follow your suggestion :) thanks a lot :) – Gervin Jul 26 '18 at 15:16
    • @IncredibleHat I also had this kind of problem. Here is the thing. I want to pass several values to data table at the form submit event. Let's assume my form contain two `textboxe` (name, ID NO) and three `radio button` groups (gender, Eye color & Skin color) so I wanted to pass these as per one records. Simply I want to pass 5 rows at form submit type. So what I did is I named each form input element as like array. (ex: `values[]`) I print and check output of array. It only shows first two `textbox` and first radio button group. If you guide it means lot... – sashiksu Jul 26 '18 at 16:54
    0

    There are a lot of problems I see with your code.

    First of all you don't have any values in your Option.

    My guess is that you would need something like this:

    echo "<option value='$username $Lastname'> $type $username $Lastname</option>";

    Then you never submit task description or status so you should have them in your form to as <input> fields. Something like this:

    <input type="text" name="task"></input>

    Then you have some syntax problems like you never open and close php tags here

    <?php
if(isset($_POST['submit'])){
$patientname = $_POST['patientname'];
$task = $_POST['task'];
$description = $_POST['description'];
$status = $_POST['status'];
$date = date('Y-m-d H:i:s');
$query = $db ->query("INSERT INTO task VALUES('','$patientname', '$task', 
'$description', '$status', '$date')");
?>

    and later on you have only ? instead of ?>

    and also </optioin> instead of </option>

    And you never close the <div class="form-group"> with a </div>

    Dimitris Filippou
    • 809
    • 6
    • 12
    • I'm gonna give you an upvote. He accepted mine too quick. Gervin can always change his choice though! – IncredibleHat Jul 26 '18 at 15:16
    • 1
      @IncredibleHat I don't mind which question gets selected as long as OP understands what's wrong with his code and manages to solve his problems :) Thanks for the upvote though! – Dimitris Filippou Jul 26 '18 at 15:18
    • Yeah, I liked how you covered ALL the issues in his code example :) – IncredibleHat Jul 26 '18 at 15:18
    • @DimitrisFilippou thanks for your answer too :) but IncredibleHat was correct that the problem is in the option value which is blank :) – Gervin Jul 26 '18 at 15:18
    • @Gervin It would be good to upvote his answer as well instead of just selecting it as the correct answer :) And also be more careful with your code. Too many syntax mistakes for such a small code sample :) – Dimitris Filippou Jul 26 '18 at 15:20
    • @DimitrisFilippou okiee :) thank you so much! :) I hope you can still help me in my future coding problems because im still at beginner level :) – Gervin Jul 26 '18 at 15:23