0

I was wondering if it was possible to get a value from mysqli query and use it in the same page, if so how would I do that here?

$sql2 = "select artistName from ARTIST";
$result2 = $conn->query($sql2);
if($result2->num_rows != 0){
  echo "<p>Artist: <select artistname=\"artistName\">";
  while ($val2 = $result2->fetch_assoc()) {
  echo "<option value='$val2[artistName]'>$val2[artistName]</option>";
  }
echo "</select></p>";
}

I am trying to make this request below:

$addArt = "update ARTIST set Aname='$fileName' where artistName='$val2[artistName]'";

where filename is an arbitrary file

Dharman
  • 30,962
  • 25
  • 85
  • 135

1 Answers1

-1

Multiple issues:

  1. Mixed quotes:
    "<option value='$val2[artistName]'>$val2[artistName]</option>"
    "update ARTIST set Aname='$fileName' where artistName='$val2[artistName]'"

Unlike the double-quoted and heredoc syntaxes, variables and escape sequences for special characters will not be expanded when they occur in single quoted strings.

Reference: https://www.php.net/manual/en/language.types.string.php

  1. SQL Injection 
    "update ARTIST set Aname='$fileName' where artistName='$val2[artistName]'"

You need to be careful with how you get the value $val2[artistName] else it may lead to SQL Injection attack

Gaurav Singh Faujdar
  • 1,662
  • 1
  • 9
  • 13
  • at the moment there's nothing in the $val2[artistName] I was wondering how to get that value –  Apr 03 '20 at 22:00