0

I have an issue in a simple PHP MySQL project. When I try to fetch a record from a select option, it only gives me the id. I want the value from the select to be passed too.

<form class="form-style-9" method="POST" action="function.php?type=updatedistrict">``
    <ul>
    <li>ID:
      <input type="hidden" name="dist_id"  class="field-style field-full align-none"  value="<?php echo $ids;?>" readonly />

    </li>
    <li>District Name:
    <input type="text" name="name" class="field-style field-full align-none" value="<?php echo $names;?>" />
    </li>
    <li>Postal Code:
    <input type="text" name="code" class="field-style field-full align-none" value="<?php echo $codes;?>"/>
    </li>
    <li>Province
    <select name="province_id" class="form-control">
      <option value="">Select Province</option>
      <?php
      $sql = mysqli_query($conn, "SELECT id, province From province");
      $row = mysqli_num_rows($sql);
      while ($row = mysqli_fetch_array($sql)){
      echo "<option value='". $row['id'] ."'>" .$row['province'] ."</option>" ;
      }
      ?>
      </select>

    <li>
    <input type="submit" value="Update" name="submit" />
    </li>
    </ul>
    </form>

This is the update function code:

case 'updateprovince':
if (isset($_POST['submit'])) {
          $id = $_POST['dist_id'];
          $prov_id= $_POST['province_id'];
          

          $query=$conn->query("UPDATE province SET province='$prov_id' where id='$id'");
          if ($query) {
            echo '<script> window.location.replace("province.php");
                  </script>';
          }

          else
          {
            echo "issue";
          }
      }


break;
Morgosus
  • 807
  • 5
  • 18
Muhammad Uzair
  • 11
  • 4
  • where exactly do you want the value? after the submit along with the id? – Morgosus Sep 10 '20 at 19:25
  • i want to update the data in the database but when I put – Muhammad Uzair Sep 10 '20 at 19:29
  • 2
    **Warning:** You are wide open to [SQL Injections](https://stackoverflow.com/a/60496/1839439) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) – Dharman Sep 10 '20 at 19:46

1 Answers1

0

You can post your province name instead of the id this way:

echo "<option value='". $row['province'] ."'>" .$row['province'] ."</option>" ;

Your $_POST['province_id'] will then contain the province value instead of the current id.

A way to pass along both the id and the value (in case you need to retain the id for some additional processing) through your option would be this:

echo "<option value='". $row['id'] . '|'. $row['province'] ."'>" .$row['province'] ."</option>" ;

Then after the submit, you'd simply split the two by the '|' delimiter.

if (isset($_POST['submit'])) {
    $id = $_POST['dist_id'];
    $province = explode('|', $_POST['province_id']);
    $province_id = $province[0]
    $province_name = $province[1]
Morgosus
  • 807
  • 5
  • 18
  • how i can get data from database when I click the button and the button link I include the update.php?id='.$row['did'].'& dname='.$row['dname'].'& pcode='.$row['pcode'].' & pid='.$row['pid'] so how I just take the id and then fetch the other data in the update page? – Muhammad Uzair Sep 10 '20 at 19:50