0

I have a dropdown on a page. I wish to publish the selected option as a link to another web page. If a user selects Kenya in the code below, for example, the value is stored in a database and then the record is retrieved and published as a link to a certain page. See code below:

HTML:

<select name="country" id="country">
  <option value="kenya">Kenya</option>
  <option value="uganda">Uganda</option>
</select>

PHP/SQL

//Data saving
$user_country = $_POST['country']);
$sql = "INSERT INTO countries (country_name)
VALUES ($user_country)";



//publishing the saved data as a link

$sql = "SELECT user_country FROM countrydb";
$result = $conn->query($sql);
if ($result->num_rows > 0) && ($row["user_country"] = "kenya") {
  while($row = $result->fetch_assoc()) { 
    echo '<a href="kenya.php"> Kenya</a>';
  }
} 

elseif ($result->num_rows > 0) && ($row["user_country"] = "uganda") {
  while($row = $result->fetch_assoc()) { 
    echo '<a href="uganda.php">Uganda</a>';
  }
} 

else {
  echo "no results";
}
Henry Omondi
  • 33
  • 2
  • 1
    This doesn't sound like a great approach. Every time a user makes a selection you're going to add a database entry just to display it as a link on another page? Could you store the country into a url parameter for that page instead? – Phaelax z Oct 19 '21 at 14:41
  • @Phaelaxz, ADyson, thanks for the prompt response. This is just part of a big form. The reason for storing each selection is because each user is specific and must have their records independently. The records will be audited at some point. – Henry Omondi Oct 19 '21 at 14:57
  • **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) – Dharman Oct 19 '21 at 17:57

1 Answers1

0

It's not clear what the purpose of the database table is in this example - the data stored in it is just recording what the user selected, which PHP already knows, and doesn't seem to add any value. If I've misunderstood the purpose of it, you would need to clarify the question.

And also, if you have many countries in the list, hard-coding the if statements to generate the hard-coded links is going to get very tedious.

There are various ways you could improve this depending on exactly how you want it to work, but if you want to generate links, do it dynamically based on the user's selection, for example:

$user_country = $_POST['country']);
echo '<a href="'.$user_country.'.php">'.$user_country.'</a>';

To take it a step further, rather than having pre-defined pages for each country, (again depending on your exact requirements) you could possibly have a single page which just takes the country name as an input, and then retrieves information about that country from the database. You could also potentially make it redirect to the page immediately after the user has chosen that page in the dropdown, rather than generating a link which they then have to click on again to make the same selection. Those are some things to think about, according to how you want the application to work.

ADyson
  • 57,178
  • 14
  • 51
  • 63