0

I have code to return options for a dropdown box from a query. I have the function set up and the code it's grabbing from. When I check the appraisal_options.php page it shows the correct amount of items in the dropdown, but when I go to the page that is calling it, it doesn't show any of the results from the query lines. It does return the 'test' result that's manually coded.

function loadMake(dropdown_type) {
        const xhttp = new XMLHttpRequest();
        xhttp.onload = function () {
            document.getElementById( "make" ).innerHTML = this.responseText;
        }
        xhttp.open( "GET", "appraisal_options.php?type=" + dropdown_type, true );
        xhttp.send();
    }

/// Get results for Make from Type 
if ( $_GET['type'] ) {
    $type = $_GET[ "type" ]; 
    echo "<select id='make' name='make'> <option value='none' selected> Select a Make</option>";

    $make_query = mysqli_query( $con, "SELECT DISTINCT Make FROM UnitsOptions WHERE Type = '$type'" )or die( mysqli_error() );
    while ( $return = mysqli_fetch_array( $make_query ) ) {
        echo "<option onclick='loadYear()' value='".$return['Make']. "'>".$return['Make']."</option>";
    }
    
    echo "<option value='none' onclick='loadYear()'> test</option> </select>";
}
Nicole
  • 123
  • 3
  • 16
  • How are you calling `loadMake()`? What debugging have you done to narrow the issue down? Use your browsers development tools (and the "network" tab) to see what the ajax request and response actually looks like. Does it pass a valid type? – M. Eriksson Jun 06 '22 at 08:34
  • **Warning!** You're open to [SQL injection attacks](https://owasp.org/www-community/attacks/SQL_Injection)! Read [how to prevent SQL injection in PHP](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) by using prepared statements with bound parameters instead of injecting variables directly into your queries. It's not just about security. If your data contains, for example, a single quote `'`, your query will break. – M. Eriksson Jun 06 '22 at 08:35
  • It's a set of dropdown boxes that load more results, so the type dropdown box is loading into the make dropdown box. – Nicole Jun 06 '22 at 09:26
  • You can't just call `loadMake()` since that function requires the type as an argument. If you call it _without_ any argument (the type), then you have nothing to pass to PHP and PHP won't be able to fetch the correct data. Tbh, instead of having "onclick" on your options, you should read up on how to add event listeners on the "change" event (using JS) on those select boxes instead. – M. Eriksson Jun 06 '22 at 09:30
  • It's getting the type variable fine. On the appraisal_options.php page that has the query it echos with 3 options, the 'Select a Make', the option from the database, and the 'Test' option, but on the page that's loading the Ajax, when selected, I just see the 'Select a Make' and 'Test' options, and not the result from the database. – Nicole Jun 06 '22 at 09:30
  • I'll look into changing it to an event listener like you suggest – Nicole Jun 06 '22 at 09:34
  • Using event listeners are usually recommended over adding "onclick" events in HTML. However, one thing you could try is removing the `onclick` events on the options and add `onchange="loadMake(this.value)"` to your ` – M. Eriksson Jun 06 '22 at 09:37
  • Ahh, I was missing the this.value. I knew it was something easy I just wasn't seeing it. I'll still look into changing it to event handlers. Thanks! – Nicole Jun 06 '22 at 09:42

0 Answers0