passing parameters to html select from php

Question

I would like to pass php parameters to an html select options tag. it works fine for an input tag using the value attribute as follows:

<input type="text" name="to" value= "<?php echo $parameter ?>" size=10>

I tried to do the same for the select tag, but some reason its not working. Below is the select tag:

<select name="clinic">
    <option value="<?php echo $clinicName; ?>" >Baylor</option>
    <option value="<?php echo $clinicName; ?>" >IDCC</option>
</select>

Please note that the parameter would need to passed to an sql statement below these above statements as follows:

$clinicName = $_POST['clinic'];
$sql = "select * from patients where clinic = '$clinicName'";

What do you mean by PHP parameter? I take it that you have some database that is returning the values? Should work fine. Maybe you need to at some more code or be more precise. — Bas Slagter, Mar 05 '12 at 14:39
*(suggested reading)* http://stackoverflow.com/questions/332365/xkcd-sql-injection-please-explain — Gordon, Mar 05 '12 at 14:41
Doesn't that code give you a select where all the options have the same value (i.e. what $clinicName contains)? — Michael Sandino, Mar 05 '12 at 14:41
You need to loop over the possible values as currently you are just using the same clinic name twice. — diolemo, Mar 05 '12 at 14:41
One of the most confusing questions I've seen so far. Anything you can do to clarify it would help greatly. — Dave, Mar 05 '12 at 14:41
First, why do you want both options to have the same value? Second, what is the actual html that the browser gets? And you shouldn't use the data from `$_POST` directly in your sql, makes sql injection possible. — Corubba, Mar 05 '12 at 14:42
Please specify the error that you are getting, and at what point you are getting the error. Is it before or after submitting? — Frankline, Mar 05 '12 at 14:43

score 0 · Answer 1 · answered Mar 05 '12 at 14:43

Should do the trick

<select name="clinic">
    <option <?php echo ($clinicName=="Baylor" ? "selected" : ""; ?> value="Baylor">Baylor</option>
    <option <?php echo ($clinicName=="IDCC" ? "selected" : ""; ?> value="IDCC">IDCC</option>
</select>

Also, as someone above me mentioned in the comments, you need to read up on SQLi otherwise your site is just one more to the list of already-hacked.

score 0 · Answer 2 · answered Mar 05 '12 at 14:44

Are you trying to set the current selected value on the <select>? If so, you need to use if statements to check which one to mark as selected:

<option value="Baylor"<?php if($clinicName == 'Baylor') echo ' "selected"'?>>Baylor</option>
<option value="IDCC"<?php if($clinicName == 'IDCC') echo ' "selected"'?>>IDCC</option>

Instead of the if, you could also use the ternary operator:

<option value="Baylor"<?php echo $clinicName == 'Baylor' ? ' "selected"' : ''?>>Baylor</option>
<option value="IDCC"<?php echo $clinicName == 'IDCC') ? ' "selected"' : ''?>>IDCC</option>

score 0 · Answer 3 · answered Mar 05 '12 at 14:45

First of all, please sanitize your SQL query. Right now it is more exploitable than Lindsay Lohan. If you use mysql_* functions, then write it as:

$sql = "select * from patients where clinic = '".mysql_real_escape_string($clinicName)."'";

Secondly, in your HTML the $clinicName is the same on both cases. So the $_POST['clinic'] will always be the same no matter what. If you want to pre-select a value, then you need to write it as:

<select name="clinic">
    <option value="Baylor" <?php if($clinicName=='Baylor'){ echo 'selected'; } ?>>Baylor</option>
    <option value="IDCC" <?php if($clinicName=='IDCC'){ echo 'selected'; } ?>>IDCC</option>
</select>

Other than that, I remain a bit confused about your question.

score 0 · Answer 4 · answered Mar 05 '12 at 14:50

0

Copy this in your HTML tag

<select name="clinic">
<option value="baylor" >Baylor</option>
<option value="IDCC" >IDCC</option></select>

And this before your HTML tag

<?php 
echo $clinicName = $_POST['clinic'];
?>

answered Mar 05 '12 at 14:50

Rizwan Mumtaz

3,875
2
30
31

passing parameters to html select from php

4 Answers4