0

I just started learning php, i have a long way to go but i really need help with this.

So I have a page where a logged in user can create tasks and that user can select the user for who the task is. I need to do an insert query where i'll need the ID of the person selected by the user who is logged in.

This is the code that's above my HTML: 

$userId = $_SESSION['id'];

$Users = "SELECT * FROM users";
$Result2 = $db->query($Users);

if(isset($_POST['submit'])){
$project = $_POST['Project'];
$task = $_POST['task'];
$user = $_POST['User'];
$date = $_POST['date'];

    $query = "INSERT INTO events (projectId, userId, name, date)
              VALUES ('','', '$task', '$date')";

    $result = $database->query($query);
    echo "it worked";



}

This is the code in my HTML select tag, where the logged in user can select the person.

<?php

while ($row2 = mysqli_fetch_assoc($Result2)) {
       $uid = $row2['id'];
       $name = $row2['name'];
       $lastName = $row2['lastname'];

       echo "<option>" . $name . " " . $lastName . " " . $uid . "</option>";
         }


 ?>

The problem is that I need to put the $uid variable, that's currently in the whileloop in my HTML select element, IN the first if statement above my HTML. I have tried everything but i cant seem to figure out how. It perfectly shows all of the users and their ID numbers, I just need to grab them and put them in my if statement.

Improve this question
5
  • stackoverflow.com/questions/7337743/… Commented Apr 19, 2015 at 23:39
  • I tried giving it a empty variable and then echoing it, but it doesnt work... Commented Apr 19, 2015 at 23:48
  • 1
    <option value="$uid"> .... then it should be available in $_POST['whateveryourselectfieldiscalled'] Commented Apr 19, 2015 at 23:50
  • Thanks I can't believe I have been stuck to this all day you made my day! Commented Apr 19, 2015 at 23:56
  • gotta hate the simple ones you can't see Commented Apr 19, 2015 at 23:58

1 Answer 1

Reset to default
0

Your <option>tags are surely in a <select> tag. You have to give a name to your select, and that name will be the POST parameter name you can use in your PHP server-side code. Also, you have to assign a value attribute to each option.

Your HTML print procedure become

<?php

echo '<select name="uid">';
while ($row2 = mysqli_fetch_assoc($Result2)) {
       $uid = $row2['id'];
       $name = $row2['name'];
       $lastName = $row2['lastname'];

       echo "<option value='".$uid."'>" . $name . " " . $lastName . " " . $uid . "</option>";
         }
echo '</select>';  

 ?>

and you PHP server-side code become

$userId = $_SESSION['id'];

$Users = "SELECT * FROM users";
$Result2 = $db->query($Users);

if(isset($_POST['submit'])){
$project = $_POST['Project'];
$task = $_POST['task'];
$user = $_POST['User'];
$date = $_POST['date'];

$uid = $_POST["uid"];

$query = "INSERT INTO events (projectId, userId, name, date) VALUES ('','', '$task', '$date')";
$result = $database->query($query);
echo "it worked";
}

If you're learning PHP, I advise to start correctly. Never access your superglobal parameters $_GET and $_POST directly without sanitize your inputs. Use some functions like filter_input()

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

if you're going to mention sanitising data, you could at least mention prepared statements and parameter binding, as well as some indication of WHY to do this.
Of course, but not in this case. He said he's learning, it's useless to give a 10-pages long answer for a question like this. Maybe he's already aware about this, I've only given a link where he can study in his own way. If he wants to go deeper, he can open another dedicated question; sanitising inputs is not a matter that you can discuss fleetingly.
i disagree. simply saying 'never do this' and 'always do that' are useless without a basic description of 'why'.
I didn't say "never do this" in any case, I said it after viewing a sourcecode where he's putting POST variables directly in his DB. And no, in this case there are no exceptions since you are receiving your inputs by an HTML form. Anyway, I respect your POV, even if I disagree.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.