0

I am contemplating taking the next step with my PHP applications and making the option fields dynamic. That would open the doors for more automation.

I have drop downs throughout my project, they are used to select a specific user and I update them manually when a new user is added (which is also a manual process). But if i take the first step and make these drop downs become populated by a MySQL Database, then i can move on to dynamic user creation.

I know how I can achieve this, but I am curious about some other alternatives (If there is any).

Here is what I would do..

$query = ** MySQL Select * From Database Query **

echo '<select name="usernames">';

while($row == mysql_fetch_array($query))
{
     echo '<option>' . $row['username'] . '</option>';
}

echo '</select>';

So my questions is, would you do this differently? And why? Thanks!

Improve this question

4 Answers 4

Reset to default
1

What you are doing will work fine. I like to make it into a function so that if I ever need that dropdown on another page I dont have to write a lot of code over again.

function userDD()
{
   $query = ** MySQL Select * From Database Query **
   $html = '<select name="usernames">';

   while($row == mysql_fetch_array($query))
   {
        $html .= '<option>' . $row['username'] . '</option>';
   }

   $html .= '</select>';

   return $html;
}

This code does exactly what your code does except it doenst use echo. Instead you use a variable ($html) to store all of the data then when you are done you return it.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Can you show me an example of how this can be used in a function? I know how to make a function but I'm not sure how it can be applied here. It would help me a lot.
I just added an example of your code in a function. You do everything the same except you store everything in a variable instead of echoing it. When everything is done you just return the html.
1

Your way is fine, but two things need to be changed:
- Run htmlentities() or htmlspecialchars() on all echoed HTML to avoid XSS. Unless you already sanitized it at database entry time but I find this practice silly.
- Add a value attribute to each <option> tag, otherwise you won't be able to retrieve the username selected. I suggest using the username's corresponding ID or something else that's unique to that user. If it's a string, use htmlentities/htmlspecialchars on it too.

Improve this answer

1 Comment

This is not true. If there is no value="xyz on each <option>, it will return the text from the selected option. However, I do agree that providing an option (normally something like an ID) is the best way forward.
1

php file

$users = getUsers();

include('template.tpl');

template

<select name="username">
<?php foreach( $users as $user ): ?>
    <li><?= e( $user['username'] ) ?></li>
<?php endforeach; ?>
</select>

e is a function that escapes strings to prevent xss attacks

Improve this answer

1 Comment

@chris Also, the alternative loop syntax shown here makes this code much easier to read. Inlining HTML code into your PHP statements is bad news bears.
0

I wouldn't put an SQL query in the same document as my output...

I'd create a document containing all SQL queries, in functions, and include that file. Just to keep things seperated.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.