Page 1 of 1
php self submit quiry
Posted: Tue Jan 09, 2007 5:49 am
by mark16
feyd | Please use Code: Select all
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
Hey guys,
im currently trying to self_submit a form and pass the selected drop options by the user to itself as variables.
I have it working but when i press submit, it loads a blank page with the desired results on it, how do i make it show the results on the same page as i choose them from.
Code: Select all
<form method="post" action="<?php echo $me;?>">
$Year = $_POST["DYear"];
if (!isset($_POST['submit'])) { // if page is not submitted to itself echo the form
?>
<?
} else {
echo "<b>$Squad</b>";
}
?>
Above is some of the code i used.
Any help appreciated.
mark
feyd | Please use Code: Select all
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
Posted: Tue Jan 09, 2007 6:23 am
by mark16
i removed the if else part and it seems to be working now the way i want, would that be ok or is there a better way
Posted: Tue Jan 09, 2007 8:20 am
by feyd
How are you generating $me?
The output from the script would have to match the original output in some fashion. If removing the conditional does this for you, then it is certainly a viable solution.
Posted: Tue Jan 09, 2007 9:01 am
by mark16
im not generating $me, i thought it was some reserved word for self_submitting.
I saw it on some site.
Other than that im not sure because im new to php.
It seems to post data and the data is stored in variables because i can display the contents of the variables.
But i can not use those variables in sql statements, would you have any idea why?
Posted: Tue Jan 09, 2007 9:35 am
by feyd
mark16 wrote:im not generating $me, i thought it was some reserved word for self_submitting.
I saw it on some site.
I see. $me is not automatically generated by PHP. The reason I've asked is because all too often many people, newcomers and old farts alike, use the PHP_SELF variable because it refers to the URL that is currently being requested. The problem is it includes user input; input that can lead to injection of information into the HTML that was not intended. To submit back to the page which is displaying the form you can simply use "#" as the action to avoid this security hole. Pretty simple solution.
mark16 wrote:But i can not use those variables in sql statements, would you have any idea why?
I'd like to see the code before I attempt to give you a reason.
Posted: Tue Jan 09, 2007 11:34 am
by mark16
feyd | Please use Code: Select all
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
sorry about the mess, ive been changing and shifting code all over the place.
Basically i wanted just to pull info from a database to populate 4 drop down boxes.
then have user select info from the 4 boxes.
then submit page to itself, store those 4 selected options in variables.
then on the same page display a table, made up of info from a database, the mysql statement is dependent on the reults from the user choices.
Code: Select all
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Results Page</title>
</head>
<body>
<form method="post" action="<?php echo $me;?>">
<?php
$Squad = $_POST["DSquad"];
$Swimmer = $_POST["DSwimmer"];
$Event = $_POST["DGala"];
$Year = $_POST["DYear"];
if (!isset($_POST['submit'])) { // if page is not submitted to itself echo the form
?>
<?php
$dbh=mysql_connect ("localhost", "*******", "<*******>") or die ('I cannot connect to the database because: ' . mysql_error());
mysql_select_db ("waterfo1_Results");
?>
<div align="center">
<p> </p>
<table border="0" width="100%" cellspacing="0" cellpadding="0" id="table1">
<tr>
<td>Choose Squad</td>
<td>Choose Swimmer</td>
<td>Choose Gala</td>
<td>Choose Year</td>
</tr>
<tr>
<td><select size="1" name="DSquad">
<?php
$query2 = "SELECT DISTINCT Squad FROM Swimmers";
$squad=mysql_query($query2);
$num2=mysql_numrows($squad);
$i2=0;
while ($i2 < $num2) {
$squad2=mysql_result($squad,$i2,"Squad");
?>
<option><?php echo "$squad2"; ?></option>
<?php $i2++; }?>
</select></td>
<td><select size="1" name="DSwimmer">
<?php
$query3 = "SELECT Name FROM Swimmers";
$Name=mysql_query($query3);
$num3=mysql_numrows($Name);
$i3=0;
while ($i3 < $num3) {
$Name2=mysql_result($Name,$i3,"Name");
?>
<option><?php echo "$Name2"; ?></option>
<?php $i3++; }?>
</select></td>
<td><select size="1" name="DGala">
<?php
$query3 = "SELECT DISTINCT Gala FROM Results";
$Result=mysql_query($query3);
$num4=mysql_numrows($Result);
$i4=0;
while ($i4 < $num4) {
$Result2=mysql_result($Result,$i4,"Gala");
?>
<option><?php echo "$Result2"; ?></option>
<?php $i4++; }?>
</select></td>
<td><select size="1" name="DYear">
<?php
$query4 = "SELECT DISTINCT Year FROM Results";
$Year=mysql_query($query4);
$num5=mysql_numrows($Year);
$i5=0;
while ($i5 < $num5) {
$Year2=mysql_result($Year,$i5,"Year");
?>
<option><?php echo "$Year2"; ?></option>
<?php $i5++; }?>
</select></td>
</tr>
</table>
</div>
<table border="0" width="10%">
<tr>
<td><input type="submit" value="Submit" name="submit"></td>
<td><input type="reset" value="Reset" name="B2"></td>
</tr>
</table>
</form>
<?php
} else {
$dbh=mysql_connect ("localhost", "*******", "<*****>") or die ('I cannot connect to the database because: ' . mysql_error());
mysql_select_db ("waterfo1_Results");
$Event_query = "SELECT Event FROM Results where Swimmer='$Swimmer' && Gala='$Event' && Year='$Year'";
$Event_Result=mysql_query($Event_query);
$num6=mysql_numrows($Event_Result);
$i6=0;
while ($i6 < $num6) {
$Event2=mysql_result($Event_Result,$i6,"Event");
?>
<table align="center" border="0" width="50%" id="table2">
<tr>
<td width="306">Swimming Event</td>
<td>Time</td>
</tr>
<tr>
<td width="306"><?php echo "<b>$Event2</b>"; $i6++; } ?> </td>
<td></td>
</tr>
</table>
<?php
}
?>
</body>
</html>
any help appreciated or links to good examples.
mark
feyd | Please use Code: Select all
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]