tags:

views:

141

answers:

4
Q: 

Using MySQL Databases and PHP to Populate forms.

I am contemplating taking the next step with my PHP applications and making the option fields dynamic. That would open the doors for more automation.

I have drop downs throughout my project, they are used to select a specific user and I update them manually when a new user is added (which is also a manual process). But if i take the first step and make these drop downs become populated by a MySQL Database, then i can move on to dynamic user creation.

I know how I can achieve this, but I am curious about some other alternatives (If there is any).

Here is what I would do..

$query = ** MySQL Select * From Database Query **

echo '<select name="usernames">';

while($row == mysql_fetch_array($query))
{
     echo '<option>' . $row['username'] . '</option>';
}

echo '</select>';

So my questions is, would you do this differently? And why? Thanks!

+1  A: 

Your way is fine, but two things need to be changed:
- Run htmlentities() or htmlspecialchars() on all echoed HTML to avoid XSS. Unless you already sanitized it at database entry time but I find this practice silly.
- Add a value attribute to each <option> tag, otherwise you won't be able to retrieve the username selected. I suggest using the username's corresponding ID or something else that's unique to that user. If it's a string, use htmlentities/htmlspecialchars on it too.

Etienne Perot  2009-05-31 14:52:59
Thanks for the suggestions
Chris B.  2009-05-31 16:31:16
This is not true. If there is no value="xyz on each <option>, it will return the text from the selected option. However, I do agree that providing an option (normally something like an ID) is the best way forward.
Splash  2009-06-01 16:30:14
A: 

I wouldn't put an SQL query in the same document as my output...

I'd create a document containing all SQL queries, in functions, and include that file. Just to keep things seperated.

WebDevHobo  2009-05-31 14:57:58
+1  A: 

What you are doing will work fine. I like to make it into a function so that if I ever need that dropdown on another page I dont have to write a lot of code over again.

function userDD()
{
   $query = ** MySQL Select * From Database Query **
   $html = '<select name="usernames">';

   while($row == mysql_fetch_array($query))
   {
        $html .= '<option>' . $row['username'] . '</option>';
   }

   $html .= '</select>';

   return $html;
}

This code does exactly what your code does except it doenst use echo. Instead you use a variable ($html) to store all of the data then when you are done you return it.

Josh Curren  2009-05-31 15:01:07
Can you show me an example of how this can be used in a function? I know how to make a function but I'm not sure how it can be applied here. It would help me a lot.
Chris B.  2009-05-31 16:33:34
I just added an example of your code in a function. You do everything the same except you store everything in a variable instead of echoing it. When everything is done you just return the html.
Josh Curren  2009-06-01 16:11:12
+1  A: 

php file

$users = getUsers();

include('template.tpl');

template

<select name="username">
<?php foreach( $users as $user ): ?>
    <li><?= e( $user['username'] ) ?></li>
<?php endforeach; ?>
</select>

e is a function that escapes strings to prevent xss attacks

Galen  2009-06-01 04:51:26
@chris Also, the alternative loop syntax shown here makes this code much easier to read. Inlining HTML code into your PHP statements is bad news bears.
Pro777  2009-06-01 16:17:54

related questions

Remove Quotes and Commas from a String in MySQL
What's the best way of converting a mysql database to a sqlite one?
How do you manage databases in development, test, and production?
Multiple foreign keys?
Add 1 to a field (MySQL)
Issues using MS Access as a front-end to a MySQL database back-end?
Bigger than a char but smaller than a blob
How do I retrieve my MySQL username and password?
Long-time LAMP Developer moving to VB.NET
How do I Concatenate entire result sets in MySQL?
Full complete MySQL database replication? Ideas? What do people do?
SQL: Distribution of table in time
SQLite vs MySQL
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Multiple Updates in MySQL
MySQL/Apache Error in PHP MySQL query
What all do I need to escape when sending a (My)SQL query?
Auto Generate Database Diagram MySQL
Mechanisms for tracking DB schema changes
How big can a MySQL database get before performance starts to degrade.
Python and MySQL
SQL Server 2005 implementation of MySQL REPLACE INTO?
How to export data from SQL Server 2005 to MySQL
Throw Error In MySQL Trigger
Binary Data in MySQL