Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Display MySQL value after select box onchange

Posted on 2008-10-21
4
Medium Priority
?
2,830 Views
Last Modified: 2012-08-13
I have a database containing computer components. When i select a value from the 'components' select box, i want to display the highest id number in the box 'id'.
This way i can prevent double id's in the database. The values from the 'components' select box are the same as the table names which will make it easier to select them and place them in the query.
I'm new to php/mysql but i do understand the code when i see it so no noob explanations required. If it needs to be mixed with javascript that will be fine.

Any help will be much appreciated. For more details just ask and i'll tell you what i can.

Cheers, Michael
<form id="addComponents" name="addComponents" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
 
<div class="input">Component:
  <select id="components" name="components" onblur="checkInput('components');">
    <option value="none" selected="selected"> (Select component type)   </option>
    <option value="mainboards">mainboards</option>
    <option value="processors">processors</option>
    <option value="memory">memory</option>
  </select>
</div>
 
<div class="input">ID:<input id="id" type="text" name="id" maxlength="6" onblur="checkInput('id');" /></div>
 
/* SOME CODE */
 
<?php
  if(isset($_POST['submit'])) {
    $con = mysql_connect("localhost","###user###","###pass###");
    if (!$con) {
      die('Could not connect: ' . mysql_error());
    }
    mysql_select_db("components", $con);
    $sql = "INSERT INTO $_POST[components] (id, manufacturer, model, price, url, chipset, category) VALUES ('$_POST[id]','$_POST[manufacturer]','$_POST[model]','$_POST[price]','$_POST[url]','$_POST[chipset]','$_POST[categories]')";
    if (!mysql_query($sql,$con)) {
      die('Error: ' . mysql_error());
    }
    echo "<script type='text/javascript'> showMessage('success'); </script>";	
    mysql_close($con);
  }
?>

Open in new window

0
Comment
Question by:mverschoof
  • 2
  • 2
4 Comments
 
LVL 10

Accepted Solution

by:
wildzero earned 2000 total points
ID: 22765738
Hi there,

Couple of things... first off you are doing stright user input into the databse, this is a security risk. ALL user input should be sanatized.

The second thing, are you sure you need to enter the ID manually? MYSQL allows you to set a column to autoincrement - you usually do this to ID / primary key columns and it's taken care of it for you, no duplicates.

If you want to have a column for say, supplier id or something then create another column for this, but still keep the id column. Make sure the id column is an integer and set as primary and auto inc.

Lasty, if you really do need the id to come up when you change list box then you'll need to use AJAX to handle that for you. But I don't think it's needed.

Have a look over, and if you really need to put in the id, then we can go through it :-)

0
 
LVL 5

Author Comment

by:mverschoof
ID: 22765815
Maybe your right about the auto increment. It is easier and faster.

About the security risk. This is not a problem since i'm the only one who will use it in a secured admin section.

Thansk for your insight!
0
 
LVL 10

Expert Comment

by:wildzero
ID: 22765852
Hi there,

Thats good to know but it's good practise I find.
As long as your doing it through-out the rest of your site, because if you are doing something like, view.php?category=10
and just using $_GET['category'] with-out sanatizing someone could exploit that.

:-)
0
 
LVL 5

Author Comment

by:mverschoof
ID: 22765914
I use post values so i think it won't be an issue. And i post to the same page through PHP_SELF so nothing will be shown in the url.
The page itself will be password protected so i think i've got it covered.

Thanks again for your insights and if you have more tips i (and others reading this question) will be very interested in them.

Cheers, Michael
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows the steps required to install WordPress on Azure. Web Apps, Mobile Apps, API Apps, or Functions, in Azure all these run in an App Service plan. WordPress is no exception and requires an App Service Plan and Database to install
Containers like Docker and Rocket are getting more popular every day. In my conversations with customers, they consistently ask what containers are and how they can use them in their environment. If you’re as curious as most people, read on. . .
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
Suggested Courses

577 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question