Display MySQL value after select box onchange

I have a database containing computer components. When i select a value from the 'components' select box, i want to display the highest id number in the box 'id'.
This way i can prevent double id's in the database. The values from the 'components' select box are the same as the table names which will make it easier to select them and place them in the query.
I'm new to php/mysql but i do understand the code when i see it so no noob explanations required. If it needs to be mixed with javascript that will be fine.

Any help will be much appreciated. For more details just ask and i'll tell you what i can.

Cheers, Michael
<form id="addComponents" name="addComponents" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
 
<div class="input">Component:
  <select id="components" name="components" onblur="checkInput('components');">
    <option value="none" selected="selected"> (Select component type)   </option>
    <option value="mainboards">mainboards</option>
    <option value="processors">processors</option>
    <option value="memory">memory</option>
  </select>
</div>
 
<div class="input">ID:<input id="id" type="text" name="id" maxlength="6" onblur="checkInput('id');" /></div>
 
/* SOME CODE */
 
<?php
  if(isset($_POST['submit'])) {
    $con = mysql_connect("localhost","###user###","###pass###");
    if (!$con) {
      die('Could not connect: ' . mysql_error());
    }
    mysql_select_db("components", $con);
    $sql = "INSERT INTO $_POST[components] (id, manufacturer, model, price, url, chipset, category) VALUES ('$_POST[id]','$_POST[manufacturer]','$_POST[model]','$_POST[price]','$_POST[url]','$_POST[chipset]','$_POST[categories]')";
    if (!mysql_query($sql,$con)) {
      die('Error: ' . mysql_error());
    }
    echo "<script type='text/javascript'> showMessage('success'); </script>";	
    mysql_close($con);
  }
?>

Open in new window

LVL 5
mverschoofAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

wildzeroCommented:
Hi there,

Couple of things... first off you are doing stright user input into the databse, this is a security risk. ALL user input should be sanatized.

The second thing, are you sure you need to enter the ID manually? MYSQL allows you to set a column to autoincrement - you usually do this to ID / primary key columns and it's taken care of it for you, no duplicates.

If you want to have a column for say, supplier id or something then create another column for this, but still keep the id column. Make sure the id column is an integer and set as primary and auto inc.

Lasty, if you really do need the id to come up when you change list box then you'll need to use AJAX to handle that for you. But I don't think it's needed.

Have a look over, and if you really need to put in the id, then we can go through it :-)

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mverschoofAuthor Commented:
Maybe your right about the auto increment. It is easier and faster.

About the security risk. This is not a problem since i'm the only one who will use it in a secured admin section.

Thansk for your insight!
0
wildzeroCommented:
Hi there,

Thats good to know but it's good practise I find.
As long as your doing it through-out the rest of your site, because if you are doing something like, view.php?category=10
and just using $_GET['category'] with-out sanatizing someone could exploit that.

:-)
0
mverschoofAuthor Commented:
I use post values so i think it won't be an issue. And i post to the same page through PHP_SELF so nothing will be shown in the url.
The page itself will be password protected so i think i've got it covered.

Thanks again for your insights and if you have more tips i (and others reading this question) will be very interested in them.

Cheers, Michael
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.