#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2008
    Posts
    51
    Rep Power
    7

    Elseif in drop down select form


    Hi, the form below drops down a list of users.

    I would like to add an elseif statement where it shows only one option value.
    That is to say, if (isset($_SESSION['login_rights']) and $_SESSION['login_rights'] < 3) then show only select option where field= '".$field."'" .

    Where would I plug in the values in the form to make it work?

    Any help would be greatly appreciated. REALLY!
    Thanks!

    PHP Code:
    <form method="post">
    <select name="section" size="1" onchange="this.form.submit();"> 
      
    <option value="nothing">Select</option>

    <?php $Users=mysql_query("Select * from " .$table_customer" where rights=2 and groupfield= '".$groupfield."'");

    if(isset(
    $Users)) { if(mysql_num_rows($Users)>0){ while($us=mysql_fetch_array ($Users)){
    $sel="";
    if (
    $us['id']==$customer_id)
    $sel='selected="selected"';
    echo 
    '<option value="' $us['id'] .'"' .$sel .' >'.$us['first_name']." ".$us['last_name']."</option>";
    }}}

    ?>
    </select>
    </form>
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Loyal (3000 - 3499 posts)

    Join Date
    Jul 2003
    Posts
    3,337
    Rep Power
    594
    1) I see some very poor programming practices that makes your code very difficult to read. You need to format your code with proper blocks and use indentation. Based on what you posted it is not clear what you are really asking and your hard-to-read code does not help.
    2) You should not be using the deprecated MySQL extensions. While you are reformatting your code, switch to PDO.
    There are 10 kinds of people in the world. Those that understand binary and those that don't.
  4. #3
  5. Sarcky
    Devshed Supreme Being (6500+ posts)

    Join Date
    Oct 2006
    Location
    Pennsylvania, USA
    Posts
    10,846
    Rep Power
    6351
    PHP Code:
    <?php 

    $sql 
    "Select * from " .$table_customer" where rights=2 and groupfield= '".$groupfield."'";

    if (isset(
    $_SESSION['login_rights']) && $_SESSION['login_rights'] < 3) {
      
    $sql .= " AND someField = '" $someValue "'";
    }

    $Users=mysql_query($sql);
    You should be escaping any user-submitted or variable values with mysql_real_escape_string.

    You should also be using mysqli or PDO.
    Last edited by ManiacDan; February 27th, 2013 at 02:49 PM.
    HEY! YOU! Read the New User Guide and Forum Rules

    "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin

    "The greatest tragedy of this changing society is that people who never knew what it was like before will simply assume that this is the way things are supposed to be." -2600 Magazine, Fall 2002

    Think we're being rude? Maybe you asked a bad question or you're a Help Vampire. Trying to argue intelligently? Please read this.
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2008
    Posts
    51
    Rep Power
    7
    thanks for your reply GW1500se and ManiacDan.

    I'm going to redo the codes with PDO...and restructured see if it works...

    The code was written by some guy I hired a year ago-before I knew anything about PHP. It works so I thought nothing of it. But I'm learning PHP now and am just studying the codes I have before me....
  8. #5
  9. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,957
    Rep Power
    1046
    Originally Posted by eropsy
    The code was written by some guy I hired a year ago-before I knew anything about PHP. It works so I thought nothing of it.
    Well, hopefully you've learnt from that experience.

    Whether or not code "works" tells you nothing about its quality, especially when "verifying" it merely consist of checking the output.

    Pretty much anybody can throw some HTML together for a couple of bucks. Problem is, this is only the easy part of the job. The hard part consists of structuring the code properly, using functionalities in an intelligent way, making the code readable, taking care of security and error handling etc. And that's what those One dollar programmers usually don't get right.

    So don't stop at "it works". Should you ever want to hire somebody again, let him/her give you some example code first and have it checked by people who know their stuff (friends, online communities etc.). In this particular case, you'd have found out very soon that this guy knows nothing about security or modern PHP, let alone good code.

    This suggestion also applies to your own code. "It works" is not enough, so don't be satisfied just because your code happens to output the right data.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  10. #6
  11. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2008
    Posts
    51
    Rep Power
    7
    Yup, I'm just finding that out.

    Well, I cleaned up the code that the guy wrote for me. It was messy with alot of unnecessary stuff in it. I changed it to this.


    PHP Code:
    <form method="post">

    <select name="section" size="1" onchange="this.form.submit();">   
    <option value="nothing">Select</option>
    <?php

    $result 
    mysql_query("Select * from " .$table_customer" where rights=2 and groupfield= '".$groupfield."'");
    while(
    $data=mysql_fetch_array ($result)){
    $sel="";
    if (
    $data['id']==$customer_id)
    $sel='selected="selected"';
    echo 
    '<option value="' $data['id'] .'"' .$sel .' >'.$data['company']." </option>";
    }

    ?>
    </select>
    </form>

    I'm not going to change it to any of the new APIs because this little scrap of code is embedded in a bigger program using the old MySql....

    It isn't a new development...

    I still have to figure out how to add the elseif in there.
    Last edited by eropsy; February 27th, 2013 at 04:47 PM.
  12. #7
  13. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Jun 2009
    Posts
    676
    Rep Power
    7
    Well, are you truely aiming for an elseif, or would an if/else suffice? Say a liquor store checks age to provide a drop-down of liquors... Their drop-down options could be similar to:
    PHP Code:
    if($age >= 21) { ?>
      <option value="vodka">Vodka Name</option>
      <option value="rum">Rum Name</option>
      <option value="whiskey">Whiskey Name</option>
    <?php } else { ?>
      <option value="under21">I'm sorry. You are not of legal age.</option>
    <?php }
    Otherwise, if you do wish for the elseif...
    PHP Code:
    // Simply change:
    } else {
    // into
    } elseif($age 21) { 
    'else' will ALWAYS run if the prior if() fails. elseif() will ONLY run if the prior if() fails, AND the statement within is TRUE.

    And a little suggestion... Try your best to hold items, no matter how long/short, within tags, such as...
    PHP Code:
    // Your statement
    if ($data['id']==$customer_id)
    $sel='selected="selected"';

    // Suggested.
    if ($data['id']==$customer_id) {
      
    $sel='selected="selected"';
    }

    // Or even, if single/short line...
    if ($data['id']==$customer_id) { $sel='selected="selected"'; } 
    Last edited by Triple_Nothing; February 27th, 2013 at 07:47 PM.
  14. #8
  15. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,957
    Rep Power
    1046
    Originally Posted by eropsy
    I'm not going to change it to any of the new APIs because this little scrap of code is embedded in a bigger program using the old MySql....
    That does not release you from securing your data. Both your database values and your HTML values must be escaped. See this thread for further explanations.

    Obviously you aren't aware of it, but letting your visitors change your database queries and your HTML pages can have serious consequences, especially since this seems to be some kind of online shop. Losing the customer data and payment info to some frauds is not funny.

    So you should take this seriously. Be glad that nothing has happened yet, but don't rely on it.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  16. #9
  17. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2008
    Posts
    51
    Rep Power
    7
    ThanksTripleNothing for you help. Still working on it.

    Thanks Jacques for your feedback. No worries about security issues there.
    I'm just in autodidactic school right now. I take issues of securities and privacy very seriously. I don't plan on compromising my personal data or anyone else who's entrusted their personal data to me were I ever to do any business online one day.

    BTW, I already visited your link a few days ago on
    The 6 worst sins of security , and
    http://php.net/manual/en/mysqlinfo.api.choosing.php

    Can't learn all that you guys know and have experience in for years in a couple of days....taking it one little scrap code at a time...this one => the drop down select options....

    It's pretty amazing all this stuff - and thanks to you all for your help. Really!
    Last edited by eropsy; February 27th, 2013 at 07:34 PM.
  18. #10
  19. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,957
    Rep Power
    1046
    Originally Posted by eropsy
    Can't learn all that you guys know and have experience in for years in a couple of days....
    Sure.

    And rewriting bad code does take a lot of time. Just wanted to make sure you know the issues (I didn't realize we had already talked about that in previous threads).
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  20. #11
  21. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2008
    Posts
    51
    Rep Power
    7
    Yeah you've been real helpful Jaques.

    Anyhooo, I learnt something new today.

    the variable variables $$

    I needed it to do what I wanted to do - that is cordoning off the drop-down select values to specific users...So the code below works now with the $$ added.

    there's still a little glitch. Will to get at it tomorrow.

    Cheers!

    PHP Code:
    <form method="post">

    <select name="section" size="1" onchange="this.form.submit();">   
    <?php

    $result 
    mysql_query("Select * from " .$table_customer" where rights=2 and groupfield= '".$groupfield."'");

    $
    $customer_id   "selected";

    while(
    $data=mysql_fetch_array ($result)){

    if (
    $data['id']==$customer_id
       {
    $sel='selected="selected"';
       }  else {
       
    $sel '';
              }
     if (
    $_SESSION['login_rights'] >= ) {
    echo 
    '<option value="' $data['id'] .'"' .$sel .' >'.$data['company']." </option>";
    }}

IMN logo majestic logo threadwatch logo seochat tools logo