The Shed is going Social! Join us on FaceBook and Twitter and chime in on the conversation.
|
 |
|
Dev Shed Forums
> Programming Languages
> PHP Development
|
Elseif in drop down select form
Discuss Elseif in drop down select form in the PHP Development forum on Dev Shed.
Elseif in drop down select form PHP Development forum discussing coding practices, tips on PHP, and other PHP-related topics. PHP is an open source scripting language that has taken the web development industry by storm.
|
|
 |
|
|
|
|
Dev Shed Forums Sponsor:
|
|
|
February 27th, 2013, 02:02 PM
|
|
Contributing User
|
|
Join Date: Jun 2008
Posts: 51
Time spent in forums: 12 h 11 m 10 sec
Reputation Power: 5
|
|
|
Elseif in drop down select form
Hi, the form below drops down a list of users.
I would like to add an elseif statement where it shows only one option value.
That is to say, if (isset($_SESSION['login_rights']) and $_SESSION['login_rights'] < 3) then show only select option where field= '".$field."'" .
Where would I plug in the values in the form to make it work?
Any help would be greatly appreciated. REALLY!
Thanks!
PHP Code:
<form method="post">
<select name="section" size="1" onchange="this.form.submit();">
<option value="nothing">Select</option>
<?php $Users=mysql_query("Select * from " .$table_customer. " where rights=2 and groupfield= '".$groupfield."'");
if(isset($Users)) { if(mysql_num_rows($Users)>0){ while($us=mysql_fetch_array ($Users)){
$sel="";
if ($us['id']==$customer_id)
$sel='selected="selected"';
echo '<option value="' . $us['id'] .'"' .$sel .' >'.$us['first_name']." ".$us['last_name']."</option>";
}}}
?>
</select>
</form>
|
February 27th, 2013, 02:14 PM
|
|
|
|
1) I see some very poor programming practices that makes your code very difficult to read. You need to format your code with proper blocks and use indentation. Based on what you posted it is not clear what you are really asking and your hard-to-read code does not help.
2) You should not be using the deprecated MySQL extensions. While you are reformatting your code, switch to PDO.
__________________
There are 10 kinds of people in the world. Those that understand binary and those that don't.
|
February 27th, 2013, 02:15 PM
|
 |
Likely to be eaten by a grue.
|
|
Join Date: Oct 2006
Location: Pennsylvania, USA
|
|
PHP Code:
<?php
$sql = "Select * from " .$table_customer. " where rights=2 and groupfield= '".$groupfield."'";
if (isset($_SESSION['login_rights']) && $_SESSION['login_rights'] < 3) {
$sql .= " AND someField = '" . $someValue . "'";
}
$Users=mysql_query($sql);
You should be escaping any user-submitted or variable values with mysql_real_escape_string.
You should also be using mysqli or PDO.
__________________
HEY! YOU! Read the New User Guide and Forum Rules
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin
"The greatest tragedy of this changing society is that people who never knew what it was like before will simply assume that this is the way things are supposed to be." -2600 Magazine, Fall 2002
Think we're being rude? Maybe you asked a bad question or you're a Help Vampire. Trying to argue intelligently? Please read this.
Last edited by ManiacDan : February 27th, 2013 at 02:49 PM.
|
February 27th, 2013, 02:36 PM
|
|
Contributing User
|
|
Join Date: Jun 2008
Posts: 51
Time spent in forums: 12 h 11 m 10 sec
Reputation Power: 5
|
|
|
thanks for your reply GW1500se and ManiacDan.
I'm going to redo the codes with PDO...and restructured see if it works...
The code was written by some guy I hired a year ago-before I knew anything about PHP. It works so I thought nothing of it. But I'm learning PHP now and am just studying the codes I have before me....
|
February 27th, 2013, 03:26 PM
|
 |
pollyanna
|
|
Join Date: Jul 2012
Location: Germany
|
|
Quote: | Originally Posted by eropsy The code was written by some guy I hired a year ago-before I knew anything about PHP. It works so I thought nothing of it. |
Well, hopefully you've learnt from that experience. 
Whether or not code "works" tells you nothing about its quality, especially when "verifying" it merely consist of checking the output.
Pretty much anybody can throw some HTML together for a couple of bucks. Problem is, this is only the easy part of the job. The hard part consists of structuring the code properly, using functionalities in an intelligent way, making the code readable, taking care of security and error handling etc. And that's what those One dollar programmers usually don't get right.
So don't stop at "it works". Should you ever want to hire somebody again, let him/her give you some example code first and have it checked by people who know their stuff (friends, online communities etc.). In this particular case, you'd have found out very soon that this guy knows nothing about security or modern PHP, let alone good code.
This suggestion also applies to your own code. "It works" is not enough, so don't be satisfied just because your code happens to output the right data.
|
February 27th, 2013, 03:49 PM
|
|
Contributing User
|
|
Join Date: Jun 2008
Posts: 51
Time spent in forums: 12 h 11 m 10 sec
Reputation Power: 5
|
|
Yup, I'm just finding that out.
Well, I cleaned up the code that the guy wrote for me. It was messy with alot of unnecessary stuff in it. I changed it to this.
PHP Code:
<form method="post">
<select name="section" size="1" onchange="this.form.submit();">
<option value="nothing">Select</option>
<?php
$result = mysql_query("Select * from " .$table_customer. " where rights=2 and groupfield= '".$groupfield."'");
while($data=mysql_fetch_array ($result)){
$sel="";
if ($data['id']==$customer_id)
$sel='selected="selected"';
echo '<option value="' . $data['id'] .'"' .$sel .' >'.$data['company']." </option>";
}
?>
</select>
</form>
I'm not going to change it to any of the new APIs because this little scrap of code is embedded in a bigger program using the old MySql....
It isn't a new development...
I still have to figure out how to add the elseif in there.
Last edited by eropsy : February 27th, 2013 at 04:47 PM.
|
February 27th, 2013, 05:57 PM
|
|
Contributing User
|
|
Join Date: Jun 2009
Posts: 295
Time spent in forums: 3 Days 8 h 37 m 29 sec
Reputation Power: 5
|
|
Well, are you truely aiming for an elseif, or would an if/else suffice? Say a liquor store checks age to provide a drop-down of liquors... Their drop-down options could be similar to:
PHP Code:
if($age >= 21) { ?>
<option value="vodka">Vodka Name</option>
<option value="rum">Rum Name</option>
<option value="whiskey">Whiskey Name</option>
<?php } else { ?>
<option value="under21">I'm sorry. You are not of legal age.</option>
<?php }
Otherwise, if you do wish for the elseif...
PHP Code:
// Simply change:
} else {
// into
} elseif($age < 21) {
'else' will ALWAYS run if the prior if() fails. elseif() will ONLY run if the prior if() fails, AND the statement within is TRUE.
And a little suggestion... Try your best to hold items, no matter how long/short, within tags, such as...
PHP Code:
// Your statement
if ($data['id']==$customer_id)
$sel='selected="selected"';
// Suggested.
if ($data['id']==$customer_id) {
$sel='selected="selected"';
}
// Or even, if single/short line...
if ($data['id']==$customer_id) { $sel='selected="selected"'; }
Last edited by Triple_Nothing : February 27th, 2013 at 07:47 PM.
|
February 27th, 2013, 06:44 PM
|
|
pollyanna
|
|
Join Date: Jul 2012
Location: Germany
|
|
Quote: | Originally Posted by eropsy I'm not going to change it to any of the new APIs because this little scrap of code is embedded in a bigger program using the old MySql.... |
That does not release you from securing your data. Both your database values and your HTML values must be escaped. See this thread for further explanations.
Obviously you aren't aware of it, but letting your visitors change your database queries and your HTML pages can have serious consequences, especially since this seems to be some kind of online shop. Losing the customer data and payment info to some frauds is not funny.
So you should take this seriously. Be glad that nothing has happened yet, but don't rely on it.
|
February 27th, 2013, 07:12 PM
|
|
Contributing User
|
|
Join Date: Jun 2008
Posts: 51
Time spent in forums: 12 h 11 m 10 sec
Reputation Power: 5
|
|
|
ThanksTripleNothing for you help. Still working on it.
Thanks Jacques for your feedback. No worries about security issues there.
I'm just in autodidactic school right now. I take issues of securities and privacy very seriously. I don't plan on compromising my personal data or anyone else who's entrusted their personal data to me were I ever to do any business online one day.
BTW, I already visited your link a few days ago on
The 6 worst sins of security , and
http://php.net/manual/en/mysqlinfo.api.choosing.php
Can't learn all that you guys know and have experience in for years in a couple of days....taking it one little scrap code at a time...this one => the drop down select options....
It's pretty amazing all this stuff - and thanks to you all for your help. Really!
Last edited by eropsy : February 27th, 2013 at 07:34 PM.
|
February 27th, 2013, 07:58 PM
|
|
pollyanna
|
|
Join Date: Jul 2012
Location: Germany
|
|
Quote: | Originally Posted by eropsy Can't learn all that you guys know and have experience in for years in a couple of days.... |
Sure. 
And rewriting bad code does take a lot of time. Just wanted to make sure you know the issues (I didn't realize we had already talked about that in previous threads).
|
February 27th, 2013, 08:22 PM
|
|
Contributing User
|
|
Join Date: Jun 2008
Posts: 51
Time spent in forums: 12 h 11 m 10 sec
Reputation Power: 5
|
|
Yeah you've been real helpful Jaques.
Anyhooo, I learnt something new today.
the variable variables $$
I needed it to do what I wanted to do - that is cordoning off the drop-down select values to specific users...So the code below works now with the $$ added.
there's still a little glitch. Will to get at it tomorrow.
Cheers!
PHP Code:
<form method="post">
<select name="section" size="1" onchange="this.form.submit();">
<?php
$result = mysql_query("Select * from " .$table_customer. " where rights=2 and groupfield= '".$groupfield."'");
$$customer_id = "selected";
while($data=mysql_fetch_array ($result)){
if ($data['id']==$customer_id)
{$sel='selected="selected"';
} else {
$sel = '';
}
if ($_SESSION['login_rights'] >= 3 ) {
echo '<option value="' . $data['id'] .'"' .$sel .' >'.$data['company']." </option>";
}}
|
Developer Shed Advertisers and Affiliates
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
Rate This Thread |
 Linear Mode
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
