in PHP get variable from SELECT OPTION value from HTML

Question

I have looked at this answer enter link description here

but I am not able to make my code work, this is what i have in my selectcategory.php file. I want to have this variable $selectedcategory set up in this file. Echo command at the bottom is for testing purpose only.

My code:

<?php
include_once('config.php');
$query1 = mysqli_query($query, "SELECT category FROM `events` GROUP BY category");
echo "<select name'selectedcategory'>";    
while ($row = mysqli_fetch_assoc($query1)){
    echo "<option value='".$row['category']."'>".$row['category']."</option>";
}
echo "</select>";

$selectedcategory=$_POST['selectedcategory'];
echo $selectedcategory;
?>

Where do I make mistake? In other files I have taken variable by this POST method from INPUT or SELECT element with given name. In this file Error is on line 10 - UNDEFINIED VARIABLE, so where do I make mistake in getting it? Thank you in advance and if more clarification needed, please ask.

ps: I know my code has mistakes, but please concentrate only on getting the variable now. In other questions on this forum people just comment that my code is for example vulnerable for injections but no new information to the question itself or to prevent this injection (problem identified by commenter), I would like to prevent that. Identifing problem by commenter is great way of learning, but please than also provide some arguments why it is a problem or some links which relate to the problem.

Answer 1

Your form fields/values are not stored in $_POST array until after you submit the form.

You will need to wrap your select field in <form method="POST"></form> and provide a submit button to even get started with this process.

Start reading: https://www.w3schools.com/tags/att_form_method.asp

If you are submitting to the same page, you may want to use something like this:

include_once('config.php');  // labeling your connection '$query' doesn't seem like good practice and may trip you up in the future.
$result=mysqli_query($db,"SELECT category FROM `events` GROUP BY category");
if(isset($_POST['selectedcategory'])){
    $selected=$_POST['selectedcategory'];
}else{
    $selected="";
}
echo "<form action=\"\" method=\"POST\">";
    echo "<select name=\"selectedcategory\">";
        echo "<option></option>";
        if($result){
            while($row=mysqli_fetch_assoc($result)){
                echo "<option value=\"{$row['category']}\"",($selected==$row['category']?" selected":""),">{$row['category']}</option>";
            }
        }
    echo "</select>";
    echo "<input type=\"submit\" value=\"Submit\">";
echo "</form>";
....

I understand that for someone new to php, an inline condition statement is pretty difficult to read.

Here is what it looks like over multiple lines:

echo "<option value=\"{$row['category']}\"";
if($selected==$row['category']){
    echo " selected";  // only mark this option as "selected" if values match
}else{
    echo "";  // otherwise, do not mark it with "selected"
}
echo ">{$row['category']}</option>";

If someone ever managed to POST a value that doesn't match any of the database values in the loop, then none of the <option> s would get the select attribute, and the <select> would show the first/top <option> by default.