stackoom
  简体   繁体   中英

Sign in form, select name option value

 原文  2018-02-05 16:20:10       javascript/ php/ jquery/ html/ database

Question

I have three tables currently setup. I want when somebody signs in, they choose 1 of the options in the select dropdown and it goes into that separate database.

Eg Favourite color

<select name="color">
        <option value="Red">Red</option>
        <option value="Blue">Blue</option>
        <option value="White">White</option>
        </select>

All reds picked, go into the red database, all blue into the blue database etc etc.

Thanks

1 answers

solution1
 0  2018-02-05 16:25:26

What you are trying to do is separate your data by a specific value. This is a pretty normal thing to do, but you are trying to go about it all wrong. There is nearly never a good reason to have a variable table name - instead, you should use columns to separate this data.

The proper solution:

A better way to handle the situation is to create a single table (EG colors , with a column of color which you can assign the variable that was selected.

EG:

$query = "INSERT INTO colors (color) VALUES (?)";

Where the question mark is the variable in question (In a prepared statement).

This way all of your variables are in a single table but still separated by the color the user chose and can be sorted as such.

To answer your question:

If you wish to ignore my multiple warnings above that you are going about this the wrong way (You are your own person after all and can make decisions for yourself), here is how you can do this the way you are asking (But again, I really really really really do NOT recommend this method).

If you do this, you should check to make sure that the option that was selected matches a list of possible selections:

$possible = ["Red", "Blue", "White"];

if(in_array($_POST['color'], $possible)) {
    $query = "INSERT INTO {$_POST['color']} ...";
}

Doing it this way will prevent SQL Injection via the variable that is being concatenated into the string.

If you just insert the users variable without checking it first, the user can change the actual value of the drop-down on the client side, which could easily put your application at risk.

NOTE : I do not recommend doing it this way - it's harder to upkeep and it isn't the proper way to do such a thing.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Change form select name based on dropdown option value change de select option value name Vue, get value and name of select option Use value of select option as name for a variable in Javascript select onchange get option name attribute value How to save name of select option instead of value Javascript: select option value --> button name Set Value in Select Option of dynamic form Angular form select option value equals option text How to select the label of an <option> given its value, and given a name for the <select>
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM