PHP - Accessing a value selected in Combobox

Question

I want to write a code that should let me select from a drop down list and onClick of a button load the data from a mysql database.However I cannot access the value selected in the drop down menu.I have tried to access them by $_POST['var_name'] but still can't do it.

I'm new to PHP.

Following is my code:

 <?php

      function load(){
       $department = $_POST['dept'];
       $employee = $_POST['emp'];

       //echo "$department";
       //echo "$employee";

       $con = mysqli_connect("localhost", "root", "pwd", "payroll");
       $rs = $con->query("select * from dept where deptno='$department'");
       $row = $rs->fetch_row();
       $n = $row[0];
       $rs->free();
       $con->close();
      }

 ?>
    <html>
     <head>
      <title>Payroll</title>
     </head>

     <body>
      <h1 align="center">IIT Department</h1>
      <form method="post">
      <table align="center">
       <tr>
        <td>
          Dept Number: 
          <select name="dept">
               <option value="10" selected="selected">10</option>
               <option value="20">20</option>
               <option value="30">30</option>
               <option value="40">40</option>
          </select>


            </td>

        <td>
             <input type="button" value="ShowDeptEmp" name="btn1">        
        </td>
        <td>
          Job: 
          <select name="job">
               <option value="President" selected="selected">President</option>
               <option value="Manager">Manager</option>
               <option value="Clerk">Clerk</option>
               <option value="Salesman">Salesman</option>
               <option value="Analyst">Analyst</option>
          </select>
        </td>
        <td>
             <input type="button" value="ShowJobEmp" name="btn1">
        </td>
       </tr>
      </table>
      </form>
        <?php if(isset($_POST['dept']) && $_POST['dept'] != "") load();  ?>        
     </body>
    </html>

Answer 1

change button to submit

 <input type="submit" value="ShowDeptEmp" name="btn1">

and

 <input type="submit" value="ShowJobEmp" name="btn2">

Answer 2

Use a prepared statement instead of echoing $department into your SQL. If someone posted '; DROP TABLE dept; '; DROP TABLE dept; they could run arbitrary SQL commands (See SQL Injection ).

OR you can use mysql_real_escape_string() when escaping $department if you don't want to use a Prepared Statement.