Limit select options

Question

The other day when I was out with friends it all of a sudden hit me that someone could use Inspect Element and change the NAME of the OPTION in the SELECT tag to whatever they want, it would be stored in my database (still unsure on why I was thinking of this, but glad I did!)

This is my SELECT tag:

 <form name="submit" method="POST" action="select.php" validate>
    <select class="form-control" name="genre" id="genre" required>
          <option value="" selected="selected">Select a genre</option>
          <option value="Autos and Vehicles">Autos and Vehicles</option>
          <option value="Comedy">Comedy</option>
          <option value="Education">Education</option>
          <option value="Entertainment">Entertainment</option>
          <option value="Film & Animation">Film & Animation</option>
          <option value="Gaming">Gaming</option>
          <option value="Howto & Style">Howto & Style</option>
          <option value="Music">Music</option>
          <option value="News & Politics">News & Politics</option>
          <option value="Nonprofits & Activism">Nonprofits & Activism</option>
          <option value="People & Blogs">People & Blogs</option>
          <option value="Pets & Animals">Pets & Animals</option>
          <option value="Science & Technology">Science & Technology</option>
          <option value="Sports">Sports</option>
          <option value="Travel & Events">Travel & Events</option>
     </select>

</form>

I have stripped my php code so that only the relevant features are there:

  require ("conn/connection.php");
$conn = new PDO("mysql:host=localhost;dbname=$database", $username, $password);
if(isset($_POST['submit']))
    {
   $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

   $stmt = $conn->prepare("INSERT INTO videos (genre)
    VALUES (:genre)");
   $stmt->bindParam(':genre', $genre);
    $genre = $_POST['genre'];
    $stmt->execute();
        echo "done";
    }
    else{
        echo "nope";
    }

I want only those OPTIONS to be allowed to be stored in my database and give an error if someone "selected" an invalid OPTION. I don't have any of my previous attempts saved as I just woke up and deleted them before i slept last night, sorry. I am still learning PHP, specifically PDO and would appreciate any help as I have been scratching my head for hours at this.

Answer 1

I want only those OPTIONS to be allowed to be stored in my database and give an error if someone "selected" an invalid OPTION

You can use enum datatype field in your database table to store select option values, so it will not accept any other input when you insert record. so you don't need to worry about user input it automatically rejected by database table. yeah but should have to manage sql exceptions.

Answer 2

You can use a switch statement to restrict the input to certain values as follows:

switch($_POST['value'])
{
    case 'value1':
        break;
    case 'value2':
        break;
    // add more cases here
    default:
        die('invalid value');
}

Answer 3

You could keep the options in their own table, with ids. Use the ids in the select, and use your databases foreign key management to check for valid entries

Alternatively you could create an array of allowed options, and check the user submitted data against it:

$allowed = [
    "Autos and Vehicles",
    "Comedy",
    "Education",
    "Entertainment",
    "Film & Animation",
    "Gaming",
    "Howto & Style",
    ...
];
if(in_array($genre, $allowed)){
    //good to go
}else{
    //error
}

Answer 4

<?php
...
...

if (in_array($genre, array('Autos and Vehicles', 'Comedy', '...'))) {
    // Insert into Db
} else {
    // Display some kind of error
}