CODEWITHSUNDEEP
phphtmlmysqlmysqli
Gabriel
Gabriel

Reputation: 19

PHP How to choose which table to display and then keep that table displayed after a form submission

I'm trying to use an HTML dropdown form in order to let the user choose which table from the database to display. This part works fine, but I want them to be able to add to whichever table they choose. I've created the form for it but once they hit submit on that form it unloads the table they selected and fails to add the data to the table.

This is the code for the main page; body.php:

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Contact Form - PHP/MySQL Demo Code</title>
</head>
<style>
table, th, td {
  border:1px solid black;
}
</style>
<body>

<form action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']) ?>" method="post">
    <div>
        <label for="dbselect">Select Table:</label><br>
        <select name="dbselect" id="dbselect">
            <option value=""><-- Choose Table --></option>
            <option value="messages">messages</option>
            <option value="messages2">messages2</option>
        </select>
    </div>
    <div>
        <button type="submit">Select</button>
    </div>   
</form>

<?php
    session_start();
    
    include 'get.php'; 
    $_SESSION["dbselect"] = filter_input(INPUT_POST, 'dbselect', FILTER_SANITIZE_STRING);                               
    if ($_SESSION["dbselect"] == "messages") {
        dbMessages("*");
        include 'Forms/contact_form.php';
    }
    if ($_SESSION["dbselect"] == "messages2") {
        dbMessages2("*");
    }                    
    
?>
</body>

This is the code that actually prints the tables, which I believe works fine; get.php:

<?php
function display_data($data) {
    $output = "<table>";
    foreach($data as $key => $var) {
        //$output .= '<tr>';
        if($key===0) {
            $output .= '<tr>';
            foreach($var as $col => $val) {
                $output .= "<td>" . $col . '</td>';
            }
            $output .= '</tr>';
            foreach($var as $col => $val) {
                $output .= '<td>' . $val . '</td>';
            }
            $output .= '</tr>';
        }
        else {
            $output .= '<tr>';
            foreach($var as $col => $val) {
                $output .= '<td>' . $val . '</td>';
            }
            $output .= '</tr>';
        }
    }
    $output .= '</table>';
    echo $output;
}

function dbMessages($selector) {
    include 'db.php';
    $query = "SELECT $selector FROM messages";
    $res = mysqli_query($conn,$query);
    display_data($res);
}

function dbMessages2($selector) {
    include 'db.php';
    $query = "SELECT $selector FROM messages2";
    $res = mysqli_query($conn,$query);
    display_data($res);
}

And this is the code that is supposed to display the form and upload the data into the table; contact_form.php:

<?php

include 'db.php';
if ((isset($_POST["Submit"])) && (!empty($_POST["txtName"])) && (!empty($_POST["txtPhone"])) && (!empty($_POST["txtEmail"])) && (!empty($_POST["txtMessage"]))) {
    $txtName = $_POST['txtName'];
    $txtEmail = $_POST['txtEmail'];
    $txtPhone = $_POST['txtPhone'];
    $txtMessage = $_POST['txtMessage'];
    $query = "insert into messages(ID, name, email, phone, message) values (NULL, 
                '$txtName', '$txtEmail', '$txtPhone', '$txtMessage')";
    
    $res = mysqli_query($conn , $query);
    
    mysqli_close($conn);
    unset($_POST);
    echo "<meta http-equiv='refresh' content='0'>";
}

echo '
<fieldset>
<legend>Contact Form</legend>
<form name="frmContact" method="post" action="index.php?send=1" target="_self">
<p>
<label for="Name">Name </label>
<input type="text" name="txtName" id="txtName" >
</p>
<p>
<label for="email">Email</label>
<input type="text" name="txtEmail" id="txtEmail">
</p>
<p>
<label for="phone">Phone</label>
<input type="text" name="txtPhone" id="txtPhone">
</p>
<p>
<label for="message">Message</label>
<textarea name="txtMessage" id="txtMessage"></textarea>
</p>
<p>&nbsp;</p>
<p>
<input type="submit" name="Submit" id="Submit" value="Submit">
</p>
</form>
</fieldset>
'
?>

This is the observed process:

I select which table to display using dropdown menu and hit select.

Selected table successfully appears with its form.

I enter data into form and hit submit.

The dropdown menu returns to it's default state and the table unloads.

Entered data fails to be added to table.

This is the expected process:

I select which table to display using dropdown menu and hit select.

Selected table successfully appears with its form.

I enter data into form and hit submit.

Selected table stays on the page and submitted data is successfully added.

It should be noted that the contact_form.php file is only for the first table, messages, and not for messages2.

Upvotes: 0

Views: 50

Answers (1)

ADyson
ADyson

Reputation: 61977

This line in your body.php:

$_SESSION["dbselect"] = filter_input(INPUT_POST, 'dbselect', FILTER_SANITIZE_STRING);

runs every time that page is called, regardless of whether the form containing the dropdown has been submitted or not.

This therefore overwrites the Session value before your code has chance to check what it is. This means that when the contact form is submitted, it still tries to get the dbselect value from $_POST, will fail, and therefore set the Session value incorrectly, removing what was set when the table selection form was last submitted.

You just need to check whether that form has been submitted before overwriting the Session value.

Also FILTER_SANITIZE_STRING is deprecated, you should stop using it, and you don't need that sort of filter in this context anyway.

if (isset($_POST["dbselect"])) {
  $_SESSION["dbselect"] = $_POST["dbselect"];
}

Upvotes: 2

Related Questions