Unable to get row values along with dropdown list [duplicate]

Question

<thead>
<tr>
    <th>User ID</th>
    <th>User Name</th>
    <th>Designation</th>
    <th>M a r k  A t t e n d a n c e</th>
</tr>
    </thead>
        <tbody>
<?php
    $result = $conn->query("SELECT * FROM userdetails");
    if($result->num_rows > 0){
        while($row = $result->fetch_assoc()){
        ?>
            <tr>
                <td><?php echo $row['userid']; ?></td>
                <td><?php echo $row['username']; ?></td>
                <td><?php echo $row['designation']; ?></td>
        <td>
                   <select name="brandlist[]" id = "brandlist" class=="col-sm-2">
                   <option value="present">Present</option>
                   <option value="absent">Absent</option>
                   <option value="late">Late</option>
                   <option value="absconding">Absconding</option>
                   <option value="resigned">Resigned</option>
                   <option value="terminated">Terminated</option>
                   </select>
        </td>
         </tr>
        <?php 
} 
}else{ 
?>
            <tr><td colspan="5">No Employees Found...</td></tr>
        <?php } ?>
</tbody>
    </table>
</div>
</div>
    <div class="col-12">
        <button type="submit" name = "submit">Submit</button>
    </div>

</form>
    </div>
</div>
</div>

This works all good, I can see rows displayed on screen and I can also select dropdown list and select attendance. Upon selecting submit, Below code runs all good and saves attendance in table.

<?php
if(isset($_POST['submit']));
{
    $attendances = $_POST['brandlist'];
    foreach($attendances as $item)
    {
       $query = "INSERT INTO attendance (attendancemarked) VALUES ('$item')";
        $query_run = mysqli_query($conn, $query); 
        echo "<script language= 'JavaScript'>alert(' . $useriids . ');</script>";
    }
}
?>

This entire code works all good. I am able to get data from userdetails table and display the records in row. I have added dropdown list in every row for marking attendance for employees. When I submit, attendance array saves all the attendance marked but userid, username, designation is not getting saved. I want these 3 fields also to get stored in the table attendance.

Not sure where you've been learning from, but this is totally the wrong way to build a SQL query using PHP when you're incorporating user input into it. 1) It's vulnerable to SQL injection attacks, and 2) it can be crashed with simple syntax issues due to the input values - e.g. anything with a ' in field (such as don't or anything like that) would crash your query because SQL would think the ' was terminating the input string after the n. — ADyson, Commented Nov 21, 2023 at 16:43
Instead you must use prepared statements and parameters to correctly build the query and insert the values safely. See How to include a PHP variable inside a MySQL statement, How can I prevent SQL injection in PHP? and phpdelusions.net/mysqli for some excellent resources and simple examples of how to do this stuff properly. Even as a beginner on a practice project you should get into good habits. — ADyson, Commented Nov 21, 2023 at 16:43
but userid, username, designation is not getting saved....well those fields aren't mentioned in your INSERT statement, and you don't try to retrieve them from $_POST, and in fact they aren't even fields in your form...so why did you imagine that they would be saved? Go and put them as (hidden) fields in your form, then retrieve them from $_POST, then include them into your INSERT query. It's just the same as you already you do with the attendance data itself. That would seem to be the obvious solution. How/where/why are you stuck with that, exactly? — ADyson, Commented Nov 21, 2023 at 16:49
P.S. Just as an aside... name="brandlist[]" for a list of attendance statuses?? This doesn't seem to make sense. As a tip, try to give your variables and fields meaningful names which reflect what they actually represent. It will make reading, understanding and debugging your code a lot easier (both for you, and for others). — ADyson, Commented Nov 21, 2023 at 16:52
Wherever you learned this bad technique from, please ignore that resource and don't learn from it again — ADyson, Commented Nov 21, 2023 at 17:44

ADyson · Accepted Answer · 2023-11-22 12:21:14Z

There are several problems with your code:

The values you want are not available as fields in your form, so they are not sent to PHP
your PHP code doesn't try to read those values from the submitted $_POST data
your SQL code doesn't try to insert those values into the database table
your SQL code is written in a way which is insecure and unreliable
there should be no need to store the user ID and username in the attendance table. Only the ID should be needed - it's sufficienct by itself to uniquely identify which user the attendance record relates to.
there is a typo: if(isset($_POST['submit'])); needs the ; removing so it doesn't terminate the if block early.

The following example fixes these issues.

Form display: In this section I've added user ID and designation as hidden fields, and given the attendance field a more meaningful name

<thead>
<tr>
    <th>User ID</th>
    <th>User Name</th>
    <th>Designation</th>
    <th>M a r k  A t t e n d a n c e</th>
</tr>
    </thead>
        <tbody>
<?php
    $result = $conn->query("SELECT * FROM userdetails");
    if($result->num_rows > 0){
        while($row = $result->fetch_assoc()){
        ?>
            <tr>
                <td><?php echo $row['userid']; ?></td>
                <td><?php echo $row['username']; ?></td>
                <td><?php echo $row['designation']; ?></td>
                <td>
                  <input type="hidden" name="user[]" value="<?php echo $row['userid']; ?>">
                  <input type="hidden" name="designation[]" value="<?php echo $row['designation']; ?>">
                   <select name="attendance[]" id = "attendance" class=="col-sm-2">
                   <option value="present">Present</option>
                   <option value="absent">Absent</option>
                   <option value="late">Late</option>
                   <option value="absconding">Absconding</option>
                   <option value="resigned">Resigned</option>
                   <option value="terminated">Terminated</option>
                 </select>
               </td>
         </tr>
        <?php 
} 
}else{ 
?>
            <tr><td colspan="5">No Employees Found...</td></tr>
        <?php } ?>
</tbody>
    </table>
</div>
</div>
    <div class="col-12">
        <button type="submit" name = "submit">Submit</button>
    </div>
</form>
</div>
</div>
</div>

Form processing: In this part of the code I've added code to read from all the relevant $_POST values, changed the loop to a for so the loop counter can be used to select the associated values from each of the submitted arrays (there is one for each field), and used prepared statements and parameters to build the query correctly.

if(isset($_POST['submit']))
{
    $attendances = $_POST['attendance'];
    $userIDs = $_POST['user'];
    $designations = $_POST['designation'];

    $query = "INSERT INTO attendance (attendancemarked, userID, designation) VALUES (?, ?, ?)";
    $stmt = $conn->prepare($query);

    for ($i = 0; $i < count($attendances); $i++)
    {
        $stmt->execute([$attendances[$i], $userIDs[$i], $designations[$i]);
        echo "Inserted attendance record for ".htmlspecialchars($userIDs[$i])."<br>";
    }
}

Getting the same errror which I got last evening... $attendances = $_POST['attendance']; Warning: Undefined array key "attendance" in on line 92 $userIDs = $_POST['user']; Warning: Undefined array key "user" in on line 93 $designations = $_POST['designation']; Warning: Undefined array key "designation" in on line 94 — Jitesh Gala, Commented Nov 22, 2023 at 7:19
@JiteshGala that sounds like you didn't implement the changes to the HTML form properly. Or you submitted something to this script from a different form, perhaps — ADyson, Commented Nov 22, 2023 at 9:08
I cross checked the entire code twice, thrice, and did not find any error or miss in it. Code is little long to send the entire one. Is there a way to send it to you the entire code so that I can learn where i am going wrong — Jitesh Gala, Commented Nov 22, 2023 at 10:52
If you have a GitHub account you could paste it into a file there, or share in google drive or something. Don't try to paste it into these comments - they're too short and it's not readable. — ADyson, Commented Nov 22, 2023 at 11:12

Collectives™ on Stack Overflow

Unable to get row values along with dropdown list [duplicate]

1 Answer 1

Not the answer you're looking for? Browse other questions tagged
php
html
sql
forms
mysqli
or ask your own question.

Linked

Hot Network Questions

Collectives™ on Stack Overflow

1 Answer 1

Not the answer you're looking for? Browse other questions tagged phphtmlsqlformsmysqli or ask your own question.

Linked

Related

Not the answer you're looking for? Browse other questions tagged
php
html
sql
forms
mysqli
or ask your own question.