0

A simple code that inserts a list of teams in select box. I would like to set SELECTED team with a id , that is in HREF

http://localhost/teams.php?id=7&years=2011&cups=8   

<?php
    $query = "select distinct t.team_id,t.team from teams t,years y,cups c where t.team_id=c.team_id and y.year_id=$_GET[years] and c.cup_id=$_GET[cups] ORDER BY t.team ASC";
    $res   = mysql_query($query);
    $option = '';

    while($row = mysql_fetch_assoc($res))
    {
        $option .= '<option value = "'.$row['team_id'].'">'.$row['team'].'</option>';
    }
?>

<form>
    <select id="tteam" name="team">
        <?php echo $option; ?>
    </select>
</form>

The problem is that I set team_id=$_GET[id], it shows only one team. I want the team=7 to be selected, but others still be showing in select box

Improve this question
1
  • 1
    That's one problem, yes. A bigger problem is that your code is wide open to SQL injection attacks. Commented Jan 31, 2014 at 15:32

5 Answers 5

Reset to default
3

1st of all, NEVER EVER insert raw data into an SQL query. You are asking for SQL injections. Secondly, you're missing quotes around your $_GET variables, for example, in your SQL query, you currently access id by using $_GET[id]. This won't work, encapsulate id in quotes, like $_GET['id']. Thirdly, ESCAPE your data!!

mysql_* functions are now deprecated. You shouldn't be using them in new code. Instead, look into PDO or MySQLi functionality. Also look into prepared queries.

This should be your code:

<?php
   $years = mysql_real_escape_string($_GET['years']);
   $cups = mysql_real_escape_string($_GET['cups']);

    $query = "SELECT distinct t.team_id, vt.team 
              FROM teams t,years y,cups c 
              WHERE t.team_id = c.team_id 
                  AND y.year_id = '{$years}' 
                  AND c.cup_id = '{$cups}' 
              ORDER BY t.team ASC";

    $res   = mysql_query($query);
    $option = '';

    while($row = mysql_fetch_assoc($res))
    {
        // The line below specifies whether the option should be selected.
        $selected = $row['team_id']==$_GET['id'] ? 'selected="selected"' : '';

        $option .= '<option ' . $selected . ' value= "' . $row['team_id'] . '">' . $row['team'] . '</option>';
    }
?>

<form>
    <select id="tteam" name="team">
        <?php echo $option; ?>
    </select>
</form>
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

mysql_real_escape_string() is a better idea, but building SQL queries is not a great idea.
@josh I don't understand! Whats not great about building SQL queries?
These functions are deprecated. They may, in consequence, have lost some of their material value. Alternatively, their scarcity may serve to enhance their value; I just don't know. ;-)
Lol, I still have problems pronouncing it for some reason!
1

Please be aware that you're vulnerable to SQL injections. See: How can I prevent SQL injection in PHP?

With that said, you need to use a conditional statement that compares $row["team_id"] with $_GET["ID"].

while($row = mysql_fetch_assoc($res))
{
if($row["team_id"] == $_GET["ID"])
    $option .= '<option value = "'.$row['team_id'].'" selected="selected">'.$row['team'].'</option>';
else
    $option .= '<option value = "'.$row['team_id'].'">'.$row['team'].'</option>';
}
Improve this answer

4 Comments

I agree about SQL injections , I will looking into that!
There's an error in this code. In your if condition, you're using $_GET[ID]. If ID is an undefined constant, this will result in a PHP Notice.
$_GET["id"] is much faster than $_GET[id]
@kumar_v $_GET['id'] with single quotes, although insignificantly, rather than double quotes, however specifying ID without quotes is simply an error!
1 
while($row = mysql_fetch_assoc($res))
{
    $option .= '<option value = "'.$row['team_id'].'" '.($row['team'] == 7 ? 'selected="selected"': '').'>'.$row['team'].'</option>';
}
Improve this answer

3 Comments

You probably want to remove the echo there.
@scenia Ta, missed that :)
+1 for ternary operator btw, that's what I would have posted if I had understood the question in the first place :D
0

Compare your id from $_GET with $row['team_id'].

while($row = mysql_fetch_assoc($res))
{
if($row['team_id'] == $_GET["id"])
    $option .= '<option value = "'.$row['team_id'].'" selected="selected">'.$row['team'].'</option>';
else
    $option .= '<option value = "'.$row['team_id'].'">'.$row['team'].'</option>';
}
Improve this answer

Comments

0

I'll just focus on the loop part:

while($row = mysql_fetch_assoc($res))
{
    $selected = (isset($_GET['team_id']) && $row['team_id'] == $_GET['team_id']) ? 'selected' : '';
    $option .= '<option value = "'.$row['team_id'].'" selected="'. $selected .'">'.$row['team'].'</option>';
}
Improve this answer

2 Comments

This won't work. It sets selected="" on all option except the one supposed to be selected, which will be selected="7" if he passes 7. The correct syntax would be selected="selected".
Ah of course it does ! Overlooked that very important detail, thanks for pointing it out :)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.