Store selected name pulling from db in a dropdown as a different value in db using php and mysql

Question

Below is the code to pull our client names from the db and show it as a dropdown menu:

  <select name='client'>
     <?php
     print_r($client);
     for ($x = 0; $x < count($client); $x++) {
         echo ("<option value=".$client[$x]['clientName']."> ".$client[$x]['clientName']." <br> 
         </option>");
     } 
     ?>
 </select>

After selecting the name and pressing the "submit" button, this value needs to be stored as the associated client ID because that is primary key in our table which is being used as foreign keys in other tables. I'm stuck at this point because I'm not sure how to convert this name to its corresponding ID. This is the code I've been trying to update to run this:

      <?php 

      if (isset($_POST['submit'])) {

         $getclientID = "SELECT * FROM ClientAccount WHERE clientName = '{client}' ";
         $Client = getOneRow($getclientID);
         $clientID = $Client['clientID'];
         $clientID = $_POST['clientID'];


         $query = "INSERT INTO ChildInformation (clientID) VALUES ('{$clientID}');";

         runQuery($query);

         echo'<span style="color:red;font-weight:bold;">Successful!</span>';
     };
     ?>

For example, if I select "John Doe" from the dropdown menu and then press "submit" then it should be stored as "1" in the db because that's John Doe's client ID.

Thanks for your help!

You don't need to "convert" anything, just put the client ID into the option's `value` attribute to begin with, instead of the name ... — CBroe, May 05 '22 at 09:48
**Warning!** You're open to [SQL injection attacks](https://owasp.org/www-community/attacks/SQL_Injection)! Read [how to prevent SQL injection in PHP](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) by using prepared statements with bound parameters instead of injecting variables directly into your queries. It's not just about security. If your data contains, for example, a single quote `'`, your query will break. — M. Eriksson, May 05 '22 at 10:01
Btw, the row `$clientID = $_POST['clientID'];` will overwrite the row above: `$clientID = $Client['clientID'];`, which makes the first query completely pointless. Are you actually sending `clientID` from the form? — M. Eriksson, May 05 '22 at 10:02
I'll need to update the second query because I want to send the clientID to the db but in the form, it's displaying as client name. — potato, May 05 '22 at 14:06

Store selected name pulling from db in a dropdown as a different value in db using php and mysql

0 Answers0