-1

I have a sign-in page where I have dropdown in which I have 20links when user save sign-in form, data is store in database and shown in dashboard where database result shown in dropdown .my question is I get full path in my dashboard but I want only option tag value .

note : actually I put full path in my sig-in page dropdown ,that's why it shows but how can I change this so I not to get full path on dashboard dropdown

DASHBOARD CODE to fetch links from database

$Email = $_POST["Email"];
$Email = $_SESSION["Email"];                    
$sql = mysqli _query( $conn, "SELECT schemes From user where Email='$Email'");
$row = mysqli_num_rows($sql);                        
while ($row = mysqli_fetch_array($sql)){                            
    echo '<option value="'.$row['schemes'].'">'.$row['schemes'].'</option>';
}

in sign-in page it also contain dropdown please help me out from this and one thing more why when we submit data in option tag ,the value attribute shown in database

Your Common Sense
  • 154,967
  • 38
  • 205
  • 325
user19014116
  • 7
  • 2
  • 1
    it's pretty hard to understand what you mean by saying "full path". Also your last question is very confusing... do you know how a form is submitted to the server? do you know that the value bound to a dropdown is the value attribute of the selected option? – Diego De Vita Jun 01 '22 at 09:24
  • `why when we submit data in option tag ,the value attribute shown in database`...because that's how it's supposed to work - the user chooses from a list of descriptions in the dropdown, and then the `value` associated with that description is sent to the server. This is usually a good thing because it means you can give the user a human-readable description of the option, but then in the background you can store a unique number or code associated with that - it makes your data model more robust. – ADyson Jun 01 '22 at 09:36
  • 2
    **Warning:** Your code is vulnerable to SQL Injection attacks. You should use parameterised queries and prepared statements to help prevent attackers from compromising your database by using malicious input values. http://bobby-tables.com gives an explanation of the risks, as well as some examples of how to write your queries safely using PHP / mysqli. **Never** insert unsanitised data directly into your SQL. The way your code is written now, someone could easily steal, incorrectly change, or even delete your data. – ADyson Jun 01 '22 at 09:36
  • 1
    https://phpdelusions.net/mysqli also contains good examples of writing safe SQL using mysqli. See also the [mysqli documentation](https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php) and this: [How can I prevent SQL injection in PHP?](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) . Parameterising your queries will also greatly reduce the risk of accidental syntax errors as a result of un-escaped or incorrectly quoted input values. If you learnt your current technique from a tutorial or book, please don't use it again. – ADyson Jun 01 '22 at 09:36
  • mr Diego De Vita ,full path means "dashboardlinks\Education Department\Palanhar.php" my question is when i fetch link from datatbase my dropdown shows link like this . it is very annoying for user like this path – user19014116 Jun 01 '22 at 10:22
  • i'm not able to find the solution for this . i want to show only name of that link or path but show full path from database – user19014116 Jun 01 '22 at 10:25

0 Answers0