Listbox value to mysql query

[Daniellawson]

Hi all,

I have an admin page for my booking system with a listbox that is populated by the 'surname' field in the database.

When a certain surname is selected i would like the details for that surname to populate the other textboxes on the admin page. firstname, address, tel etc..

This could then be editable and can be resubmitted to the database.

Im unsure on how to pass the listbox value into a query to receive the data and display it into the other boxes?

Thanks very much.

Dan

[3PRIMATES]

Well, I guess it all depends on how far you want to go. This sounds like a perfect case for using XAJAX.

If you dont want to go as far as that though, you will be limited to a couple of options.

You can get the value from the fliend on click with javascript and pass that variable around in your script, or I would thing the better choice would be using php and just grabbing the POST variable.


so, you would:

get your listbox setup
populate the listbox with the names and use the id of the row for the value for each name.

Get your submit ready to post either to itself or to another page.
How you make everything show is up to you.

grab the post variable
$surname = $_POST['surname'];

Use the id(row number) in $surname in your query to populate the other select fields you are talking about.

There is a bit of a security risk here that you need to contend with.

Anytime you use post variables as part of a query string you run the risk of an SQL injection attack.

You will need to make sure to escape the post value before using in your query.
The easiest way to do this is to use php's built in function :
mysql_escape_string
http://us2.php.net/mysql_escape_string

You need to keep people from being able to inject values into your scripting.
It is also wise to check the referrer when getting post data with something like this unless other security precautions are made to protect your admin scripting.

3P