Home/ Questions/Q 6011649
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-23T02:17:25+00:00

I have several select statements that look like this. I need to pass the

  • 0

I have several select statements that look like this. I need to pass the php variable into my database. 

 <select name="gamestart" >
 <?php for($gamestart=1; $gamestart<=24; $gamestart++)
 echo "<option value='$gamestart'>$gamestart:00</option>"; 
 ?>
 </select>

Here is my insert statement into my database with other similar variables where I have the same issue. 

     <?php 
   $mysql_query = "INSERT INTO soccer_games (gamestart, gameend)
        VALUES ('$gamestart', '$gameend')";

    $this->db->query($mysql_query);
   ?>

As of now, values are being put into the database but the value that is INSERT’ed into the database is the number 25 (not even an option in my loop as you can see) regardless of what value I select in the form.

===============

EDIT 1:
The problem would probably be that I haven’t used a form (Me in my infinite wisdom didn’t realize I needed a form for this).

I am assuming I will need something of this nature…

public function insertstatements(){
<?php 
   $mysql_query = "INSERT INTO soccer_games (gamestart, gameend)
        VALUES ('$gamestart', '$gameend')";

    $this->db->query($mysql_query);
   ?>
}


<form method="post" action="<?php insertstatements(); ?>">


 <select name="gamestart" >
 <?php for($gamestart=1; $gamestart<=24; $gamestart++)
 echo "<option value='$gamestart'>$gamestart:00</option>"; 
 ?>
 </select>
</form>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You can access the gamestart sent from the form using either $_POST['gamestart'] or $_GET['gamestart'] depending on the method set in your form (if there is no method attribute, it will be GET).

    Your $gamestart is set to 25 before I guess the for loop is before your database insertion logic, so its value will be set to 25.

    Be sure to use mysql_real_escape_string on your variable before putting it into the query, otherwise you might suffer some SQL injection attacks, quite easily. Never trust user input!

    So a correct example would be (I don’t know where you’re getting $gameend from, but if it’s also from the form, do the same with it):

    $gamestart=mysql_real_escape_string($_POST['gamestart']);
$mysql_query = "INSERT INTO soccer_games (gamestart, gameend)
        VALUES ('$gamestart', '$gameend')";

    EDIT: You can access your GET and POST variables simply as $gamestart if you have register_globals enabled. But you should turn it off, and not write any code that depends on it. For the whys, search for it on Google.

    • 0