Home/ Questions/Q 6170225
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-23T22:59:34+00:00

Which is better from a security standpoint when populating an HTML select box? Option

  • 0

Which is better from a security standpoint when populating an HTML select box?

Option A: PHP

<?php echo "<select name=\"empName\" id=\"empName\" class=\"text\" style=\"width:10em;\">\r\n";?>
<?php include 'PHPscripts/getEmployeeNamesDB.php'?>
<?php echo "</select>\r\n";?>

getEmployeeNamesDB.php

$dropdown = "";     
$tbl_name="employee"; // Table name 
$result = mysql_query("SELECT CONCAT_WS(' ', firstname, lastname) AS 'wholename', empid FROM     $tbl_name ORDER BY lastname") or die("cannot select result DB.php");       
while($row = mysql_fetch_assoc($result)) {        
    $empid = $row["empid"];         
    $name = $row["wholename"];         
    $dropdown .= "<option value=\"$empid\">$name</option>\r\n"; 
}  
echo $dropdown;

Option B: Javascript

Same information except use an AJAX call to populate a javascript variable. then use javascript to make select statement?

Security is my primary concern but I would also like to know if you can come up with any other concerns I should consider.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The only security I see here is you have one more layer to deal with if you go the AJAX route. With PHP its purely a communication between your server scripts. With AJAX you have a communication from the end users browser over the network, which, can be anything. That user can use your JS if they want and supplement the query depending on how your JS builds that query.

    • 0