-3

index.php

<!DOCTYPE html>
</html>
<body>

<form name="fruits" action="selectexec.php" method="post">
<select name="department">
<option value="apple">apple</option>
<option value="mango">mango</option>
<option value="orange">orange</option>
</select>

<select name="company">
<option value="ASUS">ASUS</option>
<option value="LENOVO">LENOVO</option>
<option value="ACER">ACER</option>
</select>

<input type="submit" name="submit" />
</form>

</body>
</html>

selectexe.php

<?php
include_once('pdo-connect.php');
if(isset($_POST['submit'])){
$department=$_POST['department'];
$company=$_POST['company'];


// SQL statements
$sql = "INSERT INTO selectformtbl (department,company)values('$department',$company)";
$db->exec($sql);
}

?>
Jainne
  • 1
  • 1
  • Please edit your question and format it properly. As you can see on the preview, it doesn't look good. Always format the code properly before sending. – Sami Kuhmonen Sep 07 '16 at 14:16
  • Do you want to store this as 2 rows on `selectformtbl` or as a single column in one row – RiggsFolly Sep 07 '16 at 14:20
  • @Manila, 2 option values from same select tag or different select tags? This is critical to answering your question properly – The One and Only ChemistryBlob Sep 07 '16 at 14:22
  • thanks for the response. EDIT: different select tags and saves only 1 row to database table. – Jainne Sep 07 '16 at 14:22
  • But do you want more than one option to be selectable from each of the dropdowns? – RiggsFolly Sep 07 '16 at 14:34
  • Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) – RiggsFolly Sep 07 '16 at 14:38
  • I dont see why this code shoudl not work. UNLESS you want to allow the user to make 2 or more selections from ONE dropdown. I am coming to the conclusion that this question is Totally Unclear – RiggsFolly Sep 07 '16 at 14:43

1 Answers1

0

<select> tag should have multiple attribute.

<select name="department[]" multiple></select>
<select name="company[]" multiple></select>

In PHP you can implode all this values and store to database directly.

$departments = implode($_POST['department']);
$company = implode($_POST['company']);
$sql = "INSERT INTO selectformtbl (`department`,`company`) values ('$department','$company')";
$db->exec($sql);
Rahul K
  • 413
  • 3
  • 11
  • Although doing this does leave you open to [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) – RiggsFolly Sep 07 '16 at 14:37
  • yes, that's good if we use variables in double quotes easily but i have posted this ways because its easy to read and check. – Rahul K Sep 07 '16 at 14:38
  • Now, its perfect! and just little edited for preventing SQL Injection Attack. – Rahul K Sep 07 '16 at 14:41
  • it work like a charm when I removed implode on your code and multiple attribute to give more spaces to my page. I found other way around to save data. – Jainne Sep 07 '16 at 14:44
  • You didn't read or didn't understand [Little Bobby Tables](http://bobby-tables.com/) This is still Wide Open to SQL Injection – RiggsFolly Sep 07 '16 at 14:44
  • @Manila That is exactly the same code you had in your question – RiggsFolly Sep 07 '16 at 14:47