1 
<div><select class="form-control"name="old_name"></select></div>
<div><input class="form-control" type="text" name="name" pattern="^[\w\- ]+$"/></div>

Noted that all items in select tag is generated from a javascript using "innerHTML" to update information from database.

There are two elements(old_name, name) in HTML form which using POST method. I want to replace "old_name" with "name" with php. Here is my Php Code.

$orignal_name = $_POST['old_name'];
$q = $db->prepare("UPDATE categories SET name = ? WHERE name = ". $orignal_name);
return $q->execute(array($_POST['name']));

But it did not work. I try to echo "old_name" and the result is "NaN".

Improve this question
4
  • 1
    Why use a parameter for one name and concatentate a value onto the second??? Commented Dec 2, 2016 at 14:04
  • because the parameter ? is the input in HTML. Set it as parameter can prevent Injection. While the second value is fixed with select tag. Commented Dec 2, 2016 at 14:05
  • 1
    POSTED data can be spoofed, quite easily. Dont assume the data coming into any script from GET or POST is safe Commented Dec 2, 2016 at 14:07
  • 1
    Also I can edit what is in a <option> tag very easily before submitting a form with almost any browser Commented Dec 2, 2016 at 14:13

1 Answer 1

Reset to default
1

Your actual error is that you did not wrap the $original_name concatenation in quotes, but this would be a better approach 

$q = $db->prepare("UPDATE categories SET name = ? WHERE name = ?");

return $q->execute(array($_POST['name'], $_POST['old_name']));

I assume you are checking that both these occurances exist in $_POST and contain data before getting to this code.

Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

I have a AJAX error after I add one more parameter. I am checking where is the error and decided whether accept the solution. Thanks for your help
OK, but your question has nothing to do with AJAX as it is asked
Actually looking at the HTML you show, the <select> tag does not appear to have an <option> tags inside it. Is that because you just shortened the code or missed that completely
all option is generated from a javescript.
something like xxxx.innerHTML = '<option></option>' + options.join('');
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.