pretty much alot of people saying the code should be working, the connection is fine, the sql statements are fine we are not sure why, anyone have a clue on why? i would assume it would assume the get_data method is wrong somewhere, the dropdown box stays empty
<?php
require("db.php");
include("functions.php");
if(isset($_POST['submit']))
{
$Date = date('Y-m-d H:i:s');
$FirstName = $mysqli->real_escape_string($_POST['FirstName']);
$LastName = $mysqli->real_escape_string($_POST['LastName']);
$Rating = $mysqli->real_escape_string($_POST['Rating']);
$Comment = $mysqli->real_escape_string($_POST['Comment']);
$sql = "INSERT INTO guest(GuestID, FirstName, LastName, PostcodeFK, Email, Date, Rating,Comment)"
." VALUES ('', '$FirstName', '$LastName', '$Postcode', '$Email', '$Date', '$Rating', '$Comment')";
if($mysqli->query($sql)==TRUE)
{
echo "<script>alert('Record Added.'); location.href='customers.html'</script>";
}else{
echo "<script>alert('Error'); location.href='#'</script>";
}
function get_data($mysqli)
{
$sql="SELECT `MealOption` FROM menu";
$result=$mysqli->query($sql);
while ($row=$result->fetch_assoc())
{
echo "<option value='". $row['MealOption'] . "'>". $row['MealOption'] ."</option>";
}
}
}
?>
<html>
<body>
<form action="" method="post">
First Name: <input type="text" name="FirstName" require/><br>
Last Name: <input type="text" name="LastName" require/><br>
Postcode: <input type="number" name="Postcode" require/><br>
Email: <input type="email" name="Email" require/><br>
<button class="btn" onclick="get_data(Meal);">Add</button>
<label for="Meal">Meal:</label>
<select name="Meal">
<?php
//echo get_data($mysqli);
?>
</select><br>
Rating: <input type="number" name ="Rating" min="1" max="5" require/><br>
Comment: <input type="text" name ="Comment"><br>
<input type="submit" name="submit">
</form>
</body>
</html>
Your <button class="btn" onclick="get_data(Meal);">Add</button> with the function get_data(Meal) cant call a php function.
So you have to create a javascript function get_data() that requests the infos via ajax for example.
You should get your money back from that guy.
You need to move your get_data function out of if statement. Indentation could help you.
if(isset($_POST['submit']))
{
$Date = date('Y-m-d H:i:s');
$FirstName = $mysqli->real_escape_string($_POST['FirstName']);
$LastName = $mysqli->real_escape_string($_POST['LastName']);
$Rating = $mysqli->real_escape_string($_POST['Rating']);
$Comment = $mysqli->real_escape_string($_POST['Comment']);
$sql = "INSERT INTO guest(GuestID, FirstName, LastName, PostcodeFK, Email, Date, Rating,Comment)"
." VALUES ('', '$FirstName', '$LastName', '$Postcode', '$Email', '$Date', '$Rating', '$Comment')";
if($mysqli->query($sql)==TRUE)
{
echo "<script>alert('Record Added.');location.href='customers.html'</script>";
} else {
echo "<script>alert('Error'); location.href='#'</script>";
}
}
function get_data($mysqli)
{
$sql="SELECT `MealOption` FROM menu";
$result=$mysqli->query($sql);
while ($row=$result->fetch_assoc())
{
echo "<option value='". $row['MealOption'] . "'>". $row['MealOption'] ."</option>";
}
}
And for html usage you need to add php tags before using php function.
<?php get_data($mysqli); ?>
Your code is not safe against XSS attacks - this might be causing the problem, e.g. if your meal option contains an apostrophe.
Try changing this line:
echo "<option value='". $row['MealOption'] . "'>". $row['MealOption'] ."</option>";
to this line:
echo "<option value='". htmlspecialchars($row['MealOption'],ENT_QUOTES) . "'>". htmlspecialchars($row['MealOption']) ."</option>";