Help a PHP noob

Hi guys. Just started tinkering in PHP.
I made a form with a dropdown box which get populated from a MYSQL database. like this:

<form name="form" method="POST" action="<?php echo $_SERVER['PHP_SELF']; ?>">

<?php
echo  "<select name='search' onChange='this.form.submit()'>";
    while ($row = mysql_fetch_array($result)) {
        echo "<option value='" . $row['ID'] . "'>" . $row['ID'] . " </option>";
}
?>

This fetches an ID and fills the rest of the form with DB data like this:

$search=$_POST['search'];

$data = 'SELECT * FROM `tlbintake` WHERE `ID` = "'.$search.'"';
  $query = mysql_query($data) or die("Couldn't execute query. ". mysql_error());
  $data2 = mysql_fetch_array($query);

Everything works correctly but after selecting an ID from the dropdownbox it fills in all the data correctly but it resets the ID to the "first" ID in the list.

How can I make it show the correct ID in stead of the first one?

one word the obvious SQL injection of anus

>>1
Just started tinkering in PHP.
Drop it like it's hot.

>>1

Best is to drop the PHP, the language sucks. Choose something different. Perl, scheme, ruby, erlang, haskell, python or whatever. Almost everything is better than PHP.

If you are not willing to that, start at least working with a template system. Some are more reasonable than others. It is not difficult to create a simple one yourself (but don't do it with includes). Don't mix logic and representation.

Then the next thing is that HTML is a markup language and you are not using it in a sane matter. Tags should always be closed. The select you use is not closed.

You also fail to sanitize your variables and you are not using prepare statements, which can become a security problem later on.

And you should use PDO or some other database abstraction layer.

First fix these things and then come back asking why your dropdown doesn't behave as it should.