I have a php script that queries a MySQL database and populates a drop-down menu using the data received. Everything was working fine and suddenly, the echo "Custom" option doesn't show up for me. I asked someone else to check the same page, and it showed up for him. I tried changing browsers, and nothing. Does anyone know why this would happen?
echo '<div class="c_element" style="height: auto;">
<select class="c_sel">';
$c= mysql_query("SELECT * FROM C WHERE c_lo_id =".$sel_lo_id) or die(mysql_error());
while($row = mysql_fetch_array($c))
{
echo '<option value='.$row['c_id'].'>'.$row['c_name'].'</option>';
}
echo '<option value="0">Custom </option>
</select>';
This can happen if your values contain characters that break your html, like ', > or <. When outputting to html, you should always make sure that these are encoded correctly.
Apart from that this would also happen if there are spaces in your values as you don't quote the attribute value.
With both corrections:;
echo '<option value="'.htmlspecialchars($row['c_id']).'">'.htmlspecialchars($row['c_name']).'</option>';
^ added as well ^
Related
I am trying to help users with filling form in the case if their submission was not successfully send.. The first part of the code down below works fine, but the second part is not "detected". Even if the statement is false Select Pair is not shown.
HTML output:
<option selected='selected'> </option>
This is just a small piece of my script.
Any suggestion how to fix this? Thanks!
if(isset($_SESSION['pair'])) {
echo "<option selected='selected'> " . $_SESSION['pair'] . "</option>";
} else {
echo "<option disabled='disabled'>Select Pair</option>";
}
unset($_SESSION['pair']);
And run the code again. Chances you didn't properly unset it hence only the first part work.
I have a strange problem which I presume is to do with my setup (WAMP on Windows 10). I am a beginner and working on my first project (rewriting an old Access/VBA solution).
I want to create an HTML drop down list on the fly - mysqli_query works fine and I can echo the list I need and get an accurate row count. But when I try any echo statement which starts with a '<' the rest of the page doesn't run.
The < is fine anywhere else but at the beginning. What I need is to be able to put
while($row = mysqli_fetch_assoc($result)) {
echo "<option value ='".$row['schoolName']."'>".$row["schoolName"]."</option>";
}
This just displays a list of $row["schoolName"] biut no other text.
There may be some mistakes in that code but I have tested this with much shorter echo strings and they always fail if '<' is the first thing after echo. I don't get an error message - the code above just gives a correct list of $row['schoolName].
Any ideas?
Try this
<select name="" id="input" class="form-control">
<?php
while($row = mysqli_fetch_assoc($result)) {
echo "<option value ='".$row['schoolName']."'>".$row["schoolName"]." </option>";
}
?>
</select>
You must add the <select> tag before using an <option> tag.
<select name="" class="">
<?php
while($row = mysqli_fetch_assoc($result)) {
echo "<option value ='".$row['schoolName']."'>".$row["schoolName"]."</option>";
}
?>
</select>
it is only displaying the first select box and the last one ..
here is the code.
function select_nom_of_guests($guest_type){
$i=0;
echo $guest_type;
echo "<select name=\"adults_num\" id= \"a\">";
while ($i<=5){
echo "<option value= $i>$i</option>" ;
$i++;
}
}
echo "<p>";
select_nom_of_guests("מספר מבוגרים");
select_nom_of_guests("מספר ילדים");
select_nom_of_guests("מספר תינוקות");
echo "</p>";
Close your <select> tags and it should work better ;-)
Note that a for loop would be more appropriate in your case.
Note that you don't end the <select> tag. I'm not sure how browsers would respond to that, but it definitely wouldn't help.
One helpful tool in these scenarios is the View Source tool that all major browsers have: instead of being confused about what's appearing on the screen, look at the HTML that the browser received to see why it might be showing what it's showing. If this is the issue, the source code would have revealed it lickity-split :)
You didn't close the select tag. You probably also want to make the name and id attributes different for each select.
function select_nom_of_guests($guest_type){
$i=0;
echo $guest_type;
echo "<select name=\"adults_num".$guest_type."\" id= \"select_".$guestType."\">";
while ($i<=5){
echo "<option value= $i>$i</option>" ;
$i++;
}
echo "</select>";
}
Thank you so much for being so helpful. Owe you all a thank you. I will be asking more questions in the future. Someone has solved the problem by giving me this code:
echo "" . strval($row['style']) . "" . "";
and it worked beautifully!!!!!!!!! You rock!
I am sorry, I don't know how to post follow up questions, so I keep posting each question as a new question. I've never joined any forum before, so don't know how to follow a thread :( Sorry
I previously asked a question, but didn't post my code, so many kind people (thank you so much) who respanded couldn't help me out.
So I'll post my partial code below.
";
echo "Select an item";
echo "";
}
while($row = mysql_fetch_array($result))
{
echo "$row[style] $row[color]";
}
mysql_close($con);
echo "";
echo "";
echo "Enter your 4 digit postcode";
echo "";
echo "";
echo "Enter quantity";
echo "";
echo "";
echo "";
echo "";
?>
Then to process form, I use $_POST['item'] to find out which item was selected, I get the first word, the rest of the words are missing.
For example, if the dropdown box was populated with the follwoing:
Dressmaker mannequin size 12
Mannequin torso PH-9 in skin color
...
if item selected was "Dressmaker manenquin size 12", $_POST['item'] gives me Dressmaker, the rests are missing.
I spent whole last night and today searching, but have made no progress, please help :(
This still applies from my previous post:
//====== Begin previous post
Hopefully, your MYSQL database has a primary key? If it does, set the value of each <option> to the primary key of the item.
For example:
SQL
id desc
1 "dressmaker thing with mannequin"
2 "dressmaker thing no mannequin"
Form PHP
echo "<option value='".$query['id']."'>".$query['desc']."</option>";
When the form is submitted, re-query the database for the desired description. You'll be doing this re-query anyway to retrieve prices and such, yes?
The reason this is happening is that spaces are discouraged in HTML attributes. You shouldn't have an attribute like value='this attribute is spaced'.
//====== End previous post
Basically, change this line:
while($row = mysql_fetch_array($result))
{
echo "<option value=$row[style]>$row[style] $row[color]</option><br />";
}
to
while($row = mysql_fetch_array($result))
{
echo "<option value='".$row['id']."'>$row['style'] $row['color']</option><br />";
}
and add this in process_form.php to get the description:
$desc = mysql_query("SELECT style FROM products WHERE id='".$_POST['item']."';");
You can also use this to get all other related info from the DB right when you need it.
// Another edit
#Cambraca - right on - I forgot to sanitize the quote.
#Ottoman - Your solution is a temporary fix. I strongly recommend applying an id/primary key system if it's not in place. An ounce of prevention is worth a pound of cure.
That is because in php you get what is in the "value" attribute of the dropdown's options.
You need to do something like this:
Replace
echo "<option value=$row[style]>$row[style] $row[color]</option><br />";
with
echo "<option value=\"$row[style] $row[color]\">$row[style] $row[color]</option><br />";
The problem is your lack of quotes in the option "echo" statement.
Try something like this
while($row = mysql_fetch_array($result))
{
printf('<option value="%s">%s %s</option>',
htmlspecialchars($row['style']),
htmlspecialchars($row['style']),
htmlspecialchars($row['color']));
}
Note also, the <br> element does not belong in the <select>
Edit: Added htmlspecialchars to properly escape any HTML entities that might exist in retrieved strings
If it gives you only the first word, then you forgot to enclose the option value="with quotes". Otherwise show us the constructed HTML source.
I am contemplating taking the next step with my PHP applications and making the option fields dynamic. That would open the doors for more automation.
I have drop downs throughout my project, they are used to select a specific user and I update them manually when a new user is added (which is also a manual process). But if i take the first step and make these drop downs become populated by a MySQL Database, then i can move on to dynamic user creation.
I know how I can achieve this, but I am curious about some other alternatives (If there is any).
Here is what I would do..
$query = ** MySQL Select * From Database Query **
echo '<select name="usernames">';
while($row == mysql_fetch_array($query))
{
echo '<option>' . $row['username'] . '</option>';
}
echo '</select>';
So my questions is, would you do this differently? And why? Thanks!
What you are doing will work fine. I like to make it into a function so that if I ever need that dropdown on another page I dont have to write a lot of code over again.
function userDD()
{
$query = ** MySQL Select * From Database Query **
$html = '<select name="usernames">';
while($row == mysql_fetch_array($query))
{
$html .= '<option>' . $row['username'] . '</option>';
}
$html .= '</select>';
return $html;
}
This code does exactly what your code does except it doenst use echo. Instead you use a variable ($html) to store all of the data then when you are done you return it.
Your way is fine, but two things need to be changed:
- Run htmlentities() or htmlspecialchars() on all echoed HTML to avoid XSS. Unless you already sanitized it at database entry time but I find this practice silly.
- Add a value attribute to each <option> tag, otherwise you won't be able to retrieve the username selected. I suggest using the username's corresponding ID or something else that's unique to that user. If it's a string, use htmlentities/htmlspecialchars on it too.
php file
$users = getUsers();
include('template.tpl');
template
<select name="username">
<?php foreach( $users as $user ): ?>
<li><?= e( $user['username'] ) ?></li>
<?php endforeach; ?>
</select>
e is a function that escapes strings to prevent xss attacks
I wouldn't put an SQL query in the same document as my output...
I'd create a document containing all SQL queries, in functions, and include that file. Just to keep things seperated.