antonyfal Posted March 21, 2011 Share Posted March 21, 2011 Hi. I got this code below, which makes a dropdownlist. the value is passed in a string to a URL. The value EXAMPLE: is 13:30pm, but what reaches the URL is 13 If i add the mysql_real_escape_string, the full value is passed to the URL. BUT so is the "mysql_real_escape_string".. what is wrong with this code? this example does not work period: $query = "SELECT DISTINCT timeslot_start FROM #__profile_rates ORDER BY timeslot_start ASC"; $dropDownList ="<select class=\"inputbox\" name=\"timeslotstart\">"; $timeslotstarts =doSelectSql($query); foreach ($timeslotstarts as $timelotstart) { $timeslot_start=mysql_real_escape_string($timelotstart->timeslot_start); $dropDownList .= "<option value=$timeslot_start>".$timeslot_start."</option>"; } $dropDownList.="</select>"; $output['TIMESLOTSTART']=$dropDownList; but if i change to this it works but gives the "mysql_real_escape_string" in the url foreach ($timeslotstarts as $timelotstart) { $timeslot_start=$timelotstart->timeslot_start; $dropDownList .= "<option value=mysql_real_escape_string($timeslot_start)>".$timeslot_start."</option>"; } //Url looks like www.xxxx.com/xxx/x//xxxx/timeslotstart=mysql_real_escape_string(13%3A30pm), Everything is correct except the mysql_real_escape_string and the "(" and ")" should not be passed. how can i write this? Link to comment https://forums.phpfreaks.com/topic/231326-how-to-write-this-mysql_real_escape_string-into-dropdownlist/ Share on other sites More sharing options...
kenrbnsn Posted March 21, 2011 Share Posted March 21, 2011 The function mysql_real_escape_string() should only be used when the data is going to be used with a mysql query. Never when the data is going to the browser. Ken Link to comment https://forums.phpfreaks.com/topic/231326-how-to-write-this-mysql_real_escape_string-into-dropdownlist/#findComment-1190558 Share on other sites More sharing options...
antonyfal Posted March 22, 2011 Author Share Posted March 22, 2011 The function mysql_real_escape_string() should only be used when the data is going to be used with a mysql query. Never when the data is going to the browser. Ken Thanks ken for the reply. Can you show me example of how to get the correct output for the real escape string in the value of the <select list?. All the examples ive come across use echo and i need an example with output. I need to get the "value=" to be an already real_escaped string(array).. but i just need an example how to call it from the database. Best regards Antony Link to comment https://forums.phpfreaks.com/topic/231326-how-to-write-this-mysql_real_escape_string-into-dropdownlist/#findComment-1190755 Share on other sites More sharing options...
MrXHellboy Posted March 22, 2011 Share Posted March 22, 2011 Dont know what you want exactly... but try this. foreach ($timeslotstarts as $timelotstart) { $timeslot_start=$timelotstart->timeslot_start; $dropDownList .= "<option value=".$timeslot_start.">".$timeslot_start."</option>"; } Link to comment https://forums.phpfreaks.com/topic/231326-how-to-write-this-mysql_real_escape_string-into-dropdownlist/#findComment-1190758 Share on other sites More sharing options...
antonyfal Posted March 22, 2011 Author Share Posted March 22, 2011 Dont know what you want exactly... but try this. foreach ($timeslotstarts as $timelotstart) { $timeslot_start=$timelotstart->timeslot_start; $dropDownList .= "<option value=".$timeslot_start.">".$timeslot_start."</option>"; } Hi thanks for the reply. I ve done this way already, has same result// only 13 appears in the "URL"--- I think what i need is to find away to get a "\" to the ":" So value is = 13\:30pm and then remove it as its passed to URL so that 13:30pm is passed.. Any ideas? // I wrote the above and didn't post- so ill just continue here with my solution: I replaced the little ":" with an "h" and removed the "am" and "pm" now the full value passes to "URL" 13h30. its not what i wanted, but its good enough for now. Thanks! Link to comment https://forums.phpfreaks.com/topic/231326-how-to-write-this-mysql_real_escape_string-into-dropdownlist/#findComment-1190826 Share on other sites More sharing options...
Pikachu2000 Posted March 22, 2011 Share Posted March 22, 2011 All you need is to add the quotes around the value= attribute, and drop the string concatenation. You use mysql_real_escape_string() when you are inserting data into a MySQL database, not when you're building a form. foreach ($timeslotstarts as $timelotstart) { $timeslot_start=$timelotstart->timeslot_start; $dropDownList .= "<option value=\"$timeslot_start\">$timeslot_start</option>"; } Link to comment https://forums.phpfreaks.com/topic/231326-how-to-write-this-mysql_real_escape_string-into-dropdownlist/#findComment-1190831 Share on other sites More sharing options...
EmperorJazzy Posted March 22, 2011 Share Posted March 22, 2011 but if i change to this it works but gives the "mysql_real_escape_string" in the url foreach ($timeslotstarts as $timelotstart) { $timeslot_start=$timelotstart->timeslot_start; $dropDownList .= "<option value=mysql_real_escape_string($timeslot_start)>".$timeslot_start."</option>"; } foreach ($timeslotstarts as $timelotstart) { $timeslot_start=$timelotstart->timeslot_start; $dropDownList .= "<option value=" . mysql_real_escape_string($timeslot_start) . ">".$timeslot_start."</option>"; } Try this... Link to comment https://forums.phpfreaks.com/topic/231326-how-to-write-this-mysql_real_escape_string-into-dropdownlist/#findComment-1190984 Share on other sites More sharing options...
antonyfal Posted March 24, 2011 Author Share Posted March 24, 2011 Thanks to all for the reply's to my problem above... I have to say that now i understand why the internet does things slightly different to the english dictionary. I did a quick fix on the above problem i had. I replaced the ":" with an "h" so now its 20h30 instead of 20:30 am its works fine for me. I will spend time on this little problem again and if i get the proper solution i will post it. Best regards Tony Link to comment https://forums.phpfreaks.com/topic/231326-how-to-write-this-mysql_real_escape_string-into-dropdownlist/#findComment-1191678 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.