Jump to content

how to write this mysql_real_escape_string into dropdownlist?

antonyfal

By antonyfal
in PHP Coding Help

 Share

Recommended Posts

antonyfal Regular Member

antonyfal

Posted
Posted

Hi.

I got this code below, which makes a dropdownlist. the value is passed in a string to a URL. The value EXAMPLE: is 13:30pm, but what reaches the URL is 13    If i add the mysql_real_escape_string, the full value is passed to the URL. BUT so is the "mysql_real_escape_string".. what is wrong with this code?

 

 

this example does not work period:

$query = "SELECT DISTINCT timeslot_start FROM #__profile_rates ORDER BY timeslot_start ASC";

$dropDownList ="<select class=\"inputbox\" name=\"timeslotstart\">";

$timeslotstarts =doSelectSql($query);

foreach ($timeslotstarts as $timelotstart)

{

$timeslot_start=mysql_real_escape_string($timelotstart->timeslot_start);

$dropDownList .= "<option value=$timeslot_start>".$timeslot_start."</option>";

}

$dropDownList.="</select>";

$output['TIMESLOTSTART']=$dropDownList;

 

 

but if i change to this it works but gives the "mysql_real_escape_string" in the url

 

 

foreach ($timeslotstarts as $timelotstart)

{

$timeslot_start=$timelotstart->timeslot_start;

$dropDownList .= "<option value=mysql_real_escape_string($timeslot_start)>".$timeslot_start."</option>";

}

//Url looks like www.xxxx.com/xxx/x//xxxx/timeslotstart=mysql_real_escape_string(13%3A30pm),

Everything is correct except the mysql_real_escape_string and the "(" and  ")" should not be passed.

 

how can i write this?

 

Link to comment
Share on other sites
antonyfal Regular Member

antonyfal

Posted
  • Author
Posted

The function mysql_real_escape_string() should only be used when the data is going to be used with a mysql query. Never when the data is going to the browser.

 

Ken

 

Thanks ken for the reply.

Can you show me example of how to get the correct output for the real escape string in the value of the <select list?.

All the examples ive come across use echo and i need an example with output.

 

I need to get the "value=" to be an already real_escaped string(array).. but i just need an example how to call it from the database.

 

Best regards

Antony

 

 

Link to comment
Share on other sites
MrXHellboy Member

MrXHellboy

Posted
Posted

Dont know what you want exactly... but try this.

 

foreach ($timeslotstarts as $timelotstart)
            {
            $timeslot_start=$timelotstart->timeslot_start;
            $dropDownList .= "<option value=".$timeslot_start.">".$timeslot_start."</option>";
            }

Link to comment
Share on other sites
antonyfal Regular Member

antonyfal

Posted
  • Author
Posted

Dont know what you want exactly... but try this.

 

foreach ($timeslotstarts as $timelotstart)
            {
            $timeslot_start=$timelotstart->timeslot_start;
            $dropDownList .= "<option value=".$timeslot_start.">".$timeslot_start."</option>";
            }

 

Hi thanks for the reply.

I ve done this way already, has same result// only 13 appears in the "URL"---

I think what i need is to find away to get a "\" to the ":"  So value is = 13\:30pm and then remove it as its passed to URL so that 13:30pm is passed..

 

Any ideas?

// I wrote the above and didn't post- so ill just continue here with my solution:

 

I replaced the little ":" with an "h" and removed the "am" and "pm" now the full value passes to "URL" 13h30.

its not what i wanted, but its good enough for now.

 

Thanks!

Link to comment
Share on other sites
Pikachu2000 Prolific Member

Pikachu2000

Posted
Posted

All you need is to add the quotes around the value= attribute, and drop the string concatenation. You use mysql_real_escape_string() when you are inserting data into a MySQL database, not when you're building a form.

 

foreach ($timeslotstarts as $timelotstart)
            {
            $timeslot_start=$timelotstart->timeslot_start;
            $dropDownList .= "<option value=\"$timeslot_start\">$timeslot_start</option>";
            }

Link to comment
Share on other sites
EmperorJazzy Member

EmperorJazzy

Posted
Posted

 

but if i change to this it works but gives the "mysql_real_escape_string" in the url

 

 

foreach ($timeslotstarts as $timelotstart)

{

$timeslot_start=$timelotstart->timeslot_start;

$dropDownList .= "<option value=mysql_real_escape_string($timeslot_start)>".$timeslot_start."</option>";

}

 


	foreach ($timeslotstarts as $timelotstart)
			{
			$timeslot_start=$timelotstart->timeslot_start;
			$dropDownList .= "<option value=" . mysql_real_escape_string($timeslot_start) . ">".$timeslot_start."</option>";
			}

 

Try this...

Link to comment
Share on other sites
antonyfal Regular Member

antonyfal

Posted
  • Author
Posted

Thanks to all for the reply's to my problem above...

I have to say that now i understand why the internet does things slightly different to the english dictionary.

 

I did a quick fix on the above problem i had. I replaced the ":" with an "h" so now its 20h30 instead of 20:30 am

its works fine for me.

I will spend time on this little problem again and if i get the proper solution i will post it.

 

Best regards

Tony

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.