s4salman Posted March 19, 2016 Share Posted March 19, 2016 This code is only printing the 1st part of the field 6. For example if field 6 has data an oval, so it shows up an oval in the drop down list, But when i submit this form, only an gets printed on the next page. It is not printing whole an oval on the next page what is wrong with the code. Pls help! <?php $sql="SELECT * FROM tutorial"; /* You can add order by clause to the sql statement if the names are to be displayed in alphabetical order */ echo "<select name=stepaaaaaa>"; // list box select command foreach ($dbo->query($sql) as $row){//Array or records stored in $row echo "<option value=$row[field6]>$row[field6]</option>"; /* Option values are added by looping through the array */ } echo "</select>";// Closing of list box ?> Quote Link to comment Share on other sites More sharing options...
s4salman Posted March 19, 2016 Author Share Posted March 19, 2016 Here the whole file attached herein <?php $host_name = "localhost"; $database = "s4salman_jag"; // Change your database name $username = "s4salman_jag"; // Your database user id $password = "jag001"; // Your password //////// Do not Edit below ///////// try { $dbo = new PDO('mysql:host='.$host_name.';dbname='.$database, $username, $password); } catch (PDOException $e) { print "Error!: " . $e->getMessage() . "<br/>"; die(); } ?> <?php if( $_GET["stepa"] || $_GET["stepaa"]|| $_GET["stepaaa"] || $_GET["stepaaaa"] || $_GET["stepaaaaa"]|| $_GET["stepaaaaaa"] ) { echo $_GET['filename']; echo "<br/>"; echo "0        "; echo $_GET['description']; echo "<br/>"; echo "1        "; echo $_GET['stepa']; echo ' '; echo $_GET['stepaa']; echo ' '; echo $_GET['stepaaa']; echo ' '; echo $_GET['stepaaaa']; echo ' '; echo $_GET['stepaaaaa']; echo $_GET['stepaaaaaa']; echo "<br/>"; <body> <form action = "<?php $_PHP_SELF ?>" method = "GET"> <input type = "submit" /> <table border="0"> <tr> <td width="100%" ALIGN="CENTER"> file name<input type="text" name="filename"> </td> </tr> <tr> <td width="100%" ALIGN="CENTER"> description<input type="text" name="description"> </td> </tr> </table> <table border="0" cellpadding="2" cellspacing="8"> <tr> <td width="10%" ALIGN="CENTER"> <label for="element_1"> </label> <div> <?php $sql="SELECT * FROM tutorial order by field1"; /* You can add order by clause to the sql statement if the names are to be displayed in alphabetical order */ echo "<select name=stepa>"; // list box select command foreach ($dbo->query($sql) as $row){//Array or records stored in $row echo "<option value=$row[field1]>$row[field1]</option>"; /* Option values are added by looping through the array */ } echo "</select>";// Closing of list box ?> </div> </td> <td width="20%" ALIGN="CENTER"> <label for="element_1"> </label> <div> <?php $sql="SELECT * FROM tutorial order by field2"; /* You can add order by clause to the sql statement if the names are to be displayed in alphabetical order */ echo "<select name=stepaa>"; // list box select command foreach ($dbo->query($sql) as $row){//Array or records stored in $row echo "<option value=$row[field2]>$row[field2]</option>"; /* Option values are added by looping through the array */ } echo "</select>";// Closing of list box ?> </div> </td> <td width="10%" ALIGN="CENTER"> <label for="element_1"> </label> <div> <?php $sql="SELECT * FROM tutorial"; /* You can add order by clause to the sql statement if the names are to be displayed in alphabetical order */ echo "<select name=stepaaa>"; // list box select command foreach ($dbo->query($sql) as $row){//Array or records stored in $row echo "<option value=$row[field3]>$row[field3]</option>"; /* Option values are added by looping through the array */ } echo "</select>";// Closing of list box ?> </div> </td> <td width="10%" ALIGN="CENTER"> <label for="element_1"> </label> <div> <?php $sql="SELECT * FROM tutorial order by field4"; /* You can add order by clause to the sql statement if the names are to be displayed in alphabetical order */ echo "<select name=stepaaaa>"; // list box select command foreach ($dbo->query($sql) as $row){//Array or records stored in $row echo "<option value=$row[field4]>$row[field4]</option>"; /* Option values are added by looping through the array */ } echo "</select>";// Closing of list box ?> </div> </td> <td width="20%" ALIGN="CENTER"> <label for="element_1"> </label> <div> <?php $sql="SELECT * FROM tutorial order by field5"; /* You can add order by clause to the sql statement if the names are to be displayed in alphabetical order */ echo "<select name=stepaaaaa>"; // list box select command foreach ($dbo->query($sql) as $row){//Array or records stored in $row echo "<option value=$row[field5]>$row[field5]</option>"; /* Option values are added by looping through the array */ } echo "</select>";// Closing of list box ?> </div> </td> <td width="10%" ALIGN="CENTER"> <label for="element_1"> </label> <div> <?php $sql="SELECT * FROM tutorial"; /* You can add order by clause to the sql statement if the names are to be displayed in alphabetical order */ echo "<select name=stepaaaaaa>"; // list box select command foreach ($dbo->query($sql) as $row){//Array or records stored in $row echo "<option value=$row[field6]>$row[field6]</option>"; /* Option values are added by looping through the array */ } echo "</select>";// Closing of list box ?> </div> </td> </tr> </table> </body> </html> Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted March 19, 2016 Share Posted March 19, 2016 the reason for this is because the html markup is broken. the value = '...' attribute needs quotes (either single or double quotes are valid) around the value. since this is inside of a double-quoted php string, use single-quotes in the markup. Quote Link to comment Share on other sites More sharing options...
s4salman Posted March 19, 2016 Author Share Posted March 19, 2016 the reason for this is because the html markup is broken. the value = '...' attribute needs quotes (either single or double quotes are valid) around the value. since this is inside of a double-quoted php string, use single-quotes in the markup. Can you please identify the line which is creating the issue. I am not able to figure out your point of view. Thanks Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted March 19, 2016 Share Posted March 19, 2016 (edited) The problem is actually everywhere in your code. You cannot stuff random PHP values into HTML markup and expect this to work. All you'll get is plently of cross-site scripting vulnerabilities and other defects (like the one you happened to notice). Creating dynamic HTML must be done very carefully. The standard approach (which isn't always sufficient) is to HTML-escape the PHP value and always quote HTML attributes: function html_escape($unsafe_data, $encoding) { return htmlspecialchars($unsafe_data, ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML5, $encoding); } $unsafe_input = 'test test'; // Wrong: code is vulnerable to XSS attacks and cannot handle spaces echo "<option value={$unsafe_input}>{$unsafe_input}</option>"; // Correct: escaped input, quoted attribute echo '<option value="'.html_escape($unsafe_input, 'UTF-8').'">'.html_escape($unsafe_input, 'UTF-8').'</option>'; Since manual escaping is extremely cumbersome, and since most programmers just cannot do it, I recommend you use a template engine like Twig which does it for you (and will also massively improve your overall code quality). Edited March 19, 2016 by Jacques1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.