Jump to content

not printing whole text


s4salman

Recommended Posts

This code is only printing the 1st part of the field 6. For example if field 6 has data an oval, so it shows up an oval in the drop down list, But when i submit this form, only an gets printed on the next page. It is not printing whole an oval on the next page what is wrong with the code. Pls help!

<?php
  
$sql="SELECT * FROM tutorial"; 


/* You can add order by clause to the sql statement if the names are to be displayed in alphabetical order */

echo "<select name=stepaaaaaa>"; // list box select command

foreach ($dbo->query($sql) as $row){//Array or records stored in $row

echo "<option value=$row[field6]>$row[field6]</option>"; 

/* Option values are added by looping through the array */ 

}

 echo "</select>";// Closing of list box

?>
Link to comment
Share on other sites

Here the whole file attached herein

<?php
$host_name = "localhost";
$database = "s4salman_jag"; // Change your database name
$username = "s4salman_jag";          // Your database user id 
$password = "jag001";          // Your password

//////// Do not Edit below /////////
try {
$dbo = new PDO('mysql:host='.$host_name.';dbname='.$database, $username, $password);
} catch (PDOException $e) {
print "Error!: " . $e->getMessage() . "<br/>";
die();
}

?> 

<?php
   if( $_GET["stepa"] || $_GET["stepaa"]|| $_GET["stepaaa"] || $_GET["stepaaaa"] || $_GET["stepaaaaa"]|| $_GET["stepaaaaaa"] ) {
      
echo $_GET['filename'];

echo "<br/>";
echo "0&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp";

echo $_GET['description'];
echo "<br/>";

echo "1&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp";

echo $_GET['stepa'];
      
      echo '&nbsp';	
      echo $_GET['stepaa'];
echo '&nbsp';
echo $_GET['stepaaa'];
echo '&nbsp';
echo $_GET['stepaaaa'];
echo '&nbsp';
echo $_GET['stepaaaaa'];
echo $_GET['stepaaaaaa'];

        
      echo "<br/>";



<body>
   
      <form action = "<?php $_PHP_SELF ?>" method = "GET">


         
         <input type = "submit" />


<table border="0">
<tr>
<td width="100%" ALIGN="CENTER">

file name<input type="text" name="filename">
</td>
</tr>


<tr>
<td width="100%" ALIGN="CENTER">

description<input type="text" name="description">
</td>
</tr>

</table>

<table border="0" cellpadding="2" cellspacing="8">



<tr>


<td width="10%" ALIGN="CENTER">


		<label  for="element_1"> </label>
		<div>
<?php 
   
$sql="SELECT * FROM tutorial order by field1"; 


/* You can add order by clause to the sql statement if the names are to be displayed in alphabetical order */

echo "<select name=stepa>"; // list box select command

foreach ($dbo->query($sql) as $row){//Array or records stored in $row

echo "<option value=$row[field1]>$row[field1]</option>"; 

/* Option values are added by looping through the array */ 

}

 echo "</select>";// Closing of list box

?>


</div> 
		

</td>


<td width="20%" ALIGN="CENTER">


		<label  for="element_1"> </label>
		<div>
 
 
<?php
  
$sql="SELECT * FROM tutorial order by field2"; 


/* You can add order by clause to the sql statement if the names are to be displayed in alphabetical order */

echo "<select name=stepaa>"; // list box select command

foreach ($dbo->query($sql) as $row){//Array or records stored in $row

echo "<option value=$row[field2]>$row[field2]</option>"; 

/* Option values are added by looping through the array */ 

}

 echo "</select>";// Closing of list box

?>


</div> 
		

</td>


<td width="10%" ALIGN="CENTER">


		<label  for="element_1"> </label>
		<div>
 
 
<?php
  
$sql="SELECT * FROM tutorial"; 


/* You can add order by clause to the sql statement if the names are to be displayed in alphabetical order */

echo "<select name=stepaaa>"; // list box select command

foreach ($dbo->query($sql) as $row){//Array or records stored in $row

echo "<option value=$row[field3]>$row[field3]</option>"; 

/* Option values are added by looping through the array */ 

}

 echo "</select>";// Closing of list box

?>


</div> 
		

</td>




<td width="10%" ALIGN="CENTER">


		<label  for="element_1"> </label>
		<div>
<?php 
   
$sql="SELECT * FROM tutorial order by field4"; 


/* You can add order by clause to the sql statement if the names are to be displayed in alphabetical order */

echo "<select name=stepaaaa>"; // list box select command

foreach ($dbo->query($sql) as $row){//Array or records stored in $row

echo "<option value=$row[field4]>$row[field4]</option>"; 

/* Option values are added by looping through the array */ 

}

 echo "</select>";// Closing of list box

?>


</div> 
		

</td>


<td width="20%" ALIGN="CENTER">


		<label  for="element_1"> </label>
		<div>
 
 
<?php
  
$sql="SELECT * FROM tutorial order by field5"; 


/* You can add order by clause to the sql statement if the names are to be displayed in alphabetical order */

echo "<select name=stepaaaaa>"; // list box select command

foreach ($dbo->query($sql) as $row){//Array or records stored in $row

echo "<option value=$row[field5]>$row[field5]</option>"; 

/* Option values are added by looping through the array */ 

}

 echo "</select>";// Closing of list box

?>


</div> 
		

</td>


<td width="10%" ALIGN="CENTER">


		<label  for="element_1"> </label>
		<div>
 
 
<?php
  
$sql="SELECT * FROM tutorial"; 


/* You can add order by clause to the sql statement if the names are to be displayed in alphabetical order */

echo "<select name=stepaaaaaa>"; // list box select command

foreach ($dbo->query($sql) as $row){//Array or records stored in $row

echo "<option value=$row[field6]>$row[field6]</option>"; 

/* Option values are added by looping through the array */ 

}

 echo "</select>";// Closing of list box

?>


</div> 
		

</td>

</tr>

</table>

</body>
</html>

Link to comment
Share on other sites

the reason for this is because the html markup is broken.

 

the value = '...' attribute needs quotes (either single or double quotes are valid) around the value. since this is inside of a double-quoted php string, use single-quotes in the markup.

Can you please identify the line which is creating the issue. I am not able to figure out your point of view. Thanks

Link to comment
Share on other sites

The problem is actually everywhere in your code. You cannot stuff random PHP values into HTML markup and expect this to work. All you'll get is plently of cross-site scripting vulnerabilities and other defects (like the one you happened to notice).

 

Creating dynamic HTML must be done very carefully. The standard approach (which isn't always sufficient) is to HTML-escape the PHP value and always quote HTML attributes:

function html_escape($unsafe_data, $encoding)
{
    return htmlspecialchars($unsafe_data, ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML5, $encoding);
}
$unsafe_input = 'test test';

// Wrong: code is vulnerable to XSS attacks and cannot handle spaces
echo "<option value={$unsafe_input}>{$unsafe_input}</option>";

// Correct: escaped input, quoted attribute
echo '<option value="'.html_escape($unsafe_input, 'UTF-8').'">'.html_escape($unsafe_input, 'UTF-8').'</option>';

Since manual escaping is extremely cumbersome, and since most programmers just cannot do it, I recommend you use a template engine like Twig which does it for you (and will also massively improve your overall code quality).

Edited by Jacques1
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.