Jump to content

Quotes not quite right!

Go to solution Solved by maxxd,

Recommended Posts

Hi ya!

I'm building a drop down menu to select "cats" categories

it's working except that the "cats" that have / contain multi words are printing out like this - 


<select name="site_search">
 <option value="Pen" case="">Pen Case</option>
  <option value="news">news</option>
  <option value="List" of="" names="">List of names</option>
  <option value="Library">Library</option>


This is the mysql and php that I'm using to create the above


$result = mysqli_query($conn,"select distinct cats from URLS order by cats desc");
$total = mysqli_num_rows($result);
while ($myrow = mysqli_fetch_array($result))

echo "<option value=".$myrow["cats"].">".$myrow["cats"]."</option>";


echo "</select>";


Server Version

mysql  Ver 15.1 Distrib 10.3.34-MariaDB, for debian-linux-gnueabihf (armv8l) using readline 5.2


Any thoughts with regard the above?











Link to comment
Share on other sites

  • Solution

This is one of the major problems with echoing html from within php - your quotation marks are getting lost/confused. If you have to do this, remember using single quotes is perfectly appropriate for an echo statement in php even though it won't interpolate variables. In your case, this is fine as you're using concatenation. Try this:

echo '<option value="'.$myrow['cats'].'">'.$myrow['cats'].'</option>';

This way it's easier to see that there are quotes around the option value so you know that spaces in the value won't break the entire thing (which is what's happening to you now).

It's also a best practice in html to use double quotes for attribute values, so that's cool too. I made the quotes around the array indexes single quotes; I'm not entirely sure that's best practice for php but it's what I've seen most often and what I personally prefer, so...

Link to comment
Share on other sites

@maxxd  it works because the ECHO is 'printing' the HTML commands that are to be used.  In this format, the PHP had to be interrupted by closing the quotes and adding a dot around a non-HTML item, which is a PHP variable, and then reopening the connection if more concatenation is required.

Link to comment
Share on other sites

Beware when enclosing a string attribute value with single quotes.


$myrow['cats'] = "O'Reilly books;
echo "<option value='{$myrow['cat']}'>{$myrow['cat']}</option>";

then the generated HTML will be


And the submitted GET value... image.png.f1cf1133dd19743453e363fd9c47b8b0.png


echo "<option value=\"{$myrow['cat']}\">{$myrow['cat']}</option>";

-> image.png.d76fd4d47851a72edf7de54ca7c915eb.png

Link to comment
Share on other sites

I have no difficulty getting that line of code to work with the value of O'Reilly.  How the script handles a value like that when selected is perhaps another issue but getting it to display properly with my offering is not a problem.

Link to comment
Share on other sites

I see now what you are pointing out.  But - should the situation ever involve values having double quotes in them, unlike O'Reilly, there's gonna be a problem then.  As I said earlier we can manage to output it ok, it's just the input processing that's the issue in either case.

Link to comment
Share on other sites

the issue of any external, unknown, dynamic value being output on a web page, possibly containing html special characters that would break the html syntax, should be handled by applying htmlentities, with the ENT_QUOTES flag, to value when it is output. this will  allow any single-quote, double-quote, <, >, or & in the actual value to work. they will be converted, by the browser, back to the actual literal character when the value is submitted.

  • Like 1
Link to comment
Share on other sites

I initially went with concatenation because best practices in HTML recommend using double quotes for attribute values so far as I recall. All that having been said, obviously this becomes much easier using a template framework like Twig or Blade.

<option value="{{ $myrow['cats'] }}">{{ $myrow['cats'] }}</option>

Not only that, both escape output by default.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.