开发者

Php in side html drop down selects

问答 作者:

I'm trying to add results into a html dropdown.

The php works if I take it outside the html form: it shows the results, but I need it inside the form

<form><form method="post" action="selldo.php">
<label><br /><br /><br /><br />What slot do you want to Sell?</label>
<select name="pokeSLOT" id="pokeSLOT" style="width:150px;padding-left:5px;">
<option value=""></option>
<?php 
$result = mysql_query("SELECT * FROM user_pokemon 
                       WHERE belongsto='$_SESSION[username]'");

while($row = mysql_fetch_array($result))
{
  echo $row['id'] . " " . $row['pokemon'];
  echo "<br />";
}
?>

</select><br/><br/>
<label>Price You Would Like For The Pokemon?</label>
<input type="int" name="cost" id="cost" maxlength="30"/><br/><br/>
<button name="submit" type="submit" id="Submit_B开发者_运维百科ut">Sell</button>
<p>&nbsp;</p><p>&nbsp;</p>
</form>

When I look in the dropdown menu there is nothing but if it makes the SQL out of the form it posts the results to the page so it works fine I just need it in side the drop down html form

p.s i have the connect ontop of the page

You will need to echo out HTML option elements:

while($row = mysql_fetch_array($result)) {
    echo "<option>" . $row['id'] . " " . $row['pokemon'] . "</option>";
}

You will probably want to give the option elements a value so the selected option is passed along properly when the form is submitted.

Did you look at the source this code generates? You will find that your options are all there but just somewhere in the void, not wrapped by any html tags. You'll see something like:

<form>
<select>
<option></option>
your first option
your second option
your third option
your n'th option
</select>
</form>

But what you really need, for the markup to be correct, is this:

<option>your first option</option>
<option>your second options</option>

And so forth... that should be enough for you to get it right! If not...

echo '<option value="' . $row['id'] . '">' . $row['pokemon'] . '</option>';

You have an SQL-injection hole and a possible XSS security hole:

Correct this by changing the php code to:

<?php  
$username = mysql_real_escape_string($_SESSION['username']);
$result = mysql_query("SELECT * FROM user_pokemon  
                       WHERE belongsto = '$username' "); 

while($row = mysql_fetch_array($result)) 
{ 
  $id = htmlentities($row['id']);
  $pokemon = htmlentities($row['pokemon']);
  echo '<option value = "$id"> $pokemon </option>'; 
} 
?>

See: What are the best practices for avoiding xss attacks in a PHP site
And How does the SQL injection from the "Bobby Tables" XKCD comic work?

You're not creating a select! you need the <option></option> tags for that, not just echo out your results...

<select name="pokeSLOT" id="pokeSLOT" style="width:150px;padding-left:5px;">
<option value=""></option>
<?php 
$username = mysql_real_escape_string($_SESSION['username']);
$result = mysql_query("SELECT * FROM user_pokemon WHERE belongsto='$username'");
while($row = mysql_fetch_array($result)) : ?>
<option value="<?php echo htmlentities($row['id']);?>"><?php echo htmlentities($row['pokemon']);?></option>
<?php endwhile;?>
</select>

This should do the trick:

<select name="pokeSLOT" id="pokeSLOT" style="width:150px;padding-left:5px;">
<?php 
$result = mysql_query("SELECT * FROM user_pokemon WHERE belongsto = '$_SESSION[username]'");
while($row = mysql_fetch_array($result)) {    
echo "<option value=\"\">" . $row['id'] . " " . $row['pokemon'] . "</option>
?>
</select>

继续阅读:phpsql

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9