Reputation: 71
php won't return entire value from database
I'm currently working on an online order form and having a really weird problem. I have a drop down menu and which options are values from one of the column in database table. Here is the html code:
<form name="form" method="post" action="placedOrder.php"><table width="70%" border="5" align="center"><tr>
<th scope="row">Item Name</th>
<th scope="row">Item SKU</th>
<th scope="row">Quantity</th>
<th scope="row">Special Note</th>
<th scope="row">Unit Price</th>
<th scope="row">Total Price</th></tr><tr>
<th scope="row">
<?php
include('connect.php');
$result = mysql_query("SELECT description FROM products")
or die(mysql_error());
print "<select name='description' value='description'>";
print "<option value='' disabled selected>Please Select A Product</option>";
while ($info = mysql_fetch_array($result))
{
$p = $info["description"];
print "<option value=$p>".$p."</option>";
}
print "</select>";
?>
</th>
<th scope="row"><input name="sku_1" id="sku_1" readonly /></th>
<th scope="row"><input name="qty_1" /></th>
<th scope="row"><input name="note_1" /></th>
<th scope="row"><input name="uPrice_1" id="uPrice_1" readonly /></th>
<th scope="row"><input name="tPrice_1" readonly /></th></tr></table><input type="submit"/></form>
And when I was going to work on the placedOrder.php for return values from html and store into database, I keep having the page return blank and nothing shows up. And I found out the reason might be the 'description' part. You may see in the following code:
<?php
include('connect.php');
$p = $_POST['description'];
echo $p;
$result = mysql_query("SELECT sku_id, unit_price FROM products WHERE description='{$_POST['description']}'")
or die(mysql_error());
while($row = mysql_fetch_array( $result )) {
echo $row[0];
echo $row[1];
}
?>
The $_POST['description']; part should return my product name from database and which is "48X72 CORDLESS BLACKOUT CELLULAR SHADE 9/16" WHITE" but after i echo it out only return "48X72", rest of the value are disappear. Did I miss anything in the code?
Upvotes: 2
Views: 74
Answers (1)
Reputation: 32272
Quote your values in HTML, and escape your data.
print "<option value=$p>".$p."</option>";
To:
print "<option value=\"".htmlspecialchars($p)."\">".htmlspecialchars($p)."</option>";
How I'd prefer it written:
$p = htmlspecialchars($p);
printf('<option value="%s">%s</option>', $p, $p);
You're only getting the first part because that's all there is before the first space in the string and the browser is interpreting that as the value, and the rest as syntax errors.
For that matter, all property values in HTML should be quoted:
<tag stringproperty="value" integerproperty="42"></tag>
and if you want to get really strict, the only permissible quotes are double quotes.
However, most browsers operate in a more or less permanent "quirks" mode and accept/render all sorts of standards-violating HTML because "that's how it's always been done".
Upvotes: 3
Related Questions
- Using php to get data from database but it only return one result
- Why does my php returns one value (one row) from mysql?
- MYSQL result not returning correctly
- Only getting one record returned
- MySQL/PHP Only Returning One Result
- Unable to retrieve value from MySQL database
- PHP - Code only giving one value from Mysql database, while it should give more
- PHP sql does not return all values
- PHP only displaying single result from database
- Not returning the entire values from the table