Creating a dropdown in my webpage with selected entries from my database

Question

I am creating a webpage in which person enters a name and the marketplaces registered under that name is displayed in a dropdown. Here's part of my code

            <form name="login" action="index_submit" method="get" accept-charset="utf-8">
        <ul>
            <li>
                <label for="seller">Seller Name/ID</label>
                <input type="text" id="username" placeholder="Seller Username/ID" required>
            </li>
             <?php

             ?>
            <li>
                <label for="marketplace">Choose a marketplace</label>
                <select name="url" onchange="menu_goto(this.form)">
                <?php
                    include ('config.php');
                    $username = $_POST['username'];
                    $query = "SELECT Marketplace FROM Details WHERE Seller_name='$username' OR Seller_ID='$username'";
                    $result = mysql_query($dbcon, $query) or die('error getting data');
                    while ($row = mysql_fetch_array($result)){
                    echo "<option value="marketplace1">" . $row['Marketplace'] . "</option>";
                    }
                ?>
                </select>
            </li>

but when i'm running the .php file i'm getting a screen with results of till the php script is encountered, the html code below it remains untouched. I'm new with this. I'm unable to detect the error (if any) in my code. The config.php file is just a connection established with my database (no more code included in it).Also, the rest of my code works fine if i remove the php script from the code and my webpage is then displayed. I am guessing the problem is with my php script.

EDIT: I used the following answered by someone: on username input field, put a javascript function and then use ajax to call server side code and then append result of that as option with url field. like following.

    <form name="login" action="index_submit" method="get" accept-charset="utf-8">
    <ul>
        <li>
            <label for="seller">Seller Name/ID</label>
            <input type="text" onchange="ajaxCall(this.value)" id="username" placeholder="Seller Username/ID" required>
        </li>
         <?php

         ?>
        <li>
            <label for="marketplace">Choose a marketplace</label>
            <select name="url" onchange="menu_goto(this.form)">
            </select>
        </li>

javascript function should be like this.

          <script>
           function ajaxCall(val)
            {
          $.post('abc.php',{'username':val},function(res){
           $.('#url').html(res);
           });
           }
        </script>

abc.php will be following.

                <?php
                include ('config.php');
                $username = $_POST['username'];
                $query = "SELECT Marketplace FROM Details WHERE Seller_name='$username' OR Seller_ID='$username'";
                $result = mysql_query($dbcon, $query) or die('error getting data');
                $res='';
                while ($row = mysql_fetch_array($result)){
                $res .='<option value="marketplace1">' . $row['Marketplace'] . '</option>';
                }
             echo $res;
             ?>

and my whole code is getting executed now, but i'm still not getting any value in my dropdown list.(it appears blank and yes, i have values in my database).

Answer 1

Assuming you have made the HTML chnages suggested by @yaso

Change your code like this, it should set errors to be displayed on the browser window.

I also assumne you are launching this with a url like

example.com/myscript.php?username=OneThatExists

<?php
    error_reporting(E_ALL);
    ini_set('display_errors', 1);

    include ('config.php');

    $username = $_POST['username'];
    $query = "SELECT Marketplace FROM Details WHERE Seller_name='$username' OR Seller_ID='$username'";
    $result = mysql_query($query,$dbcon) or die('error getting data');

    while ($row = mysql_fetch_array($result)){
        echo "<option value="marketplace1">" . $row['Marketplace'] . "</option>";
    }
?>

You should really be testing that a parameter was actually passed something like this. You can write the sanityCheck()

<?php
    error_reporting(E_ALL);
    ini_set('display_errors', 1);

    include ('config.php');

    if ( isset($_POST['username']) ) {

        $_POST['username'] = sanityCheck($_POST['username']);

        $query = "SELECT Marketplace 
                  FROM Details 
                  WHERE Seller_name='{$_POST['username']' 
                     OR Seller_ID='{$_POST['username']}'";

        $result = mysql_query($query, $dbcon) or die('error getting data');

        while ($row = mysql_fetch_array($result)){
            echo "<option value="marketplace1">" . $row['Marketplace'] . "</option>";
        }
    } else {
        // do whatever you want to do if no parameter was entered
    }
?>

Answer 2

echo "<option value="marketplace1">" . $row['Marketplace'] . "</option>";
                    ^            ^ ---------> Not escaped

Try

echo "<option value=\"marketplace1\">" . $row['Marketplace'] . "</option>";

Or

echo '<option value="marketplace1">' . $row['Marketplace'] . '</option>';

Hope it helps.

PS: Take a look at MySQLi and/or PDO, because mysql functions are deprecated.

Edit: If theres no error, do u have error_reporting on? If not insert

error_reporting(E_ALL);

into your Document and u should get something like this:

Parse error: syntax error, unexpected 'marketplace1' (T_STRING), expecting ',' or ';' in C:\xampp\htdocs\testing\index.php on line 2