PDA

View Full Version : inline content



jeaux
08-29-2008, 12:05 PM
I was under the understanding that unless you add a \n php would just append whatever you echo out to the end of whatever line you where currently at in your project.

Here's my problem:


<?php
$conn = mysql_connect($dbhost, $dbuser, $dbpass)
or die('Error connecting to MySQL.');

mysql_select_db($dbname)
or die('Error selecting database.');
if(isset($_POST['edititem']))$edititem=mysql_real_escape_string($_POST['edititem']);
$result=mysql_query("SELECT * FROM `universitymenu` WHERE `MenuItemID` = '$edititem'");
$ddresult=mysql_query('SELECT * FROM universitymenucategory');
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Add menu item</title>
<link href="CSSFolder/AddMenuItem.css" rel="stylesheet" type="text/css">
</head>
<body>
<form action="ManagerSection/PHP_Scripts/EditMenuItemAction.php" method="post">
<fieldset>
<legend>Edit menu item</legend>
<?php
while ($row = mysql_fetch_array($result)){
$n = $row['MenuCategoryID'];
?>
<input type="hidden" name="MenuItemID" value="
<?php
echo $row['MenuCategoryID'];
?>
">
<p><label for="form-ItemName">Item name:</label><input type="text" name="name" id="form-name" value="
<?php
echo $row['ItemName'];
?>
">
</p>
<p><label for="form-ItemPrice">Price: $</label><input type="text" name="price" id ="form-price" value="
<?php
echo $row['ItemCost'];
?>
"></p>
<p><label for="form-ItemDescription">Description:</label>
<textarea name="description" rows="4" cols="60" maxlength="300">
<?php
echo $row['ItemDescription'];
}
?>
</textarea></p>
<p><label for="form-Category">Category:
</label>
<select name="MenuCategory" id="form-Category">
<?php
while ($ddrow = mysql_fetch_array($ddresult)) {
?>
<option value="
<?php
echo $ddrow['MenuCategoryID'];
if ($n = $ddrow['MenuCategoryID'])
{
echo "\"selected =\"selected";
}
?>
">
<?php
echo $ddrow['MenuCategoryName'];
?>
</option>
<?php
}
?>
</select></p>
<p><input class="submit" type="submit" name="submit" value="Edit item">
</fieldset></p>
</form>
</body>
</html>

And here's the view source of the HTML generated:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Add menu item</title>
<link href="CSSFolder/AddMenuItem.css" rel="stylesheet" type="text/css">
</head>
<body>
<form action="ManagerSection/PHP_Scripts/EditMenuItemAction.php" method="post">
<fieldset>
<legend>Edit menu item</legend>

<input type="hidden" name="MenuItemID" value="
0">
<p><label for="form-ItemName">Item name:</label><input type="text" name="name" id="form-name" value="
Ensalada de Pollo">
</p>
<p><label for="form-ItemPrice">Price: $</label><input type="text" name="price" id ="form-price" value="
5.95 "></p>
<p><label for="form-ItemDescription">Description:</label>
<textarea name="description" rows="4" cols="60" maxlength="300">
Grilled chicken breast over mixed greens, tossed in a balsamic vinaigrette. </textarea></p>
<p><label for="form-Category">Category:
</label>

<select name="MenuCategory" id="form-Category">
<option value="
0">
Tapas Frias</option>
<option value="
1"selected ="selected">
Tapas Calientes</option>
</select></p>
<p><input class="submit" type="submit" name="submit" value="Edit item">
</fieldset></p>
</form>
</body>
</html>


So when the variables are Posted to the EditMenuItemAction.php script and I do a mysql_escape_string() on them the fields end up with /r/n. When executing a SQL UPDATE query on the script it now fails in the WHERE clause when comparing values of the MenuItemID. I suppose I could use trim but doesn't that defeat the purpose of using mysql_escape_string() in the first place?

Thanks for any ideas,
Joe

jeaux
08-29-2008, 05:20 PM
Well I finally got it. I just use the trim before the escape.

i.e.


if(isset($_POST['MenuCategory'])) $MenuCategory=mysql_real_escape_string(trim($_POST['MenuCategory']));

I'd still like to know why the PHP echo ends up on the next line in the HTML.

Thanks