inline content
I was under the understanding that unless you add a \n php would just append whatever you echo out to the end of whatever line you where currently at in your project.
Here's my problem:
And here's the view source of the HTML generated:PHP Code:<?php
$conn = mysql_connect($dbhost, $dbuser, $dbpass)
or die('Error connecting to MySQL.');
mysql_select_db($dbname)
or die('Error selecting database.');
if(isset($_POST['edititem']))$edititem=mysql_real_escape_string($_POST['edititem']);
$result=mysql_query("SELECT * FROM `universitymenu` WHERE `MenuItemID` = '$edititem'");
$ddresult=mysql_query('SELECT * FROM universitymenucategory');
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Add menu item</title>
<link href="CSSFolder/AddMenuItem.css" rel="stylesheet" type="text/css">
</head>
<body>
<form action="ManagerSection/PHP_Scripts/EditMenuItemAction.php" method="post">
<fieldset>
<legend>Edit menu item</legend>
<?php
while ($row = mysql_fetch_array($result)){
$n = $row['MenuCategoryID'];
?>
<input type="hidden" name="MenuItemID" value="
<?php
echo $row['MenuCategoryID'];
?>
">
<p><label for="form-ItemName">Item name:</label><input type="text" name="name" id="form-name" value="
<?php
echo $row['ItemName'];
?>
">
</p>
<p><label for="form-ItemPrice">Price: $</label><input type="text" name="price" id ="form-price" value="
<?php
echo $row['ItemCost'];
?>
"></p>
<p><label for="form-ItemDescription">Description:</label>
<textarea name="description" rows="4" cols="60" maxlength="300">
<?php
echo $row['ItemDescription'];
}
?>
</textarea></p>
<p><label for="form-Category">Category:
</label>
<select name="MenuCategory" id="form-Category">
<?php
while ($ddrow = mysql_fetch_array($ddresult)) {
?>
<option value="
<?php
echo $ddrow['MenuCategoryID'];
if ($n = $ddrow['MenuCategoryID'])
{
echo "\"selected =\"selected";
}
?>
">
<?php
echo $ddrow['MenuCategoryName'];
?>
</option>
<?php
}
?>
</select></p>
<p><input class="submit" type="submit" name="submit" value="Edit item">
</fieldset></p>
</form>
</body>
</html>
So when the variables are Posted to the EditMenuItemAction.php script and I do a mysql_escape_string() on them the fields end up with /r/n. When executing a SQL UPDATE query on the script it now fails in the WHERE clause when comparing values of the MenuItemID. I suppose I could use trim but doesn't that defeat the purpose of using mysql_escape_string() in the first place?HTML Code:<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>Add menu item</title> <link href="CSSFolder/AddMenuItem.css" rel="stylesheet" type="text/css"> </head> <body> <form action="ManagerSection/PHP_Scripts/EditMenuItemAction.php" method="post"> <fieldset> <legend>Edit menu item</legend> <input type="hidden" name="MenuItemID" value=" 0"> <p><label for="form-ItemName">Item name:</label><input type="text" name="name" id="form-name" value=" Ensalada de Pollo"> </p> <p><label for="form-ItemPrice">Price: $</label><input type="text" name="price" id ="form-price" value=" 5.95 "></p> <p><label for="form-ItemDescription">Description:</label> <textarea name="description" rows="4" cols="60" maxlength="300"> Grilled chicken breast over mixed greens, tossed in a balsamic vinaigrette. </textarea></p> <p><label for="form-Category">Category: </label> <select name="MenuCategory" id="form-Category"> <option value=" 0"> Tapas Frias</option> <option value=" 1"selected ="selected"> Tapas Calientes</option> </select></p> <p><input class="submit" type="submit" name="submit" value="Edit item"> </fieldset></p> </form> </body> </html>
Thanks for any ideas,
Joe
CSS Codes
Reply With Quote
Bookmarks