0 
<?php
$sample = 0;
    if($sample ==0)
    {   
        $displayinner = '<option value =' . $row['privilege_ID'] . '>' . $row['privilege_name'] . '</option>';
        $displayouter = '<td><label>Privileges:</label></td>
          <td><select name = "Privilege" id = "Privilege" multiple="multiple">
              <?php
                $PrivilegeNames = mysql_query("SELECT * FROM privilege");
                while($row = mysql_fetch_array($PrivilegeNames))
                    echo $displayinner;
              ?>
            </select></td>
          </tr>
          <tr>';
        echo $displayouter;
    }
?>

I only get a dropdownbox without any data inside it. Please help, what am i doing wrong?

Improve this question
4
  • 3
    You are doing everything wrong. Commented Aug 30, 2012 at 23:29
  • the sample is just a temp variable for me to use, i just set it to zero for now so that it will display. I just want to display the dynamic dropdown after it satisfies the if which for now is just a sample data. Commented Aug 30, 2012 at 23:32
  • 1
    Please don't use mysql_* functions in new code. They were removed from PHP 7.0.0 in 2015. Instead, use prepared statements via PDO or MySQLi. See Why shouldn't I use mysql_* functions in PHP? for more information. Commented Aug 30, 2012 at 23:35
  • thanks, i will look into your advice. Commented Aug 30, 2012 at 23:50

4 Answers 4

Reset to default
1

Yeah that won't work - there's a lot of issues, your "template" code will be parsed which will cause errors, and you can't nest <?php blocks like that. To get what you want, try this for starters:

$displayouter = '<td><label>Privileges:</label></td><td><select name = "Privilege" id = "Privilege" multiple="multiple">';

$PrivilegeNames = mysql_query("SELECT * FROM privilege");
while($row = mysql_fetch_array($PrivilegeNames)) {
    $displayouter .= '<option value =' . $row['privilege_ID'] . '>' . $row['privilege_name'] . '</option>';
}

$displayouter .= '</select></td></tr><tr>';

echo $displayouter;

If you don't need the variable $displayouter later, you can just echo everything instead, or break out of the PHP block entirely if this is template code. Note the use of .=, which appends data to the existing variable.

There's a lot of possible security holes here, but hopefully this helps to see some working code. Make sure to use htmlspecialchars on all unknown HTML output, for one thing.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

could you explain what you mean by security holes? I am a newbie in php. what are the issues of this code?
I shouldn't have said "a lot" - Primarily, I meant that whenever you output some unknown data to HTML, like a variable from an outside source like a database or text file, you should use htmlspecialchars() on it (always) so that any HTML characters are escaped, or else someone could run some javascript code by putting it in the database. It goes deeper than that (depends where you put the output into your HTML...), but it's a habit you should develop. I know it seems tedious but it's important.
ok I understand, place htmlspecialchars so escape characters so that they won't have a chance to access the database using javascript. Got it thanks
Err, something like that. For a very simple example, let's say someone entered </html> as a privilege_name. If you didn't escape it, it would break your page. If the variable contains HTML code (which you have no way of knowing) it can have bad effects, which include (but not limited to) executing javascript code - so always escape it.
0 
<?php
$sample = 0;
if($sample == 0)
{   
    $displayPre     = '<td><label>Privileges:</label></td>
      <td><select name = "Privilege" id = "Privilege" multiple="multiple">';
    $displayPost    = '</select></td>
      </tr>
      <tr>';
    $PrivilegeNames = mysql_query("SELECT * FROM privilege");

    echo $displayPre;

    while($row = mysql_fetch_array($PrivilegeNames))
        echo '<option value =' . $row['privilege_ID'] . '>' . $row['privilege_name'] . '</option>';

    echo $displayPost;
}

?>

The inner php tags were not parsed correctly, try the code above, it implements the form with a pre and post part so you don't need to put a new php block inside the string

Improve this answer

1 Comment

the data still doesnt show but the scrollbar is updated to have values
0

Wesley Murch is close, but missing a few things: Quotes around the value, and using htmlentities to prevent XSS injection.

$displayouter = '<td><label>Privileges:</label></td><td><select name = "Privilege" id = "Privilege" multiple="multiple">';

$PrivilegeNames = mysql_query("SELECT * FROM privilege");
while($row = mysql_fetch_array($PrivilegeNames)) {
    $displayouter .= '<option value="' . htmlentities($row['privilege_ID']) . '">' . htmlentities($row['privilege_name']) . '</option>';
}

$displayouter .= '</select></td></tr><tr>';

echo $displayouter;
Improve this answer

Comments

0

I haven't tested syntax, but you have made a few misplacements.

<?php 
$sample = 0; 
     if($sample ==0) 
     {    
          $displayinner = '<option value =' . $row['privilege_ID'] . '>' . $row['privilege_name'] . '</option>';
?>
          <td><label>Privileges:</label></td> 
             <td><select name = "Privilege" id = "Privilege" multiple="multiple"> 
<?php
                     $PrivilegeNames = mysql_query("SELECT * FROM privilege"); 
                     while($row = mysql_fetch_array($PrivilegeNames)) 
                          echo $displayinner; 
?>
                </select></td> 
             </tr> 
             <tr>
<?php
     } 
?>
Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.