如何将PHP while循环放在HTML选项菜单中?
I have downloaded a shopping cart for my site,
It has a PHP file to fill out the basket. the basket will show added items in rows, here is the code :
<?php
define('INCLUDE_CHECK',1);
require "XXXXX/XXXXX.php";
if(!$_POST['img']) die("There is no such product!");
$img=mysql_real_escape_string(end(explode('/',$_POST['img'])));
$row=mysql_fetch_assoc(mysql_query("SELECT * FROM XXXXXX WHERE img='".$img."'"));
$prsize=mysql_fetch_assoc(mysql_query("SELECT * FROM BBBBBB WHERE id='".$row['id']."'"));
echo '{status:1,id:'.$row['id'].',price:'.$row['price'].',txt:\'\
\
<table width="100%" id="table_'.$row['id'].'">\
<tr>\
<td width="60%">'.$row['name'].'</td>\
<td width="10%">$'.$row['price'].'</td>\
<td width="15%"><select name="'.$row['id'].'_cnt" id="'.$row['id'].'_cnt" onchange="change('.$row['id'].');">\
<option value="1">1</option>\
<option value="2">2</option>\
<option value="3">3</option></slect>\
\
</td>\
<td width="15%"><select name="'.$prsize['id'].'_cnt" id="'.$prsize['id'].'_cnt" onchange="change('.$prsize['id'].');">\
I need to put this
while($item = mysqli_fetch_array($result))
{
here to make a dynamic select menu for the size
<option value="'.$prsize['id'].'">'.$prsize['id'].'</option>\
end while
}
\
</td>\
<td width="15%"><a href="#" onclick="remove('.$row['id'].');return false;" class="remove">remove</a></td>\
</tr>\
</table>\'}';
?>
but I couldn't figure it out how to put the PHP while in there, I have tried to use "" or '' but no luck.
How should I quote the PHP while inside this HTML code?
Thanks
我已经为我的网站下载了购物车, p>
它有一个 PHP文件填写篮子。 篮子将在行中显示添加的项目,这里是代码: p>
&lt;?php
define('INCLUDE_CHECK',1);
require“XXXXX / XXXXX .php“;
if(!$ _ POST ['img'])die(”没有这样的产品!“);
$ img = mysql_real_escape_string(end(explode('/',$ _ POST [ 'img'])));
$ row = mysql_fetch_assoc(mysql_query(“SELECT * FROM XXXXXX WHERE img ='”。$ img。“'”));
$ prsize = mysql_fetch_assoc(mysql_query(“SELECT * FROM) BBBBBB WHERE id ='“。$ row ['id']。”'“));
echo'{status:1,id:'。$ row ['id']。',price:'。$ row [ 'price']。',txt:\'\
\
&lt; table width =“100%”id =“table _'。$ row ['id']。'”&gt; \
&lt; tr&gt; \
&lt; td width =“60%”&gt;'。$ row ['name']。'&lt; / td&gt; \
&lt; td width =“10%”&gt; $'。$ row ['price' ]。&lt; / td&gt; \
&lt; td width =“15%”&gt;&lt; select name =“'。$ row ['id'] .'_ cnt”id =“'。$ row ['id '] .'_ cnt“onchange =”change('。$ row ['id']。');“&gt; \
&lt; option value =”1“&gt; 1&lt; / option&gt; \
&lt;选项值 =“2”&gt; 2&lt; / option&gt; \
&lt; option value =“3”&gt; 3&lt; / option&gt;&lt; / slect&gt; \
\
&lt; / td&gt; \
&lt; td width =“15%”&gt; ;&lt; select name =“'。$ prsize ['id']。'_ cnt”id =“'。$ prsize ['id'] .'_ cnt”onchange =“change('。$ prsize ['id'] 。';;“&gt; \
code> pre>
我需要把这个 p>
while($ item = mysqli_fetch_array ($ result))
{
code> pre>
此处为大小设置动态选择菜单 p>
&lt ; option value =“'。$ prsize ['id']。'”&gt;'。$ prsize ['id']。'&lt; / option&gt; \
code> pre>
结束时 p>
}
&lt; / td&gt; \
&lt; td width =“15%”&gt; &lt; a href =“#”onclick =“remove('。$ row ['id']。'); return false;” class =“remove”&gt;删除&lt; / a&gt;&lt; / td&gt; \
&lt; / tr&gt; \
&lt; / table&gt; \'}';
?&gt;
code>
但是我无法弄明白如何将PHP放在那里,我曾尝试使用“”或“”但没有运气。 p>
在HTML代码中如何引用PHP? p>
谢谢 p>
div>
Maybe something like this:
$options = "";
while($item = mysqli_fetch_array($result))
$options .= "<option value=\"$item[id]\">$item[id]</option>\\
";
and then just use it
echo '{status:1,id:'.$row['id'].',price:'.$row['price'].',txt:\'\
\
<table width="100%" id="table_'.$row['id'].'">\
<tr>\
<td width="60%">'.$row['name'].'</td>\
<td width="10%">$'.$row['price'].'</td>\
<td width="15%"><select name="'.$row['id'].'_cnt" id="'.$row['id'].'_cnt" onchange="change('.$row['id'].');">\
'.$option.'</select>\
...
Or you can simply break your echo in two and put your loop between the calls:
echo '{status:1,id:'.$row['id'].',price:'.$row['price'].',txt:\'\
\
<table width="100%" id="table_'.$row['id'].'">\
<tr>\
<td width="60%">'.$row['name'].'</td>\
<td width="10%">$'.$row['price'].'</td>\
<td width="15%"><select name="'.$row['id'].'_cnt" id="'.$row['id'].'_cnt" onchange="change('.$row['id'].');">\
';
while($item = mysqli_fetch_array($result))
echo "<option value=\"$item[id]\">$item[id]</option>\\
";
echo '</select>\
\
</td>\
...
Btw, your </select> is missing one "e" (it says </slect>).
$SQL = "SELECT * from xxx WHERE img = '".mysql_real_escape_string($img)."'";
$result = mysql_query( $SQL );
while( $item = mysql_fetch_array( $result ) ) {
echo '<option value="'.$item['id'].'">'.$item['id'].'</option>';
}
My eyes bleed whenever I see PHP and HTML mixed together like that.
There are 6 things that I'd like to highlight in your code:
1) It seems to me like you're trying to build some kind of JSON string with your php, here's my evidence:
echo '{status:1, id:'.$row['id'].'} //The rest of your code
I'd like to make you aware of the command json_encode that transforms a php array into JSON-like string that can be read by JavaScript (just to name one) and manipulated in whatever way you want.
This is the way you use it:
$myJSONobject = json_encode($myarray)
2) mysql_ functions are deprecated
I don't know how many times I have to type this per day, but they are, do not use them anymore. Even if you're reading an outdated tutorial or written by a bad programmer that still use mysql_* functions in 2013.
Deprecated means that those functions can go away at any point in time, if your server updates to a PHP version that no longer has deprecated functions, all your code will be broken and you're going to wonder why.
From now on, you have to use mysqli or PDO
4) Your SQL is vulnerable to SQL Injection
$prsize=mysql_fetch_assoc(mysql_query("SELECT * FROM BBBBBB WHERE id='".$row['id']."'"));
I'm pretty sure you're writing statements like that all over your program, I'm also pretty sure that at some point you're accepting input from the user and making a SQL query like that.
If a malicious user decides to enter 1 OR 1=1 that user is going to execute a SQL statement that he is not supposed to execute, something like:
SELECT * FROM BBBBBB WHERE id = 1 OR 1=1
That could have been prevented if instead of using mysql_* functions you would have used mysqli or PDO
Because those libraries come with prepared statements A prepared statements forces the SQL engine to understand your query BEFORE any data is passed to it. Therefore, if a malicious user tries the good ol' OR 1 = 1, it won't matter because the SQL engine will handle it as any other string, and not as a command.
5) Your code is an ugly mess.
Even if this comment doesn't look like constructive criticism, it actually is, read on to find out why.
The way you're coding this program, makes it hard to maintain. You shouldn't be mixing PHP and HTML together the way you're doing it.
Most of the time you should only echo or return raw data.
If you're markup code, the vast majority of time, you're doing it wrong.
6) Do not use onclick` in HTML anymore, it's TERRIBLE practice. Use Event Listeners instead
<a href="#" id="test">Click me</a>
<script type="text/javascript">
var link = document.getElementById("test").
link.addEventListener("click", function() {
link.innerHTML = "Do not click me anymore please";
});
</script>
Back to your question, there's no need to write that mess if you want to mix PHP and HTML, I'm going to show you a cleaner way to output this:
$prsize=mysql_fetch_assoc(mysql_query("SELECT * FROM BBBBBB WHERE id='".$row['id']."'"));?>
{
status:1,
id:<?=$row['id']=?>,
price:<?=$row['price']?>,
txt:
<table width="100%" id="table_<?=$row['id']?>">
<tr>
<td width="60%"><?=$row['name']?></td>
<td width="10%">$<?=$row['price']?></td>
<td width="15%">
<select name="<?=$row['id']?>_cnt" id="<?=$row['id']?>_cnt" onchange="change(<?=$row['id']?>);">
<option value="1">1</option>
<option value="2">2</option>
<option value="3">3</option>
</select>
</td>
<td width="15%">
<select name="<?=prsize['id']?>_cnt" id="<?=$prsize['id']?>_cnt" onchange="change(<?=$prsize['id']?>);">
<?php while($item = mysqli_fetch_array($result)): ?>
<option value="<?=$prsize['id']?>"><?=$prsize['id']?></option>
<?php endwhile; ?>
</td>
<td width="15%">
<a href="#" onclick="remove(<?=$row['id']?>);return false;" class="remove">remove</a>
</td>
</tr>
</table>
}
Hope this helps, then again... if you're creating JSON... use JSON_ENCODE