( ) in drop downs

zzz

I htink I have identified an error in one of my php page. The page is using drop down menues.

A few option lines have B[/B] withing text string, and that, I'm afraid throws my scripts into error modes. Am I correct on this?

Example:

<option>Value (2)</option>

Currently I parse the values o the script with the following method.

$value=htmlspecialchars($_POST["value"]);

Is there a better way to parse this data? I sure hope this is the problem.

sid

the html you posted, should not cause any problems... where is the error? when building the html form or when parsing the data?

htmlspecialchars() you only want to use when you have a value that you want to have output in a way, so it will not interfere with any of your html.

zzz

OK, how about this. I have aline that has a slash in text of the option of the drop down like this: n/a. Would that be a problem?

designguy79

No, it shouldn't cause a problem.

What exactly is the error message?

Also, did you know that you can specify the value of the drop-down selection like so:

<select name="dropdown">
<option value="1">Option (1)</option>
<option value="2">Option (2)</option>
<option value="3">Option (3)</option>
<option value="0">N/A</option>
</select>

Maybe that will help, but really, it should be a problem. Just FYI. :-)

zzz

Yes I know how to code options. I my case the drop-down menus are dynamically generated based on a previous selection. The error that I get is not a PHP or MySQL error. It’s the error that the script displays when certain conditions are not met.

Here's how it works. A form collects information (registration) and puts the data in table1 at the same time the script sends an email with a few variables in the URL string that a visitor suppose to follow in order to confirm the registration.

When the user follows the URL the script detects the variables in the string and executes the following:

takes a few variables from table1 and puts them in table2
takes the rest from table1 and puts it in table3
deletes the data from table1

Now, my dilemma is that everything works fine until the confirmation step. At that point the data in placed into table3 but not in table2 and stops with an error message.

Somehow everything goes well with table1 but stops with table2.

If I remove that particular variable (the one from the drop-down) everything works just fine. At this point I'm at a loss.

designguy79

Are you testing the result of MySQL query? Like...

$the_query = 'INSERT INTO ...';
$result = mysql_query($the_query);
if(!$result) {
echo 'error in the query: '.$the_query.' -- '.mysql_error();
exit();
}

If the data is not being saved into a table, look closely at that query and the logic behind.

Posting more of your code, with explanations, would help me. :-)

HTH!

zzz

Here's this particular piece of code. The problem I have is with $sec_specialty . When I remove that var everything works fine. With it I get to error[16] and Redistration Error message to customer and that's it. Now, like I said earlier, the data is saved into table1, but the problem is with pushing it into table2.

I was thinking that perhaps some characters in that particular var were preventing it from being listed and then pushed further...

function confirm ($hash, $username) {
		if (!$hash || !$username) {
			return $this->error[14];
		}
		else {
			mysql_connect($this->server, $this->db_user, $this->db_pass);
			mysql_select_db($this->database);
			$query = mysql_query("select * from table1 where mdhash = '$hash' AND username = '$username'");
			$result = @mysql_num_rows($query);
				if ($result < 1) {
					mysql_close();
					return $this->error[15];
				}
			list($mdhash, $fname, $mname, $lname, $sname, $upin, $specialty, $prim_specialty, $sec_specialty, $inst_name, $inst_type, $inst_adr1, $inst_adr2, $inst_city, $inst_state, $inst_zip, $inst_country, $inst_phone, $inst_fax, $inst_web, $mail_adr1, $mail_adr2, $mail_city, $mail_state, $mail_zip, $mail_country, $username, $password, $email) = mysql_fetch_row($query);
			$is_success_first = mysql_query("insert into table3 (username, password) values ('$username', '$password')");
			if ($is_success_first) {
				$is_success_second = mysql_query("insert into table2 (fname, mname, lname, sname, upin, specialty, prim_specialty, sec_specialty, inst_name, inst_type, inst_adr1, inst_adr2, inst_city, inst_state, inst_zip, inst_country, inst_phone, inst_fax, inst_web, mail_adr1, mail_adr2, mail_city, mail_state, mail_zip, mail_country, email) values ('$fname', '$mname', '$lname', '$sname', '$upin', '$specialty', '$prim_specialty', '$sec_specialty', '$inst_name', '$inst_type', '$inst_adr1', '$inst_adr2', '$inst_city', '$inst_state', '$inst_zip', '$inst_country', '$inst_phone', '$inst_fax', '$inst_web', '$mail_adr1', '$mail_adr2', '$mail_city', '$mail_state', '$mail_zip', '$mail_country', '$email')");
					if ($is_success_second) {
						$is_success_third = mysql_query("delete from table1 where username = '$username'");
					}
				}
			mysql_close();
			if (!$is_success_first) {
				return $this->error[16];
			}
			if (!$is_success_second) {
				@mail($email, "Registration Error", "Error message to registrant"From: $this->webmaster");
				return $this->error[17];
			}
			if (!$is_success_third) {
				@mail($this->webmaster, "Error"Error message to webmaster", "From: $this->webmaster");
				return 2;
			}
			@mail($email, "$this->wsname Confirmation", "Confirmation email", "From: $this->webmaster");
			return 2;
		}
	}

designguy79

For now, have MySQL error get returned with the return value. That will help you see what is really going on.

if (!$is_success_second) {
                @mail($email, "Registration Error", "Error message to registrant"From: $this->webmaster");
                return $this->error[17];
            }

could be

if (!$is_success_second) {
                @mail($email, "Registration Error", "Error message to registrant"From: $this->webmaster");
                return $this->error[17]." -- ".mysql_error($is_success_second);
            }

Also, it looks like your mail() function wouldn't work... maybe you have a typo?

@mail($email, "Registration Error", "Error message to registrant"From: $this->webmaster");

Seems like it should be

@mail($email, "Registration Error", "Error message to registrant From:". $this->webmaster);

Also, you will probably want to check for single apostrophes. For example, if one of your values have a ' in them, then you query would be built like this... INSERT INTO table (last_name) VALUES ('O'Riley') -- bad news!

Hope that gives you something to work with... good luck!

designguy79

Very possible, yes.

Did you check into the single apostrophe angle yet?