populating multiple select with(select=true) form from database syntax error

Question

I am populating a multiple select form with values from the database. what i want to do is i want some values to be selected based on the data i provide it. i am having syntax errors with my code

here is my code:

<?php

    $des_pos_id = $_POST['des_pos'];
    $test_tags = $_POST['test_tag_arr'];
    $test_tag=explode(',',$test_tags);

    $sql4 = "SELECT _id, score_type from test_category where sub_code='$des_pos_id'";

    $sel4 = mysqli_query($connect,$sql4);

    while($row4 = mysqli_fetch_assoc($sel4)){

        $option1 .= '<option value = "'.$row4['_id'].'"'echo in_array($row4['_id'], $test_tag) ? 'selected="true"' : null;'>'.$row4['score_type'].'</option>';

    }

    $output = "<select name='test_tags[]' id='test_tags[]' multiple>";
    $output .= $option1;
    $output .= '</select> ';

echo $output;
exit;

?>

here is the error message:

syntax error, unexpected 'echo' (T_ECHO) in /Applications/XAMPP/xamppfiles/htdocs/temp/esco-quiz/controller/script_controller.php

Answer 1

As gordon Linoff telling

Note: Because Echo is a language construct and not a function, it cannot be called using variable functions. Manual

Echo doent return anything so you cannt use it inline like you are using just remove echo from .$row4['_id'].'"'echo in_array($row4['_id'], here

And your code is vulnerable to sql injection ... and using mysqli extension isnt mean you are safe form sql injection you need to properly escape/sanitize all request

so either use mysqli_real_escape_string or prepared statements (better)

Answer 2

I think the problem is this line:

   $option1 .= '<option value = "'.$row4['_id'].'"'echo in_array($value4['_id'], $test_tag) ? 'selected="true"' : null;'>'.$row4['score_type'].'</option>';

I'm not sure what you actually want though. Perhaps:

   $option1 .= '<option value = "'.$row4['_id'].'"';
   echo in_array($value4['_id'], $test_tag) ? 'selected="true"' : null;'>'.$row4['score_type'].'</option>';