populating multiple select with(select=true) form from database syntax error
-
21-12-2019 - |
Question
I am populating a multiple select form with values from the database. what i want to do is i want some values to be selected based on the data i provide it. i am having syntax errors with my code
here is my code:
<?php
$des_pos_id = $_POST['des_pos'];
$test_tags = $_POST['test_tag_arr'];
$test_tag=explode(',',$test_tags);
$sql4 = "SELECT _id, score_type from test_category where sub_code='$des_pos_id'";
$sel4 = mysqli_query($connect,$sql4);
while($row4 = mysqli_fetch_assoc($sel4)){
$option1 .= '<option value = "'.$row4['_id'].'"'echo in_array($row4['_id'], $test_tag) ? 'selected="true"' : null;'>'.$row4['score_type'].'</option>';
}
$output = "<select name='test_tags[]' id='test_tags[]' multiple>";
$output .= $option1;
$output .= '</select> ';
echo $output;
exit;
?>
here is the error message:
syntax error, unexpected 'echo' (T_ECHO) in /Applications/XAMPP/xamppfiles/htdocs/temp/esco-quiz/controller/script_controller.php
Solution
As gordon Linoff telling
Note: Because Echo is a language construct and not a function, it cannot be called using variable functions. Manual
Echo doent return anything so you cannt use it inline like you are using just remove echo from .$row4['_id'].'"'echo in_array($row4['_id'],
here
And your code is vulnerable to sql injection ... and using mysqli extension isnt mean you are safe form sql injection you need to properly escape/sanitize all request
so either use mysqli_real_escape_string
or prepared statements
(better)
OTHER TIPS
I think the problem is this line:
$option1 .= '<option value = "'.$row4['_id'].'"'echo in_array($value4['_id'], $test_tag) ? 'selected="true"' : null;'>'.$row4['score_type'].'</option>';
I'm not sure what you actually want though. Perhaps:
$option1 .= '<option value = "'.$row4['_id'].'"';
echo in_array($value4['_id'], $test_tag) ? 'selected="true"' : null;'>'.$row4['score_type'].'</option>';