0

I need a combine some php and html tricks to make a typical select option segment of a form hold multiple values for each form. An id for the product, the id for the markup, and the "name" of the markup. This allows administrative users to select prices for products based on profit margins. Submitting the form yields blank values for the three values inside the select.

<?php

    $factor_grab = "
    SELECT * FROM product_latest_price_factor AS t1
    WHERE product_id = '".$product_id."'";
    //echo $factor_grab.'<br>';
    $factor_result = mysql_query($factor_grab) or die (mysql_error());
    while($frow=mysql_fetch_array($factor_result))
    {
        $level = $frow['level'];
        $percentage = $frow['percentage'];
        $value = $frow['value'];
        $price_level_id = $frow['price_level_id'];

//This piece does not work
        echo '<option value="{level:\''.$level.'\', price_level_id:\''.$price_level_id.'\', percentage:\''.$percentage.'\'}">'.$level.' - %'.number_format($percentage,2).' - $'.$value.'</option>';

    }
      ?>

I thought I nailed it this time, as I can see the values in the form, and by inspecting the options with Google Chrome, but I think it's because my quotes are getting out of hand. You can see each option value is supposed to store three variables. Level, Price_level and Price_level_id. (Value is just for users to explicitly see what the resulting price would be.) How do I echo out an option that can work for all three? That would be a very powerful solution for me.

Improve this question
6
  • What exactly is it echoing? Some of your text? All of it? Or is there an error? Commented Aug 23, 2012 at 21:11
  • 1
    Your problem is in processing the form, yet you didn't share the code that processes the form. Don't waste others' time asking unanswerable questions. Commented Aug 23, 2012 at 21:11
  • Are you properly using mysql_real_escape_string to escape the data before using it in your queries? ($product_id in your case). Commented Aug 23, 2012 at 21:11
  • Here are what the generated options look like: <option value="{level:'L55', price_level_id:'80000014-1325783140', percentage:'55.000'}">L55 - %55.00 - $40.21</option> , which indicates the product being marked up by 55% with it's respective id and code. Commented Aug 23, 2012 at 21:13
  • So it's generating OK. As @DanGrossman says - if you want help, it's the processing code that isn't working, so you'll have to add that. Commented Aug 23, 2012 at 21:15

2 Answers 2

Reset to default
1

Properly escape things, and avoid issues:

echo '<option value="', 
    htmlspecialchars(
        json_encode(
            array(
                'level'=>$level,
                'price_level_id'=>$price_level_id,
                'percentage'=>$percentage
            )
        )
    ),
    '">',
    htmlspecialchars($level . ' - %' . number_format($percentage,2)),
    htmlspecialchars(' - $' . $value),
    '</option>';

This is messy... only trying to show you the idea here. You should clean this stuff up a bit. It would be best if you only kept an ID in that option value, and pulled these other things out of a JavaScript array or object or wherever you keep them later.

Also, be very sure that you are escaping data in your query. As it stands now, you are probably subject to SQL injection. Learn to use PDO with prepared queries to avoid this problem.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

You are correct, I'm doing things primitive for the moment but I'll make sure to switch to PDO when I see it work. But I can't say I've used json_encode before, so I'll be learning this. Thank you.
0

How are you retrieving the values? Are you using json_decode? Because if you are then you need to make sure your JSON is valid in the first place. Try this:

echo '<option value="'.htmlspecialchars(json_encode(compact("level","price_level_id","percentage"))).'">'.$level.' - %'.number_format($percentage,2).' - $'.$value.'</option>';

Then use json_decode to get the value into an array.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.