1

I have a database table that contains fields including category (cat) and posting price (postprice). I need to bind an input field on my web page to the postprice value corresponding to the category selected in the dropdown box on the same page. I'm seeing syntax error but am not sure what it is. Here's the code for the dropdown box:

<select name="postcat" class="req" style="width:220px" onchange="getCats(this.value);">
<?php
if ($_POST['postsubcats'] == "none") {
echo "<option value=\"none\" selected=\"selected\">Select a category</option>";
} else {
echo "<option value=\"none\">Select a category</option>";
}

?>
<?php

$querycat = "SELECT * FROM `index` LIMIT 0, 30 ";
$resultcat = mysql_query($querycat);

while($rowcat = mysql_fetch_array($resultcat)){
echo "<option value=\"" . $rowcat['cat'] . "\">" . $rowcat['title'] .  "</option>\n";
}

?>
</select>

Here's the snippet for the input box:

<input type="text" id="adFee" name="adfee" contenteditable="false" 
value="<?php SELECT 'postprice' FROM 'index' WHERE 'cat' = $_POST(['postcat']); ?>">

Thanks much for your help.

Edit Thanks to Mash, I've modified my code as follows:

<label>Posting Fee:</label><br/>
<?php
$queryprice =  "SELECT 'postprice' FROM 'index' WHERE 'cat' = " . $_POST('postcat'); 
$resultprice = mysql_query($queryprice);  
while($row= mysql_fetch_array($resultprice)){   
echo '<input type="text" id="adFee" name="adfee" contenteditable="false" value="';   
echo $row['postprice'] . '" />';
} ?>

I now receive Fatal Error: Function name must be a string. Am I missing a ' " or ; somewhere??

Fatal Error is resolved. New Error: 

mysql_fetch_array(): supplied argument is not a valid MySQL result resource

Revised Code:

<?php

$queryprice =  "SELECT postprice FROM 'index' WHERE cat = '" . mysql_real_escape_string($_POST['postcat'])."'"; 

$resultprice = mysql_query($queryprice);  

while($row= mysql_fetch_array($resultprice)){   

?><input type="text" id="adFee" name="adfee" contenteditable="false" value="<?php echo $row['postprice'];?>">
<?php } ?>

Does this mean that my code block is not "seeing" the option field postcat?

Improve this question
2
  • 1
    SQL can't be executed just in php tags as you have in your snippet for the input box. Commented Feb 16, 2011 at 5:43
  • AHHHHH! SQL INJECTION! Always clean data you put in a databasequery! Please use (int)$_POST['postcat'] or "'".mysql_real_escape_string($_POST['postcat'])."'" Commented Feb 16, 2011 at 10:50

1 Answer 1

Reset to default
2

try this..

<label>Posting Fee:</label><br/>
<?php
$queryprice =  "SELECT postprice FROM `index` WHERE cat = '" . mysql_real_escape_string($_POST['postcat'])."'"; 
$resultprice = mysql_query($queryprice);  
while($row = mysql_fetch_array($resultprice)){   
?>
<input type="text" id="adFee" name="adfee" contenteditable="false" value="<?php echo $row['postprice'];?>" />
<?php } ?>

remember:

  1. use php tag only when it is necessary
  2. $_POST have [ not (

or if u want to go with your way then use below

echo '<input type="text" id="adFee" name="adfee" contenteditable="false" value="'.$row[postprice].'" />';
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Please remove the obvious SQL injection problem ($_POST not cleaned)
Also the table named index must be quoted, otherwise you get a syntax error.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.