0

after having found the data in a table the function displays the information without missing, with a td tag only the first word which displays the others after the space are not displayed.

<table class="table table-bordered table-striped">
                        
                            <thead>
                                <tr>
                                    <th>Service </th>
                                    <th>Prix</th>
                                    <th >Quantite</th>
                    <th>Action</th>
                                </tr>
                            </thead>

                <tbody>
                  <?php 
               
                    $reqq = "SELECT * FROM service WHERE client = '$clientId' AND dossier = '$dossier' ";
                    $results = $connect->query($reqq);
                  ?>
                                                    <?php if($results->num_rows > 0){ ?>
                           
                            <?php
                            foreach($results as $data){ ?>
                           <?php echo $data['nom']; ?>
                            <tr>
                              
                                <td> <?php print $data['nom']; ?>
                                <td><?= $data['prix']?></td>
                                <td><?= $data['quantite']?></td>
                                <td><a href="facturesanspdf.php?clientName=<?php echo $clientId; ?>&del=<?php echo $data['id']; ?>">Supprimer</a></td>
                          </tr>
</tbody>
</table>

the result is enter image description here

Inside the table the last field have Franchise Procedure the table only display the first word which is Franchise

Help me find the solution please.

Juillet Jasnel
  • 13
  • 4
  • Do you mean the first field `$data['nom']`? – Barmar May 16 '22 at 20:18
  • 2
    Your script is vulnerable to [SQL Injection Attack](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). Even if [you are escaping variables, its not safe](https://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string%5D)! You should always use [prepared statements and parameterized queries](https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php) in either MYSQLI or PDO instead of concatenating user provided values into the query. – Barmar May 16 '22 at 20:19

1 Answers1

0

Try with:

<td> <?php echo htmlspecialchars($data['nom']); ?> </td>

Often, text stored in databases can contains reserved characters in HTML like "<" or "&" which should be replaced by html entities

That's what the PHP function htmlspecialchars was invented for.

ilvi
  • 3
  • 2
  • As it’s currently written, your answer is unclear. Please [edit] to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – lemon May 17 '22 at 18:19