...
PDA

Value in textbox is row

bucket
11-05-2009, 12:00 AM
I am trying to do it so the value in the text box is the current value that is in the database so I do not have to retype, and instead edit it or add on to it.


<html>
<body>
<?php
if (isset ($_POST['submit'])) // if the form was submitted, display their name
{
require_once ('inc/config.php');
$firstname = mysql_real_escape_string ($_POST['firstname']);
$lastname = mysql_real_escape_string ($_POST['lastname']);
$middlename= mysql_real_escape_string ($_POST['middlename']);
$id = 2;
$sql = mysql_query ("
UPDATE `testing` SET
`FirstName` = '".$firstname."',
`LastName` = '".$lastname."',
`MiddleName` = '".$middlename."'
WHERE `id` = '".$id."'
")
OR die (mysql_error());
echo "hello";
}
//form hasent been submitted
{

?>


<form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post">
Firstname: <input type="text" value="<?php echo $row['FirstName'];?>" name="firstname" /><br>
Lastname: <input type="text" value="<?php echo $row['LastName'];?>" name="lastname" /><br>
middlename: <input type="text" value="<?php echo $row['MiddleName'];?>" name="middlename" /><br>
<input type="submit" id="submit" name="submit" value="Submit!">
</form>
<?php
}
?>


</body>
</html>

Basicly the value isnt showing up.
<input type="text" value="<?php echo $row['MiddleName'];?>" name="middlename" />

How do I fix that?
Fou-Lu
11-05-2009, 12:29 AM
Where has $row been defined?
bucket
11-05-2009, 12:35 AM
Hm... I thought of adding this:



<html>
<body>
<?php
if (isset ($_POST['submit'])) // if the form was submitted, display their name
{
require_once ('inc/config.php');
$firstname = mysql_real_escape_string ($_POST['firstname']);
$lastname = mysql_real_escape_string ($_POST['lastname']);
$middlename= mysql_real_escape_string ($_POST['middlename']);
$id = 2;
$sql = mysql_query ("
UPDATE `testing` SET
`FirstName` = '".$firstname."',
`LastName` = '".$lastname."',
`MiddleName` = '".$middlename."'
WHERE `id` = '".$id."'
")
OR die (mysql_error());
echo "hello";
}

require_once ('inc/config.php');
$query = "SELECT * FROM testing";
$result = mysql_query($query) or die(mysql_error());
while ($row = mysql_fetch_array ($result))
{
?>


<form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post">
Firstname: <input type="text" value="<?php echo $row['FirstName'];?>" name="firstname" /><br>
Lastname: <input type="text" value="<?php echo $row['LastName'];?>" name="lastname" /><br>
middlename: <input type="text" value="<?php echo $row['MiddleName'];?>" name="middlename" /><br>
<input type="submit" id="submit" name="submit" value="Submit!">
</form>
<?php
}
?>

</body>
</html>

It worked...
Fou-Lu
11-05-2009, 12:49 AM
yes, but that won't work quite as expected. Foreach record you have you'll create an entire form, so you cannot access multiple forms and treat them as a single form. Although I don't know what you're use is for this exactly, I'd suspect this is what you want (to pass each name parts as an array):

<?php
// ...
$query = "SELECT * FROM testing";
$result = mysql_query($query) or die(mysql_error());
printf('<form action="%s" method="post">', $_SERVER['SCRIPT_NAME']);
while ($row = mysql_fetch_array ($result))
{
?>

Firstname: <input type="text" value="<?php echo $row['FirstName'];?>" name="firstname[]" /><br>
Lastname: <input type="text" value="<?php echo $row['LastName'];?>" name="lastname[]" /><br>
middlename: <input type="text" value="<?php echo $row['MiddleName'];?>" name="middlename[]" /><br>
<input type="submit" id="submit" name="submit" value="Submit!">
<?php
}

print '</form>';


Unless its changed, PHP_SELF is XSS exploitable. Avoid using it when you can.
bucket
11-05-2009, 12:51 AM
Thanks here is my final code:

<html>
<body>
<?php
if (isset ($_POST['submit'])) // if the form was submitted, display their name
{
require_once ('inc/config.php');
$firstname = mysql_real_escape_string ($_POST['firstname']);
$lastname = mysql_real_escape_string ($_POST['lastname']);
$middlename= mysql_real_escape_string ($_POST['middlename']);
$id = 2;
$sql = mysql_query ("
UPDATE `testing` SET
`FirstName` = '".$firstname."',
`LastName` = '".$lastname."',
`MiddleName` = '".$middlename."'
WHERE `id` = '".$id."'
")
OR die (mysql_error());
echo "hello";
}

require_once ('inc/config.php');
$query = "SELECT * FROM testing";
$result = mysql_query($query) or die(mysql_error());
while ($row = mysql_fetch_array ($result))
{
?>



<form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post">
Firstname: <input type="text" value="<?php echo $row['FirstName'];?>" name="firstname" /><br>
Lastname: <input type="text" value="<?php echo $row['LastName'];?>" name="lastname" /><br>
middlename: <input type="text" value="<?php echo $row['MiddleName'];?>" name="middlename" /><br>
<input type="submit" id="submit" name="submit" value="Submit!">
</form>
<?php
}
?>

</body>
</html>

Now I have a new problem:

I want to echo what is currently in the database but it wont show up

<?php
// show errors if any
error_reporting(E_ALL);
ini_set('display_errors', '1');

// require a file
require_once ('inc/config.php');

// select row from table
$query = "SELECT * FROM testing";

// check if is valid if it is then show results if not then die
$result = mysql_query($query) or die(mysql_error());
while ($row = mysql_fetch_array ($result))
{
?>
First Name:
<?php $row['FirstName']; ?>
<br>Last Name:
<?php $row['LastName']; ?>
<br>Middle Name:
<?php $row['MiddleName']; ?>
<?
}
?>
Fou-Lu
11-05-2009, 12:56 AM
You're not printing the values to the screen.
bucket
11-05-2009, 01:10 AM
<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');

require_once ('inc/config.php');
$query = "SELECT * FROM testing";
$result = mysql_query($query) or die(mysql_error());
while ($row = mysql_fetch_array ($result))
{
?>
First Name:
<?php echo $row['FirstName']; ?>
<br>Last Name:
<?php echo $row['LastName']; ?>
<br>Middle Name:
<?php echo $row['MiddleName']; ?>
<?
}
?>

Fixed I just had to add echo to it,.
Fou-Lu
11-05-2009, 01:13 AM
<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');

require_once ('inc/config.php');
$query = "SELECT * FROM testing";
$result = mysql_query($query) or die(mysql_error());
while ($row = mysql_fetch_array ($result))
{
?>
First Name:
<?php echo $row['FirstName']; ?>
<br>Last Name:
<?php echo $row['LastName']; ?>
<br>Middle Name:
<?php echo $row['MiddleName']; ?>
<?
}
?>

Fixed I just had to add echo to it,.

Yes, thats pretty much exactly what I said:
You're not printing the values to the screen.
bucket
11-05-2009, 02:08 AM
I know :) Thanks mate.

EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum