...

View Full Version : Putting php variable into html text box



supersav144
12-22-2010, 07:59 PM
I am currently creating a signin page for my website. If the user has input something incorrectly then the form is not submitted and the user is presented with the same form again. I would then like the username that was entered the first time to be automatically input as the value for the username text box.

Thanks for any help.

Here is my code so far...


<?php

include("dbconnect.php");

$username = $_POST['username'];
$password = $_POST['password'];
$submit = $_POST['signinsubmit'];


if($submit != null)
{
if($password == null)
{
$passwordcheck = "empty";
}

if($username == null)
{
$usernamecheck = "empty";
}

if($passwordcheck == null && $usernamecheck == null)
{
$sqlquery= "SELECT * FROM User WHERE Username = '$username' AND Password = md5('$password')";
//This runs the insert query
$sqlresult = mysql_query($sqlquery);
$sqlcheck = mysql_fetch_array($sqlresult);

if($sqlcheck['Username'] <> NULL)
{
//when login details are output as correct do this
session_start();
$_SESSION['user'] = $username;


header("location: index.php");
exit;
}
else
{
$signinfailed = yes;
}
}
}
?>



<form action="signin.php" id="signin" name="signin" method="post"/>

<table frame="border" class="table" cellpadding="5" cellspacing="5" align="center">
<tr>
<td>
Username: <input type="text" name="username" id="username" maxlength="20" value="<?php print "$username"; ?>"/>
<br />
<?php if($usernamecheck == "empty"){ echo "<span class='red'>Please enter a username</span>"; } ?>
</td>
</tr>
<tr>
<td>
Password: <input type="password" name="password" id="password" maxlength="20"/>
<br />
<?php if($passwordcheck == "empty"){ echo "<span class='red'>Please enter a password</span>"; } ?>
<?php if($signinfailed == "yes"){echo "<span class='red'>Either Username or Password is incorrect</span>";} ?>
</td>
</tr>
<tr>
<td align="center">
<input type="submit" value="Sign In" name="signinsubmit" />
</td>
</tr>
<tr>
<td align="center">
<a href="" class="a">Forgot Password </a>&nbsp; | &nbsp;<a href="" class="a"> Forgot Username</a>
</td>
</tr>
</table>

Fou-Lu
12-22-2010, 08:16 PM
Is that HTML coming from a PHP generated form?
If its from the same form, you can detect the existence of $_POST['username'] and use it for the value if it exists. If its not the same form, you'll need to use cookies or sessions in order to repopulate them on the next load.

supersav144
12-22-2010, 09:05 PM
It is from the same form and i've used $_POST['username']; to try and get the username, however when I put value="<?php print "$username"; ?>" in the html field it does not seem to output the username that the user entered previously

Fou-Lu
12-22-2010, 09:09 PM
Can you show that whole script?
Just to confirm, the signin.php is the page that does both the processing and the html generation correct?

supersav144
12-22-2010, 09:14 PM
<?php

include("dbconnect.php");

$username = $_POST['username'];
$password = $_POST['password'];
$submit = $_POST['signinsubmit'];


if($_GET['page'] != ""){
$previouspage1 = $_GET['page'];
}
else{
$previouspage2 = $_POST['page2'];
}


if($submit != null)
{
if($password == null)
{
$passwordcheck = "empty";
}

if($username == null)
{
$usernamecheck = "empty";
}

if($passwordcheck == null && $usernamecheck == null)
{
$sqlquery= "SELECT * FROM User WHERE Username = '$username' AND Password = md5('$password')";
//This runs the insert query
$sqlresult = mysql_query($sqlquery);
$sqlcheck = mysql_fetch_array($sqlresult);

if($sqlcheck['Username'] <> NULL)
{
//when login details are output as correct do this
session_start();
$_SESSION['user'] = $username;

if($previouspage2 == ""){
header("location: index.php");
}
else{
header("location:" . $previouspage2);
}

exit;
}
else
{
$signinfailed = yes;
}
}
}
?>


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link href="css.css" type="text/css" rel="stylesheet" />
<title>Ware Community Website Sign In</title>
</head>

<body>
<table width="1000" height="600" class="table">
<tr>
<td width="800">

<form action="signin.php" id="signin" name="signin" method="post"/>

<table frame="border" class="table" cellpadding="5" cellspacing="5" align="center">
<tr>
<td>
Username: <input type="text" name="username" id="username" maxlength="20" value="<?php print "$username"; ?>"/>
<br />
<?php if($usernamecheck == "empty"){ echo "<span class='red'>Please enter a username</span>"; } ?>
</td>
</tr>
<tr>
<td>
Password: <input type="password" name="password" id="password" maxlength="20"/>
<br />
<?php if($passwordcheck == "empty"){ echo "<span class='red'>Please enter a password</span>"; } ?>
<?php if($signinfailed == "yes"){echo "<span class='red'>Either Username or Password is incorrect</span>";} ?>
</td>
</tr>
<tr>
<td align="center">
<input type="hidden" name="page2" value="<?php if($_GET['page'] != ""){echo $previouspage1;} else {echo $previouspage2;} ?>" />
<input type="submit" value="Sign In" name="signinsubmit" />
</td>
</tr>
<tr>
<td align="center">
<a href="" class="a">Forgot Password </a>&nbsp; | &nbsp;<a href="" class="a"> Forgot Username</a>
</td>
</tr>
</table>

</form>

</td>
<td width="200" bgcolor="#FFCC33">
right
</td>
</tr>
</table>
</body>

</html>

Fou-Lu
12-22-2010, 09:37 PM
That is weird. There are a few issues in here (check with SQL Injection in particular), and a couple of variable handling I would do differently, but it appears that the $username should be there after a self submit.
This is the same form yeah? The signin.php?
Does it do this with all usernames or just some? Anything with special chars will give you problems since it may be interpreted as a part of the HTML code itself. After submitting the form, check the source of the HTML to see if there is anything in the value there. Otherwise, I'm overlooking something.

supersav144
12-22-2010, 09:46 PM
Yea this is the same form, it is the signin.php form. It does this with all usernames even when no special characters are used.

Fou-Lu
12-22-2010, 09:55 PM
Ok, well lets make sure we have what we need.
After the check against if ($submit != null) (the whole block, not just the actual if), add a simple:


printf("<pre>%s</pre>", print_r($GLOBALS, true));

Do so in a development environment only as globals will include any variable set in scope of this location including anything from dbconnect.php.
Does the printed result include a 'username' under the _POST section, and a username under the GLOBALS section?

supersav144
12-22-2010, 10:28 PM
ok yea done that and fixed it, I also had a global variable called $username in the dbconnect file which was screwing it up...oops. Thanks very much for all your help

Fou-Lu
12-22-2010, 11:24 PM
You betcha, its the smallest things the getcha ;)
So as I mentioned as well, make sure you look into SQL Injection (using mysql_real_escape_string with the mysql call, or use the mysqli/pdo with bound parameters). This will prevent malicious data entry - rule of thumb is never to trust your users.
As for variables as well, I would focus less on the use of string variables and more on booleans for what you have.


$signinfailed = false;
$passwordcheck = true;
$usernamecheck = true;
if(!empty($submit))
{
if(empty($password))
{
$passwordcheck = false;
}

if(empty($username))
{
$usernamecheck = false;
}

if($passwordcheck && $usernamecheck)
{
$sqlquery= "SELECT * FROM User WHERE Username = '$username' AND Password = md5('$password')";
//This runs the insert query
$sqlresult = mysql_query($sqlquery);
$sqlcheck = mysql_fetch_array($sqlresult);

if($sqlcheck['Username'] <> NULL) // This is ok, since it is greatly dependent on the datatype of your column
{
//when login details are output as correct do this
session_start();
$_SESSION['user'] = $username;

if(empty($previouspage2)){
header("location: index.php");
}
else{
header("location:" . $previouspage2);
}

exit;
}
else
{
$signinfailed = true;
}
}
}

And later check the $signinfailed, $usernamecheck and $passwordcheck with simple if ($signinfailed) etc.

I'd also recommend using isset and empty checks for the variables. The empty in particular will include nothing as well as null, but isn't useful in all cases (ie:


$a = array();
printf("\$a is empty? %d\n", empty($a));

is true, as is $a = "0";).



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum