Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 10 of 10
  1. #1
    New Coder
    Join Date
    Dec 2010
    Posts
    26
    Thanks
    3
    Thanked 0 Times in 0 Posts

    Putting php variable into html text box

    I am currently creating a signin page for my website. If the user has input something incorrectly then the form is not submitted and the user is presented with the same form again. I would then like the username that was entered the first time to be automatically input as the value for the username text box.

    Thanks for any help.

    Here is my code so far...

    PHP Code:
    <?php

    include("dbconnect.php");

    $username $_POST['username'];
    $password $_POST['password'];
    $submit $_POST['signinsubmit'];


    if(
    $submit != null)
    {
        if(
    $password == null)
            {
                
    $passwordcheck "empty";
            }
            
        if(
    $username == null)
            {
                
    $usernamecheck "empty";
            }
                    
        if(
    $passwordcheck == null && $usernamecheck == null)
            {
                
    $sqlquery"SELECT * FROM User WHERE Username = '$username' AND Password = md5('$password')";
                            
    //This runs the insert query
                
    $sqlresult mysql_query($sqlquery);
                
    $sqlcheck mysql_fetch_array($sqlresult);
                
                if(
    $sqlcheck['Username'] <> NULL)
                {
                    
    //when login details are output as correct do this
                    
    session_start();
                    
    $_SESSION['user'] = $username;
                
                
                          
    header("location: index.php");
                        exit;
                }
                else
                {
                    
    $signinfailed yes;
                }
            }
    }
    ?>

    Code:
    <form action="signin.php" id="signin" name="signin" method="post"/>
        				
                        <table frame="border" class="table" cellpadding="5" cellspacing="5" align="center">
                			<tr>
                    			<td>
                        			      Username: <input type="text" name="username" id="username" maxlength="20" value="<?php print "$username"; ?>"/>
                                                  <br />
                                                  <?php if($usernamecheck == "empty"){ echo "<span class='red'>Please enter a username</span>"; } ?>
                        		        </td>
                    		</tr>  
                    		<tr>
                    			<td>
                        			      Password: <input type="password" name="password" id="password" maxlength="20"/>
                                                  <br />
                                                  <?php if($passwordcheck == "empty"){ echo "<span class='red'>Please enter a password</span>"; } ?>
                                                  <?php if($signinfailed == "yes"){echo "<span class='red'>Either Username or Password is incorrect</span>";} ?>
                        		        </td>
                    		</tr>
                    		<tr>
                    			<td align="center">
                                	               <input type="submit" value="Sign In" name="signinsubmit" />
                        		        </td>
                    		</tr>
                                    <tr>
                    			<td align="center">
                        			       <a href="" class="a">Forgot Password </a>&nbsp; | &nbsp;<a href="" class="a"> Forgot Username</a>
                        		        </td>
                    		</tr>         
                 		</table>

  • #2
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    Is that HTML coming from a PHP generated form?
    If its from the same form, you can detect the existence of $_POST['username'] and use it for the value if it exists. If its not the same form, you'll need to use cookies or sessions in order to repopulate them on the next load.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • #3
    New Coder
    Join Date
    Dec 2010
    Posts
    26
    Thanks
    3
    Thanked 0 Times in 0 Posts
    It is from the same form and i've used $_POST['username']; to try and get the username, however when I put value="<?php print "$username"; ?>" in the html field it does not seem to output the username that the user entered previously

  • #4
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    Can you show that whole script?
    Just to confirm, the signin.php is the page that does both the processing and the html generation correct?
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • #5
    New Coder
    Join Date
    Dec 2010
    Posts
    26
    Thanks
    3
    Thanked 0 Times in 0 Posts
    Code:
    <?php
    
    include("dbconnect.php");
    
    $username = $_POST['username'];
    $password = $_POST['password'];
    $submit = $_POST['signinsubmit'];
    
    
    if($_GET['page'] != ""){
    	$previouspage1 = $_GET['page'];
    }
    else{
    	$previouspage2 = $_POST['page2'];
    }
    
    
    if($submit != null)
    {
    	if($password == null)
    		{
    			$passwordcheck = "empty";
    		}
    		
    	if($username == null)
    		{
    			$usernamecheck = "empty";
    		}
    				
    	if($passwordcheck == null && $usernamecheck == null)
    		{
    			$sqlquery= "SELECT * FROM User WHERE Username = '$username' AND Password = md5('$password')";
    						//This runs the insert query
    			$sqlresult = mysql_query($sqlquery);
    			$sqlcheck = mysql_fetch_array($sqlresult);
    			
    			if($sqlcheck['Username'] <> NULL)
    			{
    				//when login details are output as correct do this
    				session_start();
    				$_SESSION['user'] = $username;
    			
    				if($previouspage2 == ""){
    					header("location: index.php");
    				}
    				else{
    					header("location:" . $previouspage2);
    				}
    				
    				exit;
    			}
    			else
    			{
    				$signinfailed = yes;
    			}
    		}
    }
    ?>
    
    
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <link href="css.css" type="text/css" rel="stylesheet" />
    <title>Ware Community Website Sign In</title>
    </head>
    
    <body>
        	<table width="1000" height="600" class="table">
            	<tr>
                	<td width="800">
            	
            			<form action="signin.php" id="signin" name="signin" method="post"/>
        				
                        <table frame="border" class="table" cellpadding="5" cellspacing="5" align="center">
                			<tr>
                    			<td>
                        			Username: <input type="text" name="username" id="username" maxlength="20" value="<?php print "$username"; ?>"/>
                                    <br />
                                    <?php if($usernamecheck == "empty"){ echo "<span class='red'>Please enter a username</span>"; } ?>
                        		</td>
                    		</tr>  
                    		<tr>
                    			<td>
                        			Password: <input type="password" name="password" id="password" maxlength="20"/>
                                    <br />
                                    <?php if($passwordcheck == "empty"){ echo "<span class='red'>Please enter a password</span>"; } ?>
                                    <?php if($signinfailed == "yes"){echo "<span class='red'>Either Username or Password is incorrect</span>";} ?>
                        		</td>
                    		</tr>
                    		<tr>
                    			<td align="center">
                                	<input type="hidden" name="page2" value="<?php if($_GET['page'] != ""){echo $previouspage1;} else {echo $previouspage2;} ?>" />
                        			<input type="submit" value="Sign In" name="signinsubmit" />
                        		</td>
                    		</tr>
                            <tr>
                    			<td align="center">
                        			<a href="" class="a">Forgot Password </a>&nbsp; | &nbsp;<a href="" class="a"> Forgot Username</a>
                        		</td>
                    		</tr>         
                 		</table>  
                 		
                        </form> 
                
                    </td>
                    <td width="200" bgcolor="#FFCC33">
                    	right
                    </td>
                </tr>
            </table>
    </body>
    
    </html>

  • #6
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    That is weird. There are a few issues in here (check with SQL Injection in particular), and a couple of variable handling I would do differently, but it appears that the $username should be there after a self submit.
    This is the same form yeah? The signin.php?
    Does it do this with all usernames or just some? Anything with special chars will give you problems since it may be interpreted as a part of the HTML code itself. After submitting the form, check the source of the HTML to see if there is anything in the value there. Otherwise, I'm overlooking something.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • #7
    New Coder
    Join Date
    Dec 2010
    Posts
    26
    Thanks
    3
    Thanked 0 Times in 0 Posts
    Yea this is the same form, it is the signin.php form. It does this with all usernames even when no special characters are used.

  • #8
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    Ok, well lets make sure we have what we need.
    After the check against if ($submit != null) (the whole block, not just the actual if), add a simple:
    PHP Code:
    printf("<pre>%s</pre>"print_r($GLOBALStrue)); 
    Do so in a development environment only as globals will include any variable set in scope of this location including anything from dbconnect.php.
    Does the printed result include a 'username' under the _POST section, and a username under the GLOBALS section?
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • #9
    New Coder
    Join Date
    Dec 2010
    Posts
    26
    Thanks
    3
    Thanked 0 Times in 0 Posts
    ok yea done that and fixed it, I also had a global variable called $username in the dbconnect file which was screwing it up...oops. Thanks very much for all your help

  • #10
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    You betcha, its the smallest things the getcha
    So as I mentioned as well, make sure you look into SQL Injection (using mysql_real_escape_string with the mysql call, or use the mysqli/pdo with bound parameters). This will prevent malicious data entry - rule of thumb is never to trust your users.
    As for variables as well, I would focus less on the use of string variables and more on booleans for what you have.
    PHP Code:
    $signinfailed false;
    $passwordcheck true;
    $usernamecheck true;
    if(!empty(
    $submit))
    {
        if(empty(
    $password))
            {
                
    $passwordcheck false;
            }
            
        if(empty(
    $username))
            {
                
    $usernamecheck false;
            }
                    
        if(
    $passwordcheck && $usernamecheck)
            {
                
    $sqlquery"SELECT * FROM User WHERE Username = '$username' AND Password = md5('$password')";
                            
    //This runs the insert query
                
    $sqlresult mysql_query($sqlquery);
                
    $sqlcheck mysql_fetch_array($sqlresult);
                
                if(
    $sqlcheck['Username'] <> NULL// This is ok, since it is greatly dependent on the datatype of your column
                
    {
                    
    //when login details are output as correct do this
                    
    session_start();
                    
    $_SESSION['user'] = $username;
                
                    if(empty(
    $previouspage2)){
                        
    header("location: index.php");
                    }
                    else{
                        
    header("location:" $previouspage2);
                    }
                    
                    exit;
                }
                else
                {
                    
    $signinfailed true;
                }
            }

    And later check the $signinfailed, $usernamecheck and $passwordcheck with simple if ($signinfailed) etc.

    I'd also recommend using isset and empty checks for the variables. The empty in particular will include nothing as well as null, but isn't useful in all cases (ie:
    PHP Code:
    $a = array();
    printf("\$a is empty? %d\n", empty($a)); 
    is true, as is $a = "0";).
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 


  •  

    Tags for this Thread

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •