开发者

How to populate HTML textbox with MySQL data

问答 作者:

I'm trying to make an update form. The update part is already working, but it would be better if I'm going to put a view button so that the users will not input the data all over again just to update it.

I'm working on this code, there's a button in the html form with the following code as its form action. Its job is to populate the textboxes with the appropriate data depending on the telephone number entered.

<?php
    $con = mysql_connect("localhost","root","");
    if (!$con)
    {
        die('Could not connect: ' . mysql_error());
    }
    mysql_select_db("hospital", $con);

    $result = mysql_query("SELECT * FROM t2 WHERE TELNUM='{$_POST["telnum"]}'");

    while ($row = mysql_fetch_开发者_JAVA技巧array($result))
    {

    <form>
        <input  name="lname" type="text"<?php echo $result["lname"];">
    </form>
?>

What's wrong with my code? I'm still a beginner in PHP.

Your HTML doesn't look correct; the value for a text input field is specified with the value attribute, e.g.

<input name="lname" type="text" value="<?php echo( htmlspecialchars( $row['lname'] ) ); ?>" />

The row data will be present in the $row hash; $result is just a pointer to the MySQL result buffer. In addition, you're missing a ?> tag after the echo statement, and the final ?> is misplaced. There also appears to be no closing brace for the while loop

Note the use of htmlspecialchars() to escape HTML entities in the text. This will prevent the text in the database from inadvertently closing the tag and spewing rubbish all over your HTML (and prevent against malicious input from users having any effect).

Overall, the correct solution might look something like:

<?php
$con = mysql_connect( 'localhost', 'root', '' );
if( !$con ) {
    die( 'Could not connect: ' . mysql_error() );
} else {
    mysql_select_db( 'hospital', $con );
    $result = mysql_query( "SELECT * FROM t2 WHERE TELNUM='{$_POST["telnum"]}'" );
    while( $row = mysql_fetch_array( $result ) ) {
        ?>
        <form>
            <input name="lname" type="text" value="<?php echo( htmlspecialchars( $row['lname'] ) ); ?>" />
        </form>
        <?php
    }
}
?>

Finally, not to second-guess you, but be careful about inserting arbitrary values from user-supplied data (like $_GET and $_POST) into SQL queries - a malicious user could use this to intentionally construct queries you don't want performed, or a non-malicious user could quite reasonably provide data that unintentionally breaks the SQL, causing an unexpected error (or again, some form of unknown broken behaviour). Take a look at the SQL injection page on the PHP web site as a good starting point to learn more about this.

It should be:

<input  name="lname" type="text"<?php echo $row['lname'];

Not

<input  name="lname" type="text"<?php echo $result['lname'];

$result is just that - the boolean result of the mysql_query() call.

$row is the actual data on each iteration of the loop.

A number of things are wrong here.

  1. You're opening and closing PHP tags don't match. You can open them at the beginning and close them at the bottom like you're doing, you just have to echo the HTML when doing that.

  2. The input takes a value attribute, which you can use to preset its value.

  3. The array you want to be pulling your MySQL fetched array from is $row, not $result.

  4. It would help to close your while loop.

  5. It'd be good for you to escape output, depending on what's being output.

    while($row = mysql_fetch_array($result)){ echo " "; }

Why htmlspecialchars instead htmlentities, i allways use htmlentities.

继续阅读:php

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9