FUDforum: comp.lang.php » display data from mysql db in text box??

Home » Imported messages » comp.lang.php » display data from mysql db in text box??

Show: Today's Messages :: Polls :: Message Navigator

Re: display data from mysql db in text box?? [message #169389 is a reply to message #169374]

Thu, 09 September 2010 07:20

alvaro.NOSPAMTHANX
Messages: 277
Registered: September 2010

Karma:

Senior Member

El 08/09/2010 21:12, PAkerly escribió/wrote:
> I want to create a simple page to edit a record, and when submit is
> clicked I want to update the record.
>
> First I want to display all the data for the record, based on ID, on
> the page
> Here is what I am doing:
>
> <?php
> $txtid= $_POST[txtid];

You are (inadvertently) using an undefined constant. This should trigger
a notice. Try this instead:

<?php

error_reporting(E_ALL);
ini_set('display_errors', TRUE);

$txtid = isset($_POST['txtid']) ? $_POST['txtid'] : NULL;

>
> $sql = "SELECT date, user1, user2, user3, role, id
> FROM myuserdata
> WHERE id= $txtid
> ORDER BY id";

You are basically taking raw random input from an untrusted source,
injecting it into a SQL statement and running the resulting query
against your database server. It's not very different from publishing
your password in the front page :)

You don't say what DB library you are using but, in this case, you can
probably do something like this:

if( !is_null($txtid) ){
$sql = 'SELECT date, user1, user2, user3, role, id
FROM myuserdata
WHERE id=' . (int)$txtid;
// ...
}

Please note I've removed the ORDER BY statement: there's no point in
sorting a result set than can contain at most one row.

> And so then I have text boxes on the page and I want to fill those in
> based on the current ID
>
> I tried to do this:
>
> <input type="text" name="txtdate" id="txtdate" value=<?php echo
> [date];?> />
>
> <input type="text" name="txtuser1" id="txtuser1" value=<?php echo
> [user1];?> />
>
> this did not work. How would I display the actual db fields in the
> textboxes?

Perhaps you mean this:

<input type="text" name="txtuser1" id="txtuser1" value=<?php echo
htmlspecialchars($a_variable_name); ?> />

Or this:

<input type="text" name="txtuser1" id="txtuser1" value=<?php echo
htmlspecialchars($an_array_name['user1']); ?> />

PHP is very picky: you must use the PHP syntax to write PHP code; you
cannot invent your own.

--
-- http://alvaro.es - Álvaro G. Vicario - Burgos, Spain
-- Mi sitio sobre programación web: http://borrame.com
-- Mi web de humor satinado: http://www.demogracia.com
--

Report message to a moderator

[Message index]

		display data from mysql db in text box?? By: PAkerly on Wed, 08 September 2010 19:12
		Re: display data from mysql db in text box?? By: The Natural Philosoph on Wed, 08 September 2010 20:04
		Re: display data from mysql db in text box?? By: PAkerly on Wed, 08 September 2010 20:20
		Re: display data from mysql db in text box?? By: The Natural Philosoph on Wed, 08 September 2010 20:32
		Re: display data from mysql db in text box?? By: rf on Wed, 08 September 2010 23:01
		Re: display data from mysql db in text box?? By: Michael Fesser on Wed, 08 September 2010 23:06
		Re: display data from mysql db in text box?? By: alvaro.NOSPAMTHANX on Thu, 09 September 2010 07:20
		Re: display data from mysql db in text box?? By: Ajayendra on Thu, 09 September 2010 12:18

Previous Topic:	Re: Php code for ajax encoding
Next Topic:	Re: get_object_vars ($this) and member visibility

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Fri Nov 22 11:06:07 GMT 2024

Total time taken to generate the page: 0.06027 seconds