I'm a bit confused why you have double quotes around the variable and not like:
Code: Select all
$sql = "SELECT * FROM users WHERE user_id='$_COOKIE[userid]'";
$result = mysql_query($sql) or die(mysql_error());
$data = mysql_fetch_array($result, MYSQL_ASSOC);
echo '<input type="text" name="fullname" value="'.$data['full_name'].'">';
Also, have you checked the database to make sure it actually contains the full name? The code looks fine to me. Check the HTML output of the form also, see if a character from the database is messing up the HTML rendering here too.
Also, you should cast $_COOKIE['user_id'] as an integer before checking it in the database as anyone can modify the cookie and use it to do
SQL injection.
Code: Select all
$sql = 'SELECT * FROM users WHERE user_id=' . (int) $_COOKIE['user_id'];
$result = mysql_query($sql) or die(mysql_error());
$data = mysql_fetch_array($result, MYSQL_ASSOC);
echo '<input type="text" name="fullname" value="' . $data['full_name'] . '">';
Something like that for instance.