Page 1 of 1
text input value from database
Posted: Wed Aug 05, 2009 3:04 pm
by gth759k
I'm trying to get a persons full name into a text input box when they wish to edit their name. Something like this:
Code: Select all
$sql = "SELECT * FROM users WHERE user_id='$_COOKIE[userid]'";
$result = mysql_query($sql) or die(mysql_error());
$data = mysql_fetch_array($result, MYSQL_ASSOC);
echo '<input type="text" name="fullname" value='."$data[full_name]".'>';
The problem is, it only displays the first word in the name. I tried using str_replace to replace the spaces with other characters like %20, +, and  , but it just literally echos those characters rather than the desired effect. Does anyone know a work around? Any help would be appreciated. Thanks.
Re: text input value from database
Posted: Wed Aug 05, 2009 3:14 pm
by William
I'm a bit confused why you have double quotes around the variable and not like:
Code: Select all
$sql = "SELECT * FROM users WHERE user_id='$_COOKIE[userid]'";
$result = mysql_query($sql) or die(mysql_error());
$data = mysql_fetch_array($result, MYSQL_ASSOC);
echo '<input type="text" name="fullname" value="'.$data['full_name'].'">';
Also, have you checked the database to make sure it actually contains the full name? The code looks fine to me. Check the HTML output of the form also, see if a character from the database is messing up the HTML rendering here too.
Also, you should cast $_COOKIE['user_id'] as an integer before checking it in the database as anyone can modify the cookie and use it to do
SQL injection.
Code: Select all
$sql = 'SELECT * FROM users WHERE user_id=' . (int) $_COOKIE['user_id'];
$result = mysql_query($sql) or die(mysql_error());
$data = mysql_fetch_array($result, MYSQL_ASSOC);
echo '<input type="text" name="fullname" value="' . $data['full_name'] . '">';
Something like that for instance.
Re: text input value from database
Posted: Wed Aug 05, 2009 3:18 pm
by gth759k
I figured it out.
Code: Select all
echo '<input type="text" name="fullname" value="'.$data['full_name'].'">';
should be
Code: Select all
echo '<input type="text" name="fullname" value="'."$data[full_name]".'">';
Re: text input value from database
Posted: Wed Aug 05, 2009 3:21 pm
by William
gth759k wrote:I figured it out.
Code: Select all
echo '<input type="text" name="fullname" value="'.$data['full_name'].'">';
should be
Code: Select all
echo '<input type="text" name="fullname" value="'."$data[full_name]".'">';
You don't need to have quotes around $data[full_name], you could do
Code: Select all
echo '<input type="text" name="fullname" value="'.$data[full_name].'">';
and it will work just fine. Also you should use ' around your array key values. By not specifying it as a string, PHP will check to see if a
constant is set, and if not it will throw an E_NOTICE and turn the constant into a string.
You should be doing $data['full_name'] instead.
Note: Although it has been proven in the past that using single quotes even on integers as an array index is faster, they are not required. Doing $data[0] is fine as it will treat the 0 as an integer and not as a constant.