Page 1 of 1

text into <textarea>

Posted: Wed Oct 13, 2004 7:45 am
by dizeta
hi,

i'm trying to extract the value of a field and print its into a textarea.
i have some articles into DB .

i extract the titles of the articles:

Code: Select all

<?php
include("dbconnect.php");

$query = "SELECT titolo_studio FROM studi ";
$result = mysql_query($query) or die(mysql_error());

while(list($data) = mysql_fetch_row($result)) {
echo "
    <a href="lista_campi.php?id_studio=$data">$data</a>
    
";
}
?>
i select one of them and i get the list of fields:

Code: Select all

<?php
$name = $_GET['id_studio'];

$connect = mysql_connect('localhost', 'root', '');

$fields = mysql_list_fields("glocal", "studi", $connect);
$column = mysql_num_fields($fields);

for ($i = 6; $i < $column; $i++) {
   
 $campo=mysql_field_name($fields, $i);

echo "<a href='change_dati.php?id_studio=$name&campo=$campo'>$campo<br />\n";
}
?>
last step, i select a field and i want to edit the value ( text) into a textarea,
but it doesn't work. i have textarea, but just a "<br />" inside.

Code: Select all

<?php
include("dbconnect.php");

$table = "studi";

$result = mysql_query("SELECT '" . $_REQUEST["campo"]  . "' FROM $table")or die(mysql_error());
  
for ($i=0; $i<mysql_num_rows($result); $i++)
 ?>
 <br><input type='text' name='<? echo "text".$i ?>' value='<? echo mysql_result($result,$i,$campo) ?>'>
what can i do?
thanks!

Posted: Wed Oct 13, 2004 9:01 am
by phpScott
do you mean something like this?

Code: Select all

<?php
include("dbconnect.php");

$table = "studi";

$result = mysql_query("SELECT '" . $_REQUEST["campo"]  . "' FROM $table")or die(mysql_error());
  
for ($i=0; $i<mysql_num_rows($result); $i++)
{
$data=mysql_result($result, $i);
$row.="<br /><input type="text" name="text$i" id="text$i" value="$data" />\n";
}
echo $row;
?>
phpScott

Posted: Wed Oct 13, 2004 9:14 am
by dizeta
hi, thanks for reply,

now it's better, in this way i get the names of the fields but i no need to edit that, but the record inside.
thanks

Posted: Wed Oct 13, 2004 9:37 am
by phpScott
what about

Code: Select all

<?php
while ($data = mysql_fetch_assoc($result)) {
$row.="<br /><input type="text" name="text$i" id="text$i" value="".$data[$_REQUEST["campo"]]."" />\n";   
}
echo $row;
?>
using the fetch_assoc we can use the db field name to access the data. so hopefully this will get you the data that is in the db field.

Posted: Wed Oct 13, 2004 9:51 am
by dizeta

Code: Select all

<?php
include("dbconnect.php");

$table = "studi";

$result = mysql_query("SELECT '" . $_REQUEST["campo"]  . "' FROM $table")or die(mysql_error());
  
while ($data = mysql_fetch_assoc($result)) {
$row.="<br /><input type="text" name="text$i" id="text$i" value="".$data[$_REQUEST["campo"]]."" />\n";   
}
echo $row;
?>
we have the same problem....i still have the name of the fields inside the textarea :(

Posted: Thu Oct 14, 2004 3:52 am
by twigletmac
Could you do:

Code: Select all

while ($data = mysql_fetch_assoc($result)) {
    echo '<pre>';
    print_r($data);
    echo '</pre>';
}
and tell us what the output is.

Also note that you're opening your database to all sorts of attacks if you don't check the data that the user is sending for the query, basically you need to use [php_man]mysql_escape_string()[/php_man] on $_REQUEST["campo"].

Mac

Posted: Thu Oct 14, 2004 4:38 am
by dizeta
this is the output:

Code: Select all

<?php
Array
(
    [titolo_studio] => titolo_studio
)

Array
(
    [titolo_studio] => titolo_studio
)

?>
twigletmac wrote:
Also note that you're opening your database to all sorts of attacks if you don't check the data that the user is sending for the query, basically you need to use [php_man]mysql_escape_string()[/php_man] on $_REQUEST["campo"].

Mac
ok, thanks but now what i want is to understand how the scripts works.

Posted: Thu Oct 14, 2004 5:53 am
by twigletmac
If you change:

Code: Select all

$result = mysql_query("SELECT '" . $_REQUEST["campo"]  . "' FROM $table")or die(mysql_error());
to

Code: Select all

$sql = "SELECT '" . $_REQUEST["campo"]  . "' FROM $table";
echo 'SQL statement: '.$sql;
$result = mysql_query($sql) or die(mysql_error());
what is the SQL statement?

Edit: think I just spotted your problem, basically your SQL looks like this:

Code: Select all

SELECT 'field_name' FROM table
Remove the single quotes from around the field name as these (the quotes) tell MySQL that you want to select a string not a field. Thus you don't get the results you expect.

Mac

Posted: Thu Oct 14, 2004 7:03 am
by dizeta
i solved!

Code: Select all

<?php
$table = "studi";

$result = mysql_query("SELECT " . $_REQUEST["campo"]  . " FROM $table WHERE id_studio = " . $_REQUEST["id_studio"]  . "")or die(mysql_error());
  
while ($data = mysql_fetch_assoc($result)) {

echo" <form method="POST" action="modifica.php">";
$row.="<br /><textarea name="text$i" id="text$i" cols="80" rows="20\> ".$data[$_REQUEST["campo"]]."</textarea>\n";

}

echo $row;

?>
first, i removed double quotes into query on " . $_REQUEST["campo"] . "

i've forgot to use clause WHERE id_studio = " . $_REQUEST["id_studio"] . "

the problem was there..

thanks!!! :)

Posted: Thu Oct 14, 2004 7:13 am
by kettle_drum
Please check variables before you put them into an sql query so people dont inject bad content.