First I want to display all the data for the record, based on ID, on
the page
Here is what I am doing:
<?php
$txtid= $_POST[txtid];
$sql = "SELECT date, user1, user2, user3, role, id
FROM myuserdata
WHERE id= $txtid
ORDER BY id";
And so then I have text boxes on the page and I want to fill those in
based on the current ID
I tried to do this:
<input type="text" name="txtdate" id="txtdate" value=<?php echo
[date];?> />
<input type="text" name="txtuser1" id="txtuser1" value=<?php echo
[user1];?> />
this did not work. How would I display the actual db fields in the
textboxes?
/* add these bits */
$result=mysql_query($sql);
$date=mysql_result($result,'date',0);
$user1=mysql_result($result,'user1',0);
...etc.
Then
<input type="text" name="txtdate" id="txtdate" value=<?php echo
> $date;?> />
etc..
Added this:
<input type="text" name="txtdate" id="txtdate" value=<?php echo> >
$date; ?> />
and the other things...
$result=mysql_query($sql);
$date=mysql_result($result,'date',0);
$user1=mysql_result($result,'user1',0);
$user2=mysql_result($result,'user2',0);
and I get an error:
Parse error: syntax error, unexpected '>'
well that could be anywhere.
I am not convinced the select statement is properly formed either.
> Added this:
> <input type="text" name="txtdate" id="txtdate" value=<?php echo> >
> $date; ?> />
> and I get an error:
> Parse error: syntax error, unexpected '>'
When the parser says it has found an unexpeced > it's best to start looking
for a > where it shouldn't be. I see one after the word echo.
mysql_fetch_assoc() would be much more appropriate here, easier and more
efficient. Additionally some input validation will be needed in order to
prevent SQL injection.
Micha
You are (inadvertently) using an undefined constant. This should trigger
a notice. Try this instead:
<?php
error_reporting(E_ALL);
ini_set('display_errors', TRUE);
$txtid = isset($_POST['txtid']) ? $_POST['txtid'] : NULL;
>
> $sql = "SELECT date, user1, user2, user3, role, id
> FROM myuserdata
> WHERE id= $txtid
> ORDER BY id";
You are basically taking raw random input from an untrusted source,
injecting it into a SQL statement and running the resulting query
against your database server. It's not very different from publishing
your password in the front page :)
You don't say what DB library you are using but, in this case, you can
probably do something like this:
if( !is_null($txtid) ){
$sql = 'SELECT date, user1, user2, user3, role, id
FROM myuserdata
WHERE id=' . (int)$txtid;
// ...
}
Please note I've removed the ORDER BY statement: there's no point in
sorting a result set than can contain at most one row.
> And so then I have text boxes on the page and I want to fill those in
> based on the current ID
>
> I tried to do this:
>
> <input type="text" name="txtdate" id="txtdate" value=<?php echo
> [date];?> />
>
> <input type="text" name="txtuser1" id="txtuser1" value=<?php echo
> [user1];?> />
>
> this did not work. How would I display the actual db fields in the
> textboxes?
Perhaps you mean this:
<input type="text" name="txtuser1" id="txtuser1" value=<?php echo
htmlspecialchars($a_variable_name); ?> />
Or this:
<input type="text" name="txtuser1" id="txtuser1" value=<?php echo
htmlspecialchars($an_array_name['user1']); ?> />
PHP is very picky: you must use the PHP syntax to write PHP code; you
cannot invent your own.
--
-- http://alvaro.es - Álvaro G. Vicario - Burgos, Spain
-- Mi sitio sobre programación web: http://borrame.com
-- Mi web de humor satinado: http://www.demogracia.com
--
<!-- Code Below -->
$sql = "SELECT date, user1, user2, user3, role, id
FROM myuserdata
WHERE id= $txtid
ORDER BY id";
$result=mysql_query($sql);
$row=mysql_fetch_array($result);
<input type="text" name="txtdate id="txtdate" value="<?php echo
$row['date']?>" />
etc...
enjoy!!!!!!
Ajayendra Nath Tripathi
E-Mail- ajayendra...@gmail.com
web- http://www.ajspark.co.cc