Setting a value of input box with variable

I am trying to create a form to edit a record in the database

I did a query to get the information and it works fine to fill in the text boxes except when the word has spaces it’s only outputting the first word

if I echo the variable it prints the word with spaces. However once i try to make it the value of the text box it only appears as one word

Expected result:

inside the text box:
any text

Actual result:

inside the text box:
any

PHP Code:
[LEFT] 		 			[COLOR=#000000] [COLOR=#0000BB]$vendorID[/COLOR][COLOR=#007700]= [/COLOR][COLOR=#0000BB]$_GET[/COLOR][COLOR=#007700][[/COLOR][COLOR=#DD0000]'var1'[/COLOR][COLOR=#007700]];

[/COLOR][COLOR=#0000BB]$sql[/COLOR][COLOR=#007700]=[/COLOR][COLOR=#DD0000]“SELECT * FROM vendor
WHERE vendor_ref = ‘$vendorID’”[/COLOR][COLOR=#007700];

[/COLOR][COLOR=#0000BB]$qry [/COLOR][COLOR=#007700]= [/COLOR][COLOR=#0000BB]mysql_query[/COLOR]COLOR=#007700;

        if ([/COLOR][COLOR=#0000BB]mysql_num_rows[/COLOR][COLOR=#007700]([/COLOR][COLOR=#0000BB]$qry[/COLOR][COLOR=#007700]) > [/COLOR][COLOR=#0000BB]0[/COLOR][COLOR=#007700]) {
            while ([/COLOR][COLOR=#0000BB]$rs [/COLOR][COLOR=#007700]= [/COLOR][COLOR=#0000BB]mysql_fetch_assoc[/COLOR][COLOR=#007700]([/COLOR][COLOR=#0000BB]$qry[/COLOR][COLOR=#007700])) {
            
            [/COLOR][COLOR=#0000BB]$name[/COLOR][COLOR=#007700]= [/COLOR][COLOR=#0000BB]$rs[/COLOR][COLOR=#007700][[/COLOR][COLOR=#DD0000]'name'[/COLOR][COLOR=#007700]];
                echo [/COLOR][COLOR=#0000BB]$name[/COLOR][COLOR=#007700];

print[/COLOR][COLOR=#DD0000]’

                <title>Edit Vendor</title>
            
                <form method="POST" action="vendor_edit2.php">
                <table>
                <col span="1" align="right">
                
                <tr>
                <td><font color="blue">Company Name:</font></td>
                <td><input type="text" name="name" value='[/COLOR][COLOR=#007700].[/COLOR][COLOR=#0000BB]$name[/COLOR][COLOR=#007700].[/COLOR][COLOR=#DD0000]'></td>
                </tr>

}
} else {
echo ‘[/COLOR][COLOR=#0000BB]no result found[/COLOR][COLOR=#007700]’[/COLOR][COLOR=#0000BB];
}
[/COLOR] [/COLOR] [/LEFT]

So i don’t know if i’m writing the value part right… i’ve tried every possible way i could

THANKS
[URL=“http://forums.tizag.com/editpost.php?do=editpost&p=46451”]

A few mistakes in your code there.

  1. You always want to check user input. I can drop your database right from entering correct query in your given textbox, and that would be bad!
  2. You never want to output so much xhtml form within PHP, it’s slower that way. Better way is to drop out of PHP, output xhtml, and then come back into PHP.
  3. Please use the given [-php] [/-php] (without dashes) tags. :slight_smile:
  4. Please use proper xHTML format, as you have <table> and then you never end it using </table>. That’s not good. :frowning:
  5. The main problem:

This should actually work, but tell me, what does the line “echo $name;” print to the page? Are you sure you have “any text” in a row in a table?

I need to know a bit more to help you out… :slight_smile:

Thanks for the tips.

I’m fairly new to php so i’m trying to do the best I can…things work…but i never know if i’m doing it the right way. I’m not sure how to do what you are talking about here:

  1. You always want to check user input. I can drop your database right from entering correct query in your given textbox, and that would be bad!

But, I figured out how to fix it. Basically it was what you were talking about :

  1. You never want to output so much xhtml form within PHP, it’s slower that way. Better way is to drop out of PHP, output xhtml, and then come back into PHP.

I just kinda moved everything around to fit that and it worked.

value="<?php echo $name; ?>"

Sorry about the mistakes…and i didn’t have the end table because i was just trying to show part of the code.instead of the WHOLE thing…just forgot to add the </table>

thanks again

This means that I can inject a SQL query right into a textbox, and bad things can happen. (SQL injection - Wikipedia)

I guess, since it’s a vendor ID, you’d assume it to be a numeric value. So, you could do something like:


if ( is_numeric ( $_GET['var1'] ) )
{
...
}

And put some other checks, if necessary. Also, you would want to give variables appropriate names. :slight_smile:
Hope this helps. :slight_smile:

[QUOTE=kdd;2328954]
3) Please use the given [-php] [/-php] (without dashes) tags. :slight_smile:
[/QUOTE]

  1. Please use the [noparse][noparse][/noparse][/noparse] tags to display the proper tags to use :slight_smile:

:lol: Thanks. Been here for years, and I had no idea about that…