tags:

views:

39

answers:

3

Hi,

I am having one form. I am submitting the values to database of table test fields something .I want to fetch those existing values to text field so that I can edit and update again.

I am using below code but I am not getting valid output.

Can anyone help thanks in advance.

//these values iam passing from one form
$bre=$_POST['bf'];
$bres=$_POST['bs'];
$bree=$_POST['be'];
$lun=$_POST['lu'];
$luns=$_POST['ls'];
$lune=$_POST['le'];
$dinn=$_POST['din'];
$dins=$_POST['sd'];
$dine=$_POST['se'];

echo $bre;
echo $bres;
echo $bree;
echo $lun;
echo $luns;
echo $lune;
echo $dinn;
echo $dins;
echo $dine;


echo "<table width=791 border=1><tr><td width=243>Breakfast<input type=text name=bfh value= $bre></td>
<td width=239>Stat Time<input type=hidden name=bsh value=$bres/>
        </td>
    <td width=244>
      End Time
        <input type=text name=beh value=$bree />
          </td>
  </tr>
  <tr>
    <td>
      Lunch
        <input type=hidden name=luh value=$lun />
          </td>
    <td>Stat Time

      <input type=hidden name=lsh value=$luns/>
      </td>
    <td>End Time

      <input type=hidden name=leh value=$lune/>
      </td>
  </tr>
  <tr>
    <td>Dinner
      <input type=hidden name=dinh value=$dinn/></td>
    <td>Stat Time
      <input type=hidden name=sdh value=$dins/></td>
    <td>End Time
      <input type=hidden name=seh value=$dine/></td>
  </tr>

</table>";
+1  A: 

You did not escape your input properly. Use the function htmlentities on every variable that is displayed on the HTML page. Otherwise you might get invalid text (as you’ve noticed) or worse, a big security hole, because a malicious user can enter arbitrary HTML/JavaScript combinations that will be included in your HTML.

Konrad Rudolph
+1  A: 

You're missing quotes around the values of the attributes on the input-elements.

I would recommend using a html validator to find such issues.

You can also print out each variable initially with

print_r($_REQUEST);

to be sure they enter the script ok.

Fredrik
A: 
 <input type=text name=beh value=$bree />

also this would be better like this

<input type='text' name='beh' value='{$bree}' />

you have to put ' or " for each HTML attributes, and putting php replaces between {} would help you to see what is replaced PHP and would help if you access a variable in an object i.e. {$foobar->bar}

also like noted on other answer you have to use htmlentities the HTML is escaped properly.

Also your input are inside a <form> tag ? your table should be around a tag like that

<form method="POST">

RageZ