populating a text area/field with existing data

Question

I have a page to edit user information, and I wish to show the current information and allow it for editing, to avoid overwriting existing information.

At the moment, I am fetching the data and displaying it in a text area like so:

$usernameQuery = "select username, firstname from USERS where username = '" . $con->escape_string($username) . "'";     

$xblah = $con->query($usernameQuery);
  while ($row = mysqli_fetch_assoc($xblah))
  {
    $checkUsername = $row['username'];
    $checkFirstName = $row['firstname'];
   }


echo "<form name=\"userForm\">
<h1>Editing information for: ".$username."</h1>
<p>
First name:
<textarea rows=\"1\" id=\"firstname\">".$checkFirstName."</textarea>
<br />
</form>"

This text area does not display correctly in firefox, due to a bug of displaying two rows when one is specified. Is there any way to do the same thing with input type=text?

Also, at present, the contents of firstname in the database is john for my testrecord, but var_dump($checkFirstName) shows just s. What must I do to get the actual contents of the field?

Answer 1

Use the 'value' attribute of the input tag.

First name: <input type=\"text\" name=\"name\" value=\"$checkFirstName\"/><br />

Answer 2

If you use the input type=text input, anything you put in the value attribute will be shown by default.

echo '<input type="text" value="' . $checkFirstName . '">';

Of course, you'll want to make sure you do some sanitation on $checkFirstName before outputting it into that field, just in case.

As for getting the values of your field, trying var_dumping $row before your while loop, and see if you can figure out what's going wrong with that. If it doesn't show anything helpful, maybe var_dump inside your while loop with a nice < hr > in between each iteration? This should give you a full view of exactly what is being returned in its entirety from your query. Also, if var_dump is a bit too much information for you, check out:

print_r($var)

print_r documentation

Answer 3

Is there any way to do the same thing with input type=text?

<input type="text" name="firstname" value="<?= $checkFirstName ?>" />

As for your other issue, is there another user that has a first name of 's', but also has the same username as the user with the first name of 'john'? The reason I'm saying this is that you use a while loop to fetch your data, so if there are multiple matches, you are going to be left with the last row that matched your query.

Possible ways to resolve this issue include not using a while loop (which implies that you want to fetch/process multiple rows of data) and making sure that all usernames are unique.

Other than that, I don't see why the value fetched from 'firstname' wouldn't match what is in the database.

Answer 4

textareas are meant to display multiline text with linebreaks. user- and first names are usually not meant to contain those, so better use the input element

<?php
    echo '<input type="text" name="name" value="' . htmlentities($checkFirstName) . '">';
?>

don't forget about htmlentities or htmlspecialchars (depends on the encoding - if your encoding is unicode, htmlspecialchars should be sufficient, otherwise its htmlentities). don't use htmlentities just for form fields, but whenever you print user-provided data. otherwise someone could inject xss (cross site scripting) attacks or at least generate faulty html by providing an username like

<script type="text/javascript">execute_evil_code();</script>

as for displaying only one char instead of a full string: normally, this happens if you think you're working with an array and instead have a string. use var_dump($variable); to see the type of your variables.

also, as htw said, check if $username really is unique and you're getting the right row. run the resulting query (echo $usernameQuery;) in phpmyadmin (or whatever tool you're using). if more than one line is returned, your username's not unique (probably a bug in itself) and the row you get is nor the first, but the last one. it's strange, because 's' is not part of "john", so maybe the mysql result set is something completely different. debug at a higher level, and var_dump the whole $row.