(NEW)I've used some of the suggested noted below, and in going through my code I noticed a couple other serious things that need to be fixed. I've decided to correct all and revisit this post if I need to in the future.
(OLD)I set the values of my html form to fill with text that I am calling from a database. That works. I also have PHP in the form to POST form values to my database. That works when the form values aren't set. What am I missing to connect the two? I want the form to be prefilled, and it's like they are not talking to each other because when I test to see if the form is empty, it doesn't recognize the fields.
My form:
<form action="user-profile-test.php" method="post">
<p>First Name: <br><input type="text" name="first_name" size="15" maxlength="20" value="<?=$user['first_name']?><?php if (isset($_POST['first_name'])) echo $_POST['first_name']; ?>" /></p>
<p><input type="submit" name="submit" value="Submit" /></p>
</form>
The PHP $user query:
$user = $con->query("SELECT * FROM users WHERE user_id = {$_SESSION['user_id']}")->fetch_assoc();
If your value=""
attribute is present then the $_POST
will send it to your script so it is good practice to apply some validation to the form either prior to submission or on submission to the PHP script ( user-profile-test.php
)
Option 1
User a library such as JQuery Validatation ( http://jqueryvalidation.org/ ) to intercept the submission of the form and feedback to the user if a value is empty and is required to be completed.
Option 2
IN the user-profile-test.php
check to see if the post variable $_POST['first_name]
is empty and if so return an error.
Lastly with regard to the database value I would use the following in the input
attribute value
.
<?php if(isset($user['first_name'])) { echo $user['first_name']; } ?>
It's always a good practice to sanitize data before inserting on a web page (and before any output has been echoed).
<?php
if ( isset( $_POST['first_name'] ) ) // Check if first_name was posted from a form
$first_name = htmlentities( $_POST['first_name'] );
elseif ( isset( $user ) && isset( $user['first_name'] ) ) // Otherwise, take it from the database
$first_name = htmlentities( $user['first_name'] );
else // If none of the above, leave it as an empty string so PHP won't complain
$first_name = '';
?>
<form action="user-profile-test.php" method="post">
First name: <br />
<input type="text" name="first_name" value="<?php echo $first_name; ?>" /><!-- Here PHP won't complain, since $first_name is already defined -->
<br />
<br />
<input type="submit" name="submit_button" value="Submit your data" />
</form>
Now, why htmlentities()
? This way, if you enter a weird character (like an >
), it will be encoded with an equivalent that won't break your HTML.
Also note that I checked first if $user
exists before checking if $user['first_name']
exists. If you do this: isset( $user['first_name'] )
with an inexistent $user
, PHP will give you an error.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.