Populate Text Field with PHP variable

Question

I'm retaining values in form elements after a form submit. I've got it to work fine with a select box using the following:

<select name="BranchManager" class="formfield" id="BranchManager"onchange="document.forms[0].submit();SEinit();"><option value="">-- Select Manager --</option>
         <?php
            $area = $_POST['Area'];
            if ($area); {

               $BMquery = "SELECT DISTINCT Branch_Manager FROM Sales_Execs WHERE AREA = '$area' ".
               "ORDER BY Branch_Manager";

               $BMresult = mysql_query($BMquery);

               while($row = mysql_fetch_array($BMresult))
               {
                  echo "<option value=\"".$row['Branch_Manager']."\">".$row['Branch_Manager']."</option>\n  ";
               }
            }

        $branchmanager = $POST['BranchManager'];
        ?>

       <script type="text/javascript">
document.getElementById('BranchManager').value = <?php echo json_encode(trim($_POST['BranchManager']));?>;
</script>

Which works fine (apologies if it isn't the cleanest/most efficient code, I'm doing my best!) The next field is a text field that needs to be populated based off the Branch Managers name above. So I've used :

<input name="BranchNum" type="text" class="formfield" id="BranchNum" size="3" maxlength="3" />
                      <?php

                $bm = $_POST['BranchManager'];

                if ($bm); {

                $BNumquery = "SELECT DISTINCT BRANCH_NUM FROM Sales_Execs WHERE Branch_Manager = '$bm' ";

                $BNumresult = mysql_query($BNumquery);

                }

            $branchnum = $POST['BranchNum'];
            ?>

   <script type="text/javascript">
document.getElementById('BranchNum').value = <?php echo json_encode($BNumresult);?>;
</script>

Which isn't working... where am I going wrong here?

[SQL Injection](http://en.wikipedia.org/wiki/SQL_injection). [Read about it](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php). — PeeHaa, Aug 02 '12 at 16:46
@PeeHaa is right, you should stop using `mysql_` functions and start using either MySQLi or PDO. — Nir Alfasi, Aug 02 '12 at 16:47
Please, don't use `mysql_*` functions for new code. They are no longer maintained and the community has begun the [deprecation process](http://goo.gl/KJveJ). See the [**red box**](http://goo.gl/GPmFd)? Instead you should learn about [prepared statements](http://goo.gl/vn8zQ) and use either [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli). If you can't decide, [this article](http://goo.gl/3gqF9) will help to choose. If you care to learn, [here is a good PDO tutorial](http://goo.gl/vFWnC). — PeeHaa, Aug 02 '12 at 16:48

score 0 · Answer 1 · answered Aug 02 '12 at 16:59

0

why are you having semicolons after if condition checks?

if ($bm);

if ($area);

This will always terminate the statement and whatever is in the curly braces will always get executed irrespective of the value in $bm or $area

answered Aug 02 '12 at 16:59

raidenace

12,789
1
32
35

score 0 · Answer 2 · answered Aug 02 '12 at 21:51

0

You need mydql_fetch functions to retrive data from $result.

if($row = mysql_fetch_array($BNumresult))
    $branchNum = $row[BRANCH_NUM];

why are you using json_encode when your input tag has size = 3?

answered Aug 02 '12 at 21:51

Ali Sed

111
1
6

score -1 · Answer 3 · answered Aug 02 '12 at 16:46

-1

You need to put value="<? echo $variableName; ?>" inside the input field

answered Aug 02 '12 at 16:46

Rick Kukiela

1,135
1
15
34

Why would you put the value into a json encoded string and then have javascript fill the form field? Why not just fill the form field directly from php as per my answer? – Rick Kukiela Aug 02 '12 at 16:47

wanovak · Answer 4 · 2012-08-02T16:55:52.853

-1

The reason is because a) you're not echoing, and b) you must echo in a different spot than in a select. You must echo in the value portion of the input.

<?php
    $bm = mysql_real_escape_string($_POST['BranchManager']);
    if ($bm) {
        $BNumquery = "SELECT DISTINCT BRANCH_NUM FROM Sales_Execs WHERE Branch_Manager = '$bm' ";
        $BNumresult = mysql_query($BNumquery);
    }
    $branchnum = $POST['BranchNum'];
?>
<input name="BranchNum" 
    type="text" 
    class="formfield" 
    id="BranchNum" 
    size="3" 
    maxlength="3" 
    value="<?php echo htmlspecialchars($branchnum); ?>" />

As per the comments, they are correct; you should not be using mysql_*. Instead, look at PDO; though this is outside the scope of your question.

edited Aug 02 '12 at 16:55

answered Aug 02 '12 at 16:47

wanovak

6,117
25
32

4

Still has SQL injection vulnerability -1 – PeeHaa Aug 02 '12 at 16:48
Stop using `mysql_*` functions. They're being deprecated. Instead use [PDO](http://php.net/manual/en/book.pdo.php) (supported as of PHP 5.1) or [mysqli](http://php.net/manual/en/book.mysqli.php) (supported as of PHP 4.1). If you're not sure which one to use, [read this SO article](http://stackoverflow.com/questions/13569/mysqli-or-pdo-what-are-the-pros-and-cons). – Matt Aug 02 '12 at 16:48
What on earth are you down voting me for? OP asked a question, I answered it. I'm not going to preach best practices to deaf ears. – wanovak Aug 02 '12 at 16:49
And please just use `htmlspecialchars()`. – PeeHaa Aug 02 '12 at 16:51
1

Peehaa, be that as it may, the question here is not regarding security of his code, its about why a specific thing is not working. Just because we, as answers choose to only address the issue at hand does not make it a valid reason to downvote. You are welcome to your two cents, but dont downvote others for giving perfectly valid answers to the actual question. – Rick Kukiela Aug 02 '12 at 16:51
4

SO is not only for OP, but also for other people viewing this and may think "Hey look at that, just what I needed". And boom now you have two vulnerable websites. Besides I like to give out downvotes for my own reasons and not for reason you may have thought up. – PeeHaa Aug 02 '12 at 16:52
2

Okay, I've edited the answer. I see your point, PeeHaa, but this is bad coding none-the-less. Trying to fix all of the issues is far outside the scope of this question. – wanovak Aug 02 '12 at 16:54
I won't remove my downvote since your answer is not correct: the PHP runs on the server-side and this second input depends on the selection of the first `dropdown` which is done on the client-side. The OP needs to either use AJAX of to submit the first dropdown and refresh the page with the result. – Nir Alfasi Aug 02 '12 at 16:57
@alfasin How do you know the form isn't being submitted first? – wanovak Aug 02 '12 at 16:58
Errrm thanks guys, I'll give that a try... as for all the issues no doubt there are many... however I am not a trained programmer or anything such thing, and am simply trying to get a solution to my problem sorted. Thanks again, especially to Wanovak and Sublyme Rick – Chris Spalton Aug 02 '12 at 17:02
@ChrisSpalton of course it will not work, read the explanation I gave in my previous comment. – Nir Alfasi Aug 02 '12 at 17:14
is it because of this line here? $branchnum = $POST['BranchNum']; the variable will be empty as there's no value in The 'BranchNum' textbox. Can I use $BNumresult? – Chris Spalton Aug 02 '12 at 17:15
It should be `$_POST['BranchNum']` – wanovak Aug 02 '12 at 17:23
@alfasin Yeah I thought that that would be a better way, but I had trouble with that as well I put a previous question regarding how to do that yesterday, but couldn't work it out. I seemed to have annoyed a bunch of you by asking questions, for which I'm sorry, I honestly don't know what I'm doing, yesterday was the first time I'd ever even looked at Ajax etc and simply couldn't understand how to get it to work. As I said, I'm a total noob, with barely any development knowledge, just trying to do my best against a deadline, apologies again. – Chris Spalton Aug 02 '12 at 17:35
@ChrisSpalton you're not annoying anyone, the people that are telling you to not use `mysql_*` functions say that only to help you prevent sql-injections (and also to educate anyone that runs into your question in the future). What you want to do is dynamically update an `input` field of `type=text` according to the user-selection of a `dropdown` menu. This can be done with JS, checkout an answer I gave a few weeks ago to someone who asked a [*similar question*](http://stackoverflow.com/a/11438256/1057429) (make sure to read the comments too). Hope it helps. – Nir Alfasi Aug 02 '12 at 18:16

Populate Text Field with PHP variable

4 Answers4