-3

I have now got my database pulling up the results however it pulls them up on the PHP script page (test.php). I would like to display the results on the form page in form box named 'DOB' and 'email'.

form page:

<form id="form_53" name="login" action="test.php">

<input type="text" name="username">

<input type="text" name="DOB">

<input type="text" name="email">

<input type="submit" style="position:absolute;>
</form>

PHP:

<?php 

$host=""; // Host name 
$username=""; // Mysql username 
$password=""; // Mysql password 
$db_name=""; // Database name 
$tbl_name=""; // Table name  

mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

 $username = $_POST['username'];
  echo '</br>';
 $query = mysql_query("SELECT * FROM `members` WHERE `username`='$username'");

while($result = mysql_fetch_array($query)) {
//display
echo $result['DOB']; //I want this displayed on the 'DOB' form box
echo $result['email']; //I want this displayed on the 'email' form box
}
?>
Luke Ham
  • 17
  • 1
  • 5
  • Just a tip you shouldn't be using mysql_ functions because they are not supported, and also that code is very open to mysql injections. – Lemon Drop Apr 30 '13 at 00:17
  • how do I fix this, sorry I am new to PHP – Luke Ham Apr 30 '13 at 00:18
  • Using an engine such as PDO will eliminate the possiblity of mysql injections and it is still supported. You can read more here: http://stackoverflow.com/questions/60174/how-to-prevent-sql-injection-in-php – Lemon Drop Apr 30 '13 at 00:20
  • right..if I do not do this what will happen. Its not important data that will be held on the DB – Luke Ham Apr 30 '13 at 00:25
  • But if someone did want to cause trouble, they could delete your entire database system and break your site. There are also other complex things you can do with shellcode to actually hurt the server itself but I dont know of any examples. – Lemon Drop Apr 30 '13 at 00:27
  • is there an online convertor or something. I have no idea were to start! – Luke Ham Apr 30 '13 at 00:42
  • @LukeHam You don't need a converter, you just need to read about SQL injection attacks and how to avoid them. – doppelgreener Apr 30 '13 at 01:02

2 Answers2

2

You can set it in the value attribute of a form element. For example:

<input type="text" name="DOB" value="<?php echo $result['DOB']; ?>" />
Josh Austin
  • 740
  • 3
  • 14
1

You can use an AJAX call with jQuery. I would modify the PHP file to echo in JSON format so that the response can be easily parsed. This makes it so that you don't have to refresh the page.

Edited PHP (replace echo statements):

echo json_encode( array($result['DOB'], $result['email']) );

Form page JavaScript:

$("#form_53").submit(function() {
    var un = $("input[name=username]").val();
    $.post("test.php", { username: un }, function(data) {
        data = JSON.decode(data);
        $("input[name=DOB]").val(data[0]);
        $("input[name=email]").val(data[1]);
    }
    return false;
}
Alfred Xing
  • 4,406
  • 2
  • 23
  • 34