How to auto fill HTML form using PHP and MySQL?

Question

I'm a beginner in coding and wanted to do a form in html that would be connected to MySQL. After that, I wanted to be able to fill the form automatically. What I mean is that for instance if I enter the code, I want the username and the password connected to the code in MySQL fill the form automatically. My html code and php code are in separate files. Right now I use:

<FORM name="form" method="post" action="code.php">

To connect php file with the html file. I use submit button to send the data to MySQL. I have considered a button to fill the data but haven't tested it yet. I also figured out how to fetch data from MySQL:

<?php

//init
$server = 'localhost';
$user = 'root';
$db = 'database';

$con = mysqli_connect($server, $user);

if(!$con) {
    die('Could not connect: ' . mysqli_error());
}

mysqli_select_db($con, $db);

$query = "SELECT * FROM TEST";
$retval = mysqli_query($con, $query);

if(!retval) {
    echo ' Error: Data input failed!' . mysqli_error($con);
}

while($row = mysqli_fetch_array($retval, MYSQLI_ASSOC)) {
    echo "User : {$row['Username']}  <br> ".
         "Code : {$row['Code']} <br> ".
         "Password : {$row['Password']} <br> ";
}

mysqli_close($con);
?>

However, I have no idea how to connect the fetched data to html form. If you have any ideas, feel free to share them with me.

--- CODE.PHP ---
<?php

//init
$server= 'localhost';
$user = 'root';
$db = 'database';

//input 
$username = $_POST['username'];
$code = $_POST['code'];                               
$password = $_POST['password'];

$con = mysqli_connect($server, $user);

if(!$con) {
    echo 'No connection!';
}

if(!mysqli_select_db($con, $db)) {
    echo ' No database!';
}
$query = "INSERT INTO TEST (Username, Code, Password) VALUES ('$username', '$code', '$password')";

if(!mysqli_query($con, $query)) {
    echo ' Error: Data input failed! ' . mysqli_error($con);
} else {
    echo ' Data input successful!';
}
?>

where is the form? Is it in another PHP page? And when exactly do you want it to auto-fill the values? Do you mean restoring the values to the page after an incorrect login, so the user can try again? In that case I would maybe autofill the username but never the password — ADyson, Jul 12 '17 at 13:49
How do you identify which username and password if for which user before login? — urfusion, Jul 12 '17 at 13:49
This obviously does not work `$con = mysqli_connect($server, $user);` — RiggsFolly, Jul 12 '17 at 13:51
@Bernhard Basically, what I've done is create a php that fetches the data. But don't know how to send the data to fill the forms. — Sassux, Jul 12 '17 at 13:52
Always start by [Reading the Manual](http://php.net/manual/en/tutorial.forms.php) And some [tutorials](http://myphpform.com/) **Thats why people spent hours of their time writing it** — RiggsFolly, Jul 12 '17 at 13:53
@ADyson The html form is on another file. Its too long for me to post it on here. It's just basic inputs and names. I was thinking to auto-fill the values after the code is typed..like 0000 or something, but I guess you're right about the password. — Sassux, Jul 12 '17 at 13:56
@urfusion The username and password are linked to a specific code in the mysql database. — Sassux, Jul 12 '17 at 13:57
@RiggsFolly Totally agree with you, but most of the tutorials I've checked use jQuery and Ajax which I don't know nothing about. It took me about a week just to get the point I am now. — Sassux, Jul 12 '17 at 13:59
**WARNING**: When using `mysqli` you should be using [parameterized queries](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and [`bind_param`](http://php.net/manual/en/mysqli-stmt.bind-param.php) to add user data to your query. **DO NOT** use string interpolation or concatenation to accomplish this because you have created a severe [SQL injection bug](http://bobby-tables.com/). **NEVER** put `$_POST`, `$_GET` or **any** user data directly into a query, it can be very harmful if someone seeks to exploit your mistake. — tadman, Jul 12 '17 at 14:03
Try storing your variables in `$_SESSION[' ']` like in @WhiteHox answer. — Oke Tega, Jul 12 '17 at 14:12
**Never store plain text passwords!** Please use ***PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html)*** to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). ***It is not necessary to [escape passwords](http://stackoverflow.com/q/36628418/1011527)*** or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. — Jay Blanchard, Jul 12 '17 at 14:18

codebarz · Answer 1 · 2017-07-12T14:14:37.097

You can echo the form and its variable in the while loop used to fetch from database

EDIT

<?php
....

while($row = mysqli_fetch_array($retval, MYSQLI_ASSOC)) {

//echo "User : {$row['Username']}  <br> ".
     //"Code : {$row['Code']} <br> ".
     //"Password : {$row['Password']} <br> ";

//Probably better this way

$name = $row['Username'];
$code = $row['code'];
$password = $row['password'];

echo '<form action="" method="post">
      <input type="text" name="yourname" value="'.$name.'"<br>
     <input type="text" name="yourname" value="'.$code.'"<br> 
     <input type="text" name="yourname" value="'.$password.'"<br> 
</form>';
}

....
?>

if your are trying to access each variable on another file you store them in a $_SESSION and session_start() in the form file. This is depend on how you site workflow is.

<?php
....

while($row = mysqli_fetch_array($retval, MYSQLI_ASSOC)) {

//echo "User : {$row['Username']}  <br> ".
     //"Code : {$row['Code']} <br> ".
     //"Password : {$row['Password']} <br> ";

//Probably better this way

$name = $row['Username'];
$code = $row['code'];
$password = $row['password'];

$_SESSION['password'] = $password;
$_SESSION['code'] = $code;
$_SESSION['Username'] = $Username;

}

....
?>

Your form file

<?php 
//Start session at the top of page
session_start();

$password = $_SESSION['password'];
$code = $_SESSION['code'];
$Username =  $_SESSION['Username'];

 echo '<form action="" method="post">
      <input type="text" name="yourname" value="'.$Username.'"<br>
     <input type="text" name="yourname" value="'.$code.'"<br> 
     <input type="text" name="yourname" value="'.$password.'"<br> 
</form>';
?>

Your quotes surrounding the values should be swapped. You currently have syntax-errors. — Qirel, Jul 12 '17 at 13:58
Still not properly, no - there's still a syntax error. You're still not concating them. Have a look at the manual: http://php.net/manual/en/language.operators.string.php - You should escape it like `value=\"$name\"
`, or use single-quotes like you do everywhere else, `value='$name'
` — Qirel, Jul 12 '17 at 14:01
@WhiteHox Thanks a lot. The inputs worked in html. The data is nicely shown in the php file. However, the data won't go over to the html file from php. I've tried to put the session variable in the input itself `` but it seems to just print out the value itself but not the username. I `` at the top of the html file and entered data as shown in "Your form file". — Sassux, Jul 13 '17 at 08:33
Sorry. Try Make a switch with your session variables make `$password = $_SESSION['password'];` the other way round `$_SESSION['password'] = $password. ` — codebarz, Jul 14 '17 at 09:47

How to auto fill HTML form using PHP and MySQL?

1 Answers1