0

I am trying to echo the fetched values from database .But its showing an undefined variable issue in the input

here is my php code 

<?php 

      if(isset($_POST['load']))
      { 
       $bno= $_POST['select'];
       $con =  mysqli_connect("localhost","root","","db_bus") or die("connection failed".mysql_connect_error());
                    $query = "select * from bus_master where b_no = '$bno' ";

                    $result = mysqli_query($con, $query);

                  $row = mysqli_fetch_array($result);

                        if(!$row)
                        {
                           echo 'There is no such entry for  :  '. $bno  ;

                        }

                            $id =  $row['b_id'] ;
                            $name = $row['b_name']; 
                            $no =  $row['b_no'] ;
                            $type =   $row['b_type'];
                            $sorce =  $row['b_ss'];
                            $dest =  $row['b_ds'];
                            $dep =  $row['b_dt'] ;
                            $reach = $row['b_rt'];   


                            mysqli_close($con);

} 

      ?>

here is my html code

  <div >
      <label >Bus id :</label>
      <input  type="text" name="b_id" value="<?php echo $bid?>" placeholder="Enter bus id" required>

              <br>
              <button   name="btn_add" style="width: 260px"> Add</button>
          </div>

Shubh Sharma
  • 11
  • 2
  • Are you using any CMS or Framework ? IF you deal with core PHP, then you should use array...Something like below while ($row = mysql_fetch_assoc($result)) { echo $row['firstname']; echo $row['lastname']; echo $row['address']; echo $row['age']; } – Vishal Ghantala Aug 01 '17 at 11:44
  • Your code is vulnerable to [**SQL injection**](https://en.wikipedia.org/wiki/SQL_injection) attacks. You should use prepared statements with bound parameters, via either the [**mysqli**](https://secure.php.net/manual/en/mysqli.prepare.php) or [**PDO**](https://secure.php.net/manual/en/pdo.prepared-statements.php) drivers. [**This post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) has some good examples. – Alex Howansky Aug 01 '17 at 14:06

0 Answers0