0

this is my entire PHP code:

<?php if(empty($_POST['selid']))
        {echo "no value selected";  }
        else 
        {
            $con = mysql_connect("localhost","root","");
            if(mysql_select_db("cdcol", $con))
                {
                    $sql= "SELECT * FROM products where Id = '$_POST[selid]'";

                    if($result=mysql_query($sql))
                    {   

                        echo "<form name=\"updaterow\" method=\"post\" action=\"dbtest.php\">";
                        while($row = mysql_fetch_array($result))
                        { 
                        echo "Id :<input type=\"text\" name=\"ppId\" value=".$row['Id']." READONLY></input></br>";
                        echo "Name :<input type=\"text\" name=\"pName\" value=".$row['Name']."></input></br>";
                        echo "Description :<input type=\"text\" name=\"pDesc\" value=".$row['Description']."></input></br>";
                        echo "Unit Price :<input type=\"text\" name=\"pUP\" value=".$row['UnitPrice']."></input></br>";
                        echo "<input type=\"hidden\" name=\"mode\" value=\"Update\"/>";

                        }
                        echo "<input type=\"submit\" value=\"Update\">";
                        echo "</form>";
                    }
                    else {echo "Query ERROR";}
                }
        }
?>

PROBLEM here is, ....if the value i am getting from database using mysql_fetch_array($result) is like:(say Description is:) "my product"

then; in input box it shows only "my" the word(or digit) after "SPACE"(ie blank space) doesn't get displayed? can input box like above can display the data with two or more words(separated by blank spaces)?

Improve this question
1
  • use mysqli instead of mysql_connect. And templating system like FastTemplate Commented Mar 24, 2010 at 22:44

2 Answers 2

Reset to default
1 
echo "Unit Price :<input type=\"text\" name=\"pUP\" value=\"".$row['UnitPrice']."\"></input></br>";

You need to enclose value in quotes.

Improve this answer
1

The html parser has no way of knowing that <input value=abc def...> means value=abc def. It has to parse it as two attributes, the attribute value with the value abc and the attribute def without a value.

You have to enclose the value in quotes, e.g. <input value="abc def" ...>
You also have to encode " as &quot; within the value. Otherwise the html parser will get confused again, since it has no way of knowing that the second " in value="abc"def" is not a delimeter but part of the content. You can use htmspecialchars() for this.

e.g.

while($row = mysql_fetch_array($result))
{
  printf('
    Id :<input type="text" name="ppId" value="%s" READONLY></input><br>
    Name :<input type="text" name="pName" value="%s"></input><br>
    Description :<input type="text" name="pDesc" value="%s"></input><br>
    Unit Price :<input type="text" name="pUP" value="%s"></input><br>";
    <input type="hidden" name="mode" value="Update"/>',
    htmlspecialchars($row['Id']),
    htmlspecialchars($row['Name']),
    htmlspecialchars($row['Description']),
    htmlspecialchars($row['UnitPrice'])
  );
}
Improve this answer

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.