current community

your communities

more stack exchange communities

company blog
Stack Exchange Inbox Reputation and Badges
tour help
Join the Stack Overflow Community
Stack Overflow is a community of 6.4 million programmers, just like you, helping each other.
Join them; it only takes a minute:
Sign up
up vote 4 down vote favorite
1

I retrieve three pieces of information from the database, one integer, one string, and one date.

I echo them out to verify the variables contain the data.

When I then use the variables to populate three input boxes on the page, they do not populate correctly.

The following do not work:

id: <input type="text" name="idtest" value=$idtest>

Yes, the variable must be inside <?php var ?> for it to be visible.

So:

id: <input type="text" name="idtest" value=<?php $idtest ?> />

The field displays /.

When I escape the quotes,

id: <input type="text" name="idtest" value=\"<?php $idtest ?>\"  />

the field then displays \"\".

With single quotes

id: <input type="text" name="idtest" value='<?php $idtest ?>'  />

the field displays nothing or blank.

With single quotes escaped,

id: <input type="text" name="idtest" value=\'<?php $name ?>\'  />

the field displays \'\'.

With a forward slash (I know that's not correct, but to eliminate it from the discussion),

id: <input type="text" name="idtest" value=/"<?php $name ?>/"  />

the field displays /"/".

Double quotes, escape double quotes, escape double quotes on left side only, etc. do not work.

I can set an input box to a string. I have not tried using a session variable as I prefer to avoid do that.

What am I missing here?

share|improve this question
    
use echo or short tags <?=$variablename?> – Feeda Oct 12 at 20:06
up vote 25 down vote

Try something like this:

<input type="text" name="idtest" value="<?php echo htmlspecialchars($name); ?>" />

That is, the same as what thirtydot suggested, except preventing XSS attacks as well.

You could also use the <?= syntax (see the note), although that might not work on all servers. (It's enabled by a configuration option.)

share|improve this answer
1  
Would it not be better to use htmlspecialchars instead in this context? – thirtydot Dec 15 '10 at 4:54
    
@thirtydot: You're probably right. I'll change it. – icktoofay Dec 15 '10 at 5:02
    
@thirtydot htmlentities converts all the characters that htmlspecialchars does and then some – Phil Dec 15 '10 at 5:02
    
+1 for thinking about XSS – thirtydot Dec 15 '10 at 5:03
1  
@Phil Brown: Yes, so htmlentities needlessly converts a bunch of characters which are irrelevant to preventing XSS. It doesn't really matter - I just felt like pointing out something pedantic like the "echo is a statement" comment :) – thirtydot Dec 15 '10 at 5:08
up vote 5 down vote

You need, for example:

<input type="text" name="idtest" value="<?php echo $idtest; ?>" />

The echo function is what actually outputs the value of the variable.

share|improve this answer
2  
Technically echo is a statement, not a function. – icktoofay Dec 15 '10 at 4:45
2  
You are of course correct, but it didn't seem important to make the distinction for this question. – thirtydot Dec 15 '10 at 4:50
    
Infact , its a language construct :D, Of course thats not the point ;) – Feeda Oct 12 at 20:08
up vote 1 down vote

From the HTML point of view everything's been said, but to correct the PHP-side approach a little and taking thirtydot's and icktoofay's advice into account:

<?php echo '<input type="text" name="idtest" value="' . htmlspecialchars($idtest) . '">'; ?>
share|improve this answer
up vote 1 down vote

Solution

You are missing an echo. Each time that you want to show the value of a variable to HTML you need to echo it.

<input type="text" name="idtest" value="<?php echo $idtest; ?>" >

Note: Depending on the value, your echo is the function you use to escape it like htmlspecialchars.

share|improve this answer
up vote 0 down vote

If you want to read any created function, this how we do it:

<input type="button" value="sports" onClick="window.open('<?php sports();?>', '_self');">
share|improve this answer
up vote -1 down vote

Echo is needed for it to be output:

<input class="form-control" type="text" name="user_keyword" value="<?php echo $dg; ?>">
share|improve this answer
up vote -2 down vote

I have been doing PHP for my project, and I can say that the following code works for me. You should try it.

echo '<input type = "text" value = '.$idtest.'>';
share|improve this answer
up vote -2 down vote

You can also try the following. It works for me.

echo <input size=1 class='form-control' type='text' value =" . $idtest . " >
echo <"input type='text' value=".$idtest.">
share|improve this answer

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.