10

I retrieve three pieces of information from the database, one integer, one string, and one date.

I echo them out to verify the variables contain the data.

When I then use the variables to populate three input boxes on the page, they do not populate correctly.

The following do not work:

id: <input type="text" name="idtest" value=$idtest>

Yes, the variable must be inside <?php var ?> for it to be visible.

So:

id: <input type="text" name="idtest" value=<?php $idtest ?> />

The field displays /.

When I escape the quotes,

id: <input type="text" name="idtest" value=\"<?php $idtest ?>\"  />

the field then displays \"\".

With single quotes

id: <input type="text" name="idtest" value='<?php $idtest ?>'  />

the field displays nothing or blank.

With single quotes escaped,

id: <input type="text" name="idtest" value=\'<?php $name ?>\'  />

the field displays \'\'.

With a forward slash (I know that's not correct, but to eliminate it from the discussion),

id: <input type="text" name="idtest" value=/"<?php $name ?>/"  />

the field displays /"/".

Double quotes, escape double quotes, escape double quotes on left side only, etc. do not work.

I can set an input box to a string. I have not tried using a session variable as I prefer to avoid do that.

What am I missing here?

Improve this question
1
  • use echo or short tags <?=$variablename?> Commented Oct 12, 2016 at 20:06

6 Answers 6

Reset to default
38

Try something like this:

<input type="text" name="idtest" value="<?= htmlspecialchars($name); ?>" />

It is very important to always use htmlspecialchars() to prevent errors and XSS.

Note that I used <?= short echo tag which is recommended for such usage.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Would it not be better to use htmlspecialchars instead in this context?
@thirtydot htmlentities converts all the characters that htmlspecialchars does and then some
Thank you all for the above and below. All three examples "echo, htmlentities, htmlspecialchar" work(had to try all to see how they operate). Your discussion displays my lack of knowledge in this area. Applications on Windows is one world (VB, SQL server, C, etc), but web applications cover a whole new slew of syntax issues/protocols. I no longer work in that world and am playing with this just for fun. I have much to learn. Thank you again from a newbie(all over again).
You saved me man thanks a lot. I wish i could give more votes. Thank you @icktoofay
6

You need, for example:

<input type="text" name="idtest" value="<?php echo htmlspecialchars($idtest); ?>" />

The echo function is what actually outputs the value of the variable.

Improve this answer

3 Comments

Technically echo is a statement, not a function.
You are of course correct, but it didn't seem important to make the distinction for this question.
Infact , its a language construct :D, Of course thats not the point ;)
3

Solution

You are missing an echo. Each time that you want to show the value of a variable to HTML you need to echo it.

<input type="text" name="idtest" value="<?php echo $idtest; ?>" >

Note: Depending on the value, your echo is the function you use to escape it like htmlspecialchars.

Improve this answer

Comments

1

From the HTML point of view everything's been said, but to correct the PHP-side approach a little and taking thirtydot's and icktoofay's advice into account:

<?php echo '<input type="text" name="idtest" value="' . htmlspecialchars($idtest) . '">'; ?>
Improve this answer

Comments

-1

If you want to read any created function, this how we do it:

<input type="button" value="sports" onClick="window.open('<?php sports();?>', '_self');">
Improve this answer

Comments

-3

I have been doing PHP for my project, and I can say that the following code works for me. You should try it.

echo '<input type = "text" value = '.$idtest.'>';
Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.