Hi guys, I want to be able to use php values in my html forms. See below.. I have two php declarations, the first is called username and the value is contains is test. The second declaration is called pword and contains the value 12345. What I want to do is to be-able to use the above two declarations in the following POST form: <form name="form" method="post" action="contact_thanks.php"> <p class="bodymd">Your Name<br> <input type="text" name="Name"> </p> <p class="bodymd">Your Email<br> <input type="text" name="Email"> </p> <input type="submit" name="Submit" value="Submit" /> </p> </form> HTML: The php script and form are on the same page, and rather than the user having to type it out all over again I would rather the fields already be filled in. So if I can get the PHP values into the appropriate form text boxes that will save alot of time. So any ideas ? Thanks
Change like <input type="text" name="Name"> to <input type="text" name="Name" value="<?=$_POST['Name']?>"> and it'll print out the value of the post variable for you.
Remember to sanitize the data before displaying it though, otherwise you are wide open to attack. Try this: <input type="text" name="Name" value="<?php echo htmlentities( $_POST['Name'] ) ; ?> Code (markup): Brew
You're not really open to much because all you're doing is pushing it back into an input line, you're not letting it run any php code or inserting it into a database. If you really want to "sanitize" it, you would need to replace " with " (I think that's the double quote one), but nothing else is really even able to mess it up, but either way this is getting into a lot of work for something simple that isn't a risk.
That's true... Just got my safety hat on at the moment Brew [edit] Actually, if quotes are not escaped then this code would allow javascript to be inserted into the field
Better than forgetting it, those bricks can hurt Javascript being executed on someone's local machine that they put in doesn't do much good They could do it 100239875 other ways as well.