Set html text box value from php variable

Question

I'm trying to fill in a default 'value' field for a text box in an html registration form based on session data.

If a user makes any errors on my registration form it sends them back, and I want as much of their data filled in as possible as opposed to them being sent back to a plain form to start again.

Here's my handleer script check:

// Let's get the text from the form,.

$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$password_check = mysql_real_escape_string($_POST['pwcheck']);
$email = mysql_real_escape_string($_POST['email']);
$spam_check = mysql_real_escape_string($_POST['checkit']); // spam check
$IP = $_SERVER['REMOTE_ADDR']; // log their ip

// set up some session data for mnistakes or spam or errors
$_SESSION['username'] = $username;
$_SESSION['email'] = $email;

// check for empty info

if ($username == NULL || $username == '') { // no username set
    header ("Location: register.php?p=un"); die;
}
if ($password == NULL || $password == '') { // no password set
    header ("Location: register.php?p=pw"); die;
}
if ($password_check == NULL || $password_check == '') { // no password check set
    header ("Location: register.php?p=pwchk"); die;
}
if ($email == NULL || $email == '') { // no email set
    header ("Location: register.php?p=em"); die;
}

// have we had Spam?

if (strlen($spam_check) > 0) { // spam bot alert
    header ("Location: http://www.google.co.uk");
    die ('You\'re naughty.');
}

// does password and check match?

if ($password != $password_check) { // no match
    $_SESSION['username'] = $username;
    $_SESSION['email'] = $email;
    header ("Location: register.php?p=pwnpc&email=".$email.""); die;
}

And on my form page I'm doing:

// check for empty fields and session data

if (isset($_SESSION['email'])) { // email session data set
$email_value = 'value = "'.$_SESSION['email'].'"';
} else { $email_value = 'placeholder="Email"'; }

$errors = mysql_real_escape_string($_GET['p']);

switch ($errors) { // something is empty
case "un": // no username set
    $pen_name = 'Pen Name missing!';
break;
case "pw": // no username set
    $password = 'Password missing!';
break;
case "pwchk": // no password check set
    $pw_check = 'Your passwords don\'t match!';
break;
case "em": // no username set
    $email = 'Email missing!';
break;
case "pwnpc": // passwords don't match
    $pw_mismatch = 'Passwords don\'t match!';
break;
}

and the form its self

<form action="register_handle.php" method="post">

<label>Choose a Pen Name</label><br /><?php echo $pen_name ?>
<p><input type="text" name="username" placeholder="Pen Name" autofocus required> </p>

<label>Choose a Password</label><br />
<p><input type="password" name="password" placeholder="Password" required> ---> <input type="password" name="pwcheck" placeholder="Password Confirm" required> <?php echo $password.$pw_check.$pw_mismatch ?></p>

<label>Email</label><br />

 <?php echo $email ?>

<p><input type="email" name="email" <?php echo $email_value ?> required></p>

<input id="checkit" type="text" name="checkit" maxlength="50" size="30">

<input type="submit" value=" Sign Me Up " name="submit" class="submit">

</form>

but I just can't seem to get the values back. I'm sure it's gotta be simple but can you see a problem here? As you can see I've only tried it on trhe email box so far but to no avail.

Answer 1

You're missing the value attribute in your <input> field:

<p><input type="email" name="email" value="<?php echo htmlentities($email_value) ?>" placeholder="Email" required></p>

This will break the placeholder you wanted to use but that should always be there anyway since it will not show if you provide a value.