Pre filled fields in form without ajax

Question

This is my first project. I want, when I update my record at that time in form all fields are pre filled with previous data.Which are stored in table.

This is my Function code:-

    public function getData($query)
      {        
    $result = $this->connection->query($query);
    if ($result == false) {
        return false;
    } 

    $rows = array();

    while ($row = $result->fetch_assoc()) {
        $rows[] = $row;
    }

    return $rows;
}

This is my html file code:

      <?php
      $result = $crud->getData("SELECT * FROM creative_workshop ");
      foreach ($result as $res) {
      $id = $res['id'];
      $title = $res['title'];
      $message = $res['message'];
      $title1 = $res['title1'];
      $message1= $res['message1'];
      $image1= $path .$res['image1'];
      $title2 = $res['title2'];
      $message2= $res['message2'];
      $image2= $path .$res['image2'];
       }
       ?>
<form name="form" method="post" action="" enctype="multipart/form-data">
<textarea rows="4" cols="50" name="title" value="<?php echo $title;?>">
<textarea rows="4" cols="50" name="message" value="<?php echo $message;?>">
 </form>

Answer 1

First:

What you are currently doing on your form is getting all rows from your table and looping over them to eventually take the last row returned and show it in your form.

Unfortunately, you get no guarantees from your DB that your data will come back in a certain order.

This means that looping over the results from your SELECT may return the last row entered but it is not guaranteed.

Instead you want to go and either select your rows with an ORDER BY or, and this would be more efficient, add a where to get a specific row.

If you have an auto incrementing ID field you could have a look at this.

Second:

To show data in a textarea field you need to echo it into the tag content, not the attribute, ie:

<textarea><?php echo $text ?></textarea>

Third:

Echoing text directly from your datasource (in your case your DB table) to the page is insecure.

You should consider escaping it to avoid undesired behaviour - specifically, having HTML in the data rendered.

Imagine $text was this:

</textarea><script>alert('uh-oh');</script>

Parsing that into the form would make the resulting HTML on the page look like this, thus causing a but of JS being executed on your page.

<textarea></textarea><script>alert('uh-oh');</script></textarea>

Avoid this behaviour by using htmlentities:

<textarea><?php echo htmlentities($text) ?></textarea>

With that the output becomes:

<textarea>&lt;/textarea&gt;&lt;script&gt;alert('uh-oh');&lt;/script&gt;</textarea>

Looks daft but stops the browser from rendering the content as HTML, thus securing your form :-)

Answer 2

Problem is in this line of statement

$result = $crud->getData("SELECT * FROM creative_workshop ");

Make sure the member function $crud->getData is working properly, getData is not returning the fetched results

Answer 3

There is no value attribute for Textarea. you can use. Like

<form name="form" method="post" action="" enctype="multipart/form-data">
 <textarea rows="4" cols="50" name="title" ><?php echo $title;?></textarea>
 <textarea rows="4" cols="50" name="message" ><?php echo $message;?></textarea>
</form>