CODEWITHSUNDEEP
phphtmlsqlarrayswhile-loop
Tomáš Macháček
Tomáš Macháček

Reputation: 121

Printing text to textbox and input from sql database in php

I would like to ask if someone could help me with this problem.

I want to prefill the input and textbox from the SQL database. I have tried it many times and I didn't succeded.

This is the code:

<?php
    $servername = "localhost";
    $username = "********";
    $password = "********";
    $dbname = "kucharka";

    $id = $_POST['id_recept'];

    $conn = mysqli_connect($servername, $username, $password, $dbname);
    $query = 'SELECT nazev, popis FROM recepty WHERE id = '.$id.'';
    $result = mysqli_query($conn, $query);

    if ($result) {
        while( $row = mysqli_fetch_array($result) ){
            echo "<li><label>Název</label></li>";
                echo "<input class='blue' type='text' name='nazev' placeholder='Název'>".$row['nazev']."</input>";
            echo "<li><label>Fotografie</label></li>";
                echo "<div class='foto'>";
                    echo "<input type='file' id='real-file' name='foto[]' hidden='hidden' multiple='multiple'>";
                    echo "<button type='button' id='custom-button' class='blue_foto'>Stiskněte</button>";
                    echo "<span id='custom-text'>Žádná fotografie.</span>";
                echo "</div>";
            echo "<li><label>Druh</label></li>";
                echo "<div class='select_custom'>";
                    echo "<select name='druh'>";
                            $conn = mysqli_connect($servername, $username, $password, $dbname);
                            $query = 'SELECT id, druh FROM druh';
                            $result = mysqli_query($conn, $query);

                            if ($result) {
                                while ($row = mysqli_fetch_array($result)) {
                                    echo "<option value=".$row['id'].">".$row['druh']."</option>";
                                }
                            }
                    echo "</select>";
            echo "</div>";
            echo "<li><label>Popis</label></li>";
                echo "<textarea name='text' placeholder='Popis'>".$row['popis']."</textarea>";
            echo "<li><input type='submit' name='submit' class='orange_input' value='Potvrďte'></li>";
        }
    }       
?>

Thank you in advance.

Upvotes: 1

Views: 249

Answers (1)

RiggsFolly
RiggsFolly

Reputation: 94642

Ahhh! You have a While Loop INSIDE a While Loop!!

And both are processing mysqli_fetch_array($result) and therefore the inner loop destroys the $result used in the outer loop.

<?php
    $servername = "localhost";
    $username = "********";
    $password = "********";
    $dbname = "kucharka";

    $id = $_POST['id_recept'];

    $conn = mysqli_connect($servername, $username, $password, $dbname);
    $query = 'SELECT nazev, popis FROM recepty WHERE id = '.$id.'';
    $result = mysqli_query($conn, $query);

    if ($result) {
        while( $row = mysqli_fetch_array($result) ){
            echo "<li><label>Název</label></li>";
                echo "<input class='blue' type='text' name='nazev' placeholder='Název'>".$row['nazev']."</input>";
            echo "<li><label>Fotografie</label></li>";
                echo "<div class='foto'>";
                    echo "<input type='file' id='real-file' name='foto[]' hidden='hidden' multiple='multiple'>";
                    echo "<button type='button' id='custom-button' class='blue_foto'>Stiskněte</button>";
                    echo "<span id='custom-text'>Žádná fotografie.</span>";
                echo "</div>";
            echo "<li><label>Druh</label></li>";
                echo "<div class='select_custom'>";
                    echo "<select name='druh'>";

// changed code here
                            // 1 you dont need to connect twice
                            //$conn = mysqli_connect($servername, $username, $password, $dbname);
                            $query = 'SELECT id, druh FROM druh';

                            // use different var here
                            // and then use it in the related function calls
                            $result1 = mysqli_query($conn, $query);

                            if ($result1) {
                                // and of course use a different var to hold the row data
                                // so you dont overwrite that also
                                while ($row1 = mysqli_fetch_array($result1)) {
                                    echo "<option value=".$row1['id'].">".$row1['druh']."</option>";
                                }
                            }
                    echo "</select>";
            echo "</div>";
            echo "<li><label>Popis</label></li>";
                echo "<textarea name='text' placeholder='Popis'>".$row['popis']."</textarea>";
            echo "<li><input type='submit' name='submit' class='orange_input' value='Potvrďte'></li>";
        }
    }

Seperate issue, you dont appear to have a <form> and </form> tag in this code. Without that the data placed in input fields will never be transmitted as a form to the PHP script for processing

BIG NOTE

Your script is open to SQL Injection Attack. Even if you are escaping inputs, its not safe! You should consider using prepared parameterized statements in either the MYSQLI_ or PDO API's instead of concatenated values

So to prepare the relevant dangerous query

$query = 'SELECT nazev, popis FROM recepty WHERE id = ?';
$stmt = $conn->prepare($conn, $query);
$stmt->bind_param('i', $_POST['id_recept']);

$stmt->execute();
$result = $stmt->get_result();

. . .

Upvotes: 1

Related Questions