How do I load data to textbox from mysql

Question

I have (html)

input type="text" name="input"
textarea name="output"

Next, I have some table, first name and last name. When I inserting first name in input area I would like to show last name in output area. Below PHP query doesn't working.

$input = $_POST['input'];
$select = mysql_query("SELECT first_name FROM table WHERE input=$input");
$req = mysql_fetch_array($select);

Answer 1

as you said you want to get last_name depending on first_name your query should look something like

$input = $_POST['input'];
$select = mysql_query("SELECT last_name FROM table WHERE first_name = '".$input."'");
$req = mysql_fetch_array($select);

try to concat variables in strings because its faster than substitution.

Answer 2

Hope this helps

//PHP
$firstname='';
$lastname='';

if(isset($_POST['go']))
{
   $firstname=$_POST['firstname'];
   $records = mysql_query("SELECT last_name FROM
   table WHERE firstname='$firstname'");

   if(mysql_num_rows ==1)
   {
       while($row=mysql_fetch_array($records))
       {
          $lastname=$row['last_name'];
       }
    }
}

//HTML
echo"<form method='post' >
echo" <input type='text' name='firstname' value='$firstname' />";
echo"<input type='submit' value='Go' /> ";
echo" <input type="text" name='lastname' value='$lastname' />";
echo"</form>";

Answer 3

You are missing quotes around the value you are inserting. Use

 input='$input'

You are not doing any error checking in your query, so in cases like this, things will break silently. To do proper error checking and get verbose messages check out the manual on mysql_query() or in this reference question.

Also, the code you show is vulnerable to SQL injection. Use the proper sanitation method of your library (in this case, mysql_real_escape_string()) for all the string data you insert, or switch to PDO and prepared statements.

Example using your current code:

# Escape string input
$input = mysql_real_escape_string($_POST['input']);

# Run query
$select = mysql_query("SELECT first_name FROM table WHERE input='$input'");

# Check for errors  
if (!$select)
 { trigger_error("mySQL error: ".mysql_error()); 
   die();
 }

Answer 4

There are a number of problems.

First, your table is probably not called table but something else. If it is in fact for some reason called table then you need to surrounded it in backticks because table is a reserved word. But it would be much better to change the name to not be a reserved word.

Second, you are also not correctly escaping the user input data. You could consider using mysql_real_escape_string for this purpose.

$input = mysql_real_escape_string($_POST['input']);

Finally, you should quote the user text in the SQL string:

$select = mysql_query("SELECT first_name FROM `table` WHERE input='$input'");

Alternatively you could use a parameterized query.