Display results from a query into a form

I have this code…

<?php
//if the form hasnt been submitted, show it
} else {
	
$ID = $_GET['id'];

$stmt = "SELECT * FROM `customers`
	WHERE
	`customerNumber` = ".$ID;
	
    $stmt = $conn->prepare($stmt); 
    $stmt->execute();

    // set the resulting array to associative
    $result = $stmt->setFetchMode(PDO::FETCH_ASSOC); 
	
	print_r($result);
	
?>
<form action="<?php echo ($_SERVER['PHP_SELF']);?>" method="POST">
<div class="form-group">
<label for="name">Name:</label>
<input type="text" name="Name" class="form-control" id="name" readonly value="<?=$result['customerName']?>">
</div>
<div class="form-group">
<label for="city">City:</label>
<input type="text" name="City" class="form-control" id="city" readonly value="<?=$result['city']?>">
</div>
<div class="form-group">
<label for="country">Country:</label>
<input type="text" name="Country" class="form-control" id="country" readonly value="<?=$result['Country']?>">
</div>
<div>
<button type="submit" class="btn btn-default">Submit</button>
<button type="reset" class="btn btn-default">Reset</button>
</div>
<input type="hidden" name="ID" value="<?=$ID?>">
</form>

heres the result


why arent the result set as the values in the text boxes in the form?

Turn your error reporting on and you should see errors you are getting →
Put this at the top of your configuration php file :slight_smile:`<?php

/* Turn on error reporting */
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);`

I personally would avoid using short tags until you get the hang of things, just my opinion.

You should be binding the value of $id after having validated it. If ID is numeric then typecasting it as a integer will do:

$ID = (int) $_GET['id'];

Anything not valid as an integer will get turned into 0

2 Likes

The reason is that you aren’t fetching any results actually

You have this line:

$result = $stmt->setFetchMode(PDO::FETCH_ASSOC); 

but setFetchMode() returns boolean value, not an array (that’s why your printr() shows 1 instead of array above the form). To get the actual data you have to use fetch() method:

$result = $stmt->fetch();

This is how fixed code would look like:

$ID = $_GET['id'];

$stmt = 'SELECT * FROM `customers` WHERE `customerNumber` = :id';

$stmt = $conn->prepare($stmt); 

$stmt->execute([':id' => $ID]);

$stmt->setFetchMode(PDO::FETCH_ASSOC); 

$result = $stmt->fetch();
2 Likes

ok, it works with

$ID = (int) $_GET['id'];

$stmt = "SELECT * FROM `customers`
	WHERE
	`customerNumber` = :id";
	
    $stmt = $conn->prepare($stmt); 
	
    $stmt->execute([':id' => $ID]);

$row = $stmt->fetch(PDO::FETCH_ASSOC);
?>
<form action="<?php echo ($_SERVER['PHP_SELF']);?>" method="POST">
<div class="form-group">
<label for="name">Name:</label>
<input type="text" name="Name" class="form-control" id="name" readonly value="<?=$row['customerName']?>">
</div>
<div class="form-group">
<label for="city">City:</label>
<input type="text" name="City" class="form-control" id="city" readonly value="<?=$row['city']?>">
</div>
<div class="form-group">
<label for="country">Country:</label>
<input type="text" name="Country" class="form-control" id="country" readonly value="<?=$row['country']?>">
</div>
<div>
<button type="submit" class="btn btn-default">Submit</button>
<button type="reset" class="btn btn-default">Reset</button>
</div>
<input type="hidden" name="ID" value="<?=$ID?>">
</form>

did I set the fetchmode also in

$row = $stmt->fetch(PDO::FETCH_ASSOC);

also I thought this

<?=$row['city']?>

is the same as

<?php echo $row['city']; ?>

is that right?

So i added in a filter to validate your GET request and also added in error handling on a simple level and more could be added but the important part is the validation of the INT and its nice for your users to know whats going on during failure.

<?php
	$errors = array();
	//no need to cast here we can validate instead and not get an unexpected int if its not an int
	$ID = $_GET['id'];
	
	// make sure we have a an int if not there is a problem with the input and should display an error
	if(filter_var($ID, FILTER_VALIDATE_INT) == false)
	{
		$errors[] = "Error: Invalid ID";
	}

	$stmt = "SELECT 
				* 
			 FROM `customers`
		     WHERE `customerNumber` = :id";
		
    $stmt = $conn->prepare($stmt); 
	
    if(!$stmt->execute([':id' => $ID]))
    {
		$errors[] = "Error: unable to save your reqeuest.  If this problem continues please contact the site admin.";
	}

	$row = $stmt->fetch(PDO::FETCH_ASSOC);
?>

<?php if(isset($errors) && count($errors) > 0): ?>
	<div class = "errors">
		<?php foreach($errors as $error): ?>
			<p><?php echo $error; ?></p>
		<?php endforeach; ?>
	</div>
<?php endif; ?>
<form action="<?php echo ($_SERVER['PHP_SELF']);?>" method="POST">
	<div class="form-group">
		<label for="name">Name:</label>
		<input type="text" name="Name" class="form-control" id="name" readonly value="<?=$row['customerName']?>">
	</div>
	<div class="form-group">
		<label for="city">City:</label>
		<input type="text" name="City" class="form-control" id="city" readonly value="<?=$row['city']?>">
	</div>
	<div class="form-group">
		<label for="country">Country:</label>
		<input type="text" name="Country" class="form-control" id="country" readonly value="<?=$row['country']?>">
	</div>
	<div>
		<button type="submit" class="btn btn-default">Submit</button>
		<button type="reset" class="btn btn-default">Reset</button>
	</div>
	<input type="hidden" name="ID" value="<?=$ID?>">
</form>
2 Likes

Yes, but many hosts have PHP shorts tags disabled by default.

True, but since version 5.4 the tag <?= is always available regardless of the short_open_tag ini setting. https://secure.php.net/manual/en/language.basic-syntax.phptags.php

2 Likes

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.