Hi all:

I'd appreciate it if someone could help me out a bit with this one. I've built a basic asset tracking database in MySql. I've developed a couple of forms to enter new data, or query the database. The query page displays the results in a basic table.

What I would like to do is display the results in the same form I used to generate the query. Also, I've no idea how to handle multiple results. Clear as mud?

Down the road, it would be nice if I was able to update as well.

Any help would be greatly appreciated.

Thanks

Kevin

You can display the result in the same form just be setting up the HTML attribute value.

For an edit box you might have something like:

<input type="text" name="userName">

<input type="text" name="userName" value="myName">

so given that, you can do that in PHP
However you should read up on security and learn how to properly sanitise the data.

Hi

That example is not so safe - $userName can contain spaces, even Javascript code. What if I typed something nasty:
><script language="javascript">alert('Hello');</script><blink

better way:

I totally agree that it's not safe...

The addition of the $_POST is important since that is where the variables are if the form has been posted back to the web server. One common technique would be to take the variables that you are expecting to receive and validate them, then if they are valid store them in another array, then only ever access from that array, $clean is a common name for such an array.

Thanks for the tips, I'll give them a shot today. I've been doing a lot of reading on SQL injection security issues.