Displaying $_POST in html from database

[dadedidhodong]

Hello people! Yes, I'm here again for a serious mattter. I've been trying to display a value from the table I've created in my database, it's teacher profiling system which functions enables the user to ADD, UPDATE, and VIEW the teacher's profile. So first let me introduce my novice codes...

First, I let the user to insert data into table with this-

<form method=post action=process_add_tchr_profile.php>

<p align="left"><input type=number name=tchr_id placeholder="Teacher ID" required></p>
<p><input type=text name=tchr_lname placeholder="Last Name"  required>

<p><input type=submit value=Submit><input type=reset value=Reset></p>
</form>

Second, after submission it will be processed and stored in-

$connection = mysql_connect("localhost", "root", "");
	$db = mysql_select_db("snnhs_db", $connection);
   
	$sql="INSERT INTO snnhs_db.tbl_tchr_profl( `tchr_id`, `tchr_lname`,)
                   VALUES  ('".$_POST["tchr_id"]."', '".$_POST["tchr_lname"]."',)";

$result = mysql_query($sql);

Third, in my html, I put an action where user can update the profile of the teacher-

$dbconnect = mysql_connect("localhost","root","");
    mysql_select_db("snnhs_db",$dbconnect);
    $sql = "SELECT * FROM tbl_tchr_profl";
    
    $result = mysql_query($sql);
    $ctr = 0;
    while($row = mysql_fetch_array($result,MYSQL_NUM)){
        for($x=0;$x<count($row);$x++){
            $tchr_profl[$ctr][$x] = $row[$x];
        }
        $ctr++;
    }
<h3>List of Accounts</h3>
<a href=#>Add New Account</a>
<table border=1 cellpadding=5>
    <tr>
        <th>No</th>
        <th>Teacher ID</th>
        <th>Last Name</th>
        <th>Action</th>
    </tr>
    <?php
    $ctr = 1;
    for($x=0;$x<count($tchr_profl);$x++){
        echo "<tr>";
        echo "<td>".$ctr++."</td>";
        echo "<td>".$tchr_profl[$x][0]."</td>";
        echo "<td>".$tchr_profl[$x][1]."</td>";
   
        echo "<td><a href=update_tchr_profl.php?id={$tchr_profl[$x][0]}>UPDATE</td>"
        
    }

Fourth, after clicking the UPDATE it will be redirected to update_tchr_profl.php where I have this code-

<?php
    
    $dbconnect = mysql_connect("localhost","root","");
    mysql_select_db("snnhs_db",$dbconnect);
    $sql = "SELECT * FROM tbl_tchr_profl WHERE tchr_id ={$_GET["id"]}";
    
    $result = mysql_query($sql);
    $ctr = 0;
    while($row = mysql_fetch_array($result,MYSQL_NUM)){
        for($x=0;$x<count($row);$x++){
            $tchr_profl[$ctr][$x] = $row[$x];
        }
        $ctr++;
?>
<p align="left">"<?php ".$_POST["tchr_id"]."?>"</p> -- here I want to display the ID since it can't be updated.
<p><input type=text name=tchr_lname value=<?php '".$_POST["tchr_lname"]."' ?>  required> -- here I want to display the current data of the last name from the first time it registers to the system

This is my problem, I don't if it's possible or what. I've searched through the internet but I don't seem to understand much about what they're saying so I decided to post my codes for me to better understands it. Sorry about codes and if you ask me who teach me why did I came up with such code, well, it's just what I thought to be, because I thought it would work.

[jazzman1]

You're wide open to SQL injection attacks. Every decent PHP tutorial on the web which shows how to deal with databases should start with this.

 

Your script doesn't have error checking logic in it. Check on the web, how to php_error_reporting and mysql_error use. Read the big warning message about php mysql library!

 

About the question how to display the output of the variable, try to echo it using a proper syntax as well.

<p align="left">"<?php echo $_POST['tchr_id']; ?>"</p> -- here I want to display the ID since it can't be updated.

PS: If you want to update some existing records in a table, you should call SQL UPDATE statement not SELECT!

Edited October 13, 2013 by jazzman1