shadiadiph Posted November 15, 2013 Share Posted November 15, 2013 Hi, Probably a silly question I have a page where I save a form with <input type="text" name="name" value="<?=$name?>" /> to an SQL database When I call it from the database $name is already called prior to calling the form but when it displays it displays the input field with the php code <?=$name?> I tried <?php echo or just using $name got the same results each time is there anyway to make this work so it displays the variable instead of the php text? Quote Link to comment Share on other sites More sharing options...
KaiSheng Posted November 15, 2013 Share Posted November 15, 2013 1) The value is the one that shows up on the form page. 2) Is your form using PHP_SELF method? 3) What are you trying to achieve? --- I assumed that you want to make a form that auto generates the username for the user so that they do not need to type again. So, the code will be <input type="text" name="username" value="<?php echo $row['username']; ?>" readonly="readonly" > Please remember your query on the top. Quote Link to comment Share on other sites More sharing options...
shadiadiph Posted November 15, 2013 Author Share Posted November 15, 2013 (edited) Actually i am: 1) saving the form with <input type="text" name="name" value="<?=$name?>" /> to sql 2) calling $name 3) calling $form which has the above input tag 4) echo $form and it is showing the php code as the value Edited November 15, 2013 by shadiadiph Quote Link to comment Share on other sites More sharing options...
Solution shadiadiph Posted November 15, 2013 Author Solution Share Posted November 15, 2013 Solved it with just had to evaluate the php code which must be like <input type="text" name="name" value="<?php echo $name ?>" /> when it is saved to work $form=$fdata["form"]; eval('?> ' . $form . ' <?php '); Quote Link to comment Share on other sites More sharing options...
Barand Posted November 15, 2013 Share Posted November 15, 2013 (edited) With PHP version < 5.4, the following willl work only if short_tags are enabled. <input type="text" name="name" value="<?=$name?>" /> if short_tags as disabled in the php.ini file you need to use <input type="text" name="name" value="<?php echo $name?>" /> Version >= 5.4 - this will work regardless of short_tag setting <input type="text" name="name" value="<?=$name?>" /> There should be no need for you to use eval() at all. Edited November 15, 2013 by Barand Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted November 15, 2013 Share Posted November 15, 2013 (edited) by using eval() you have opened yourself up to let hackers run their php code on your server. you must now validate that the $name variable (or any other value you put into the eval() statement) does not contain php code. does the rest of your code contain sufficient validation to insure someone isn't going to take over your web site? databases are for storing data, not code. if you want to store html makeup in your database, you need to use a template system where values have place-holders and the template essentially does a search/replace at runtime to put the values into the markup. Edited November 15, 2013 by mac_gyver Quote Link to comment Share on other sites More sharing options...
shadiadiph Posted November 15, 2013 Author Share Posted November 15, 2013 so you mean something along the lines if i must store a form it should be save as <input type="text" name="name" value="#_namex" /> And when i call the $form use str_replace or preg_replace to change it up? Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted November 15, 2013 Share Posted November 15, 2013 yes to your last post. Quote Link to comment Share on other sites More sharing options...
shadiadiph Posted November 15, 2013 Author Share Posted November 15, 2013 thanks makes sense guess i need to sleep more brain is not working 100% lol Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.