phphtmlmysqlmysqliserver-side-validation

PHP code inside HTML value attribute


there! I want to do a database search and display the result back to the user in a pre-populated HTML form.

I located the exact part in the code that is not working but I can't understand why PHP is not picked by the server. I'm using UwAMP.

To illustrate the problem here is my short snippet of code that I need help with:

<form id="st_reg" action="" method="POST">
        Student Number:
        <input type="number" name="s_num" min="1000000" max="3000000" > </br>
        <input type="Submit" value="Search">
    </form>
    <?php 
        if($_SERVER['REQUEST_METHOD'] == "POST"){
            if(empty($_POST['s_num'])){
                $errors[] = "You forgot to enter the Student No!";
            }
            else{
                $st_no = trim($_POST['s_num']);
            }
            if(empty($errors)){
                //Open database connection
                require('../../connect_to_database/mysql_connect.php');
                //Check if the student is already in the database
                $query = "SELECT * FROM student WHERE student_no = $st_no";
                //Run the query
                $result = mysqli_query($db_connection,$query);
                if(!$result){
                    echo "The student does not exist!";
                    echo"Please <a href='index.html'>go back</a> and choose another action!";
                }
                elseif($result){
                    echo "<h2>Student Details:</h2>";
                    while($row = mysqli_fetch_array($result)){
                        echo '<form id="st_reg" action="" method="POST">
                                <label>Student Number:</label>
                                    <input type="number" name = "st_number" min="1000000" max="3000000" value="<?php if(isset(\$row[\'student_no\'])) echo \$row[\'student_no\']; ?> ">

AND the PHP code inside VALUE ATTRIBUTE is not executing when it should in reality. Don't bother about GLOBAL php tags not being closed 'cause they are in the file (I'm not that dump).

Please note all this code is inside a .php file with HTML code. This is a just the processing part after the form is submitted. I saved my time by using single-quotes for echo and escaped the sigle-quotes along the way where DB access was required. I tried curly brackets around variables, echo with double-quotes escaping double-qoutes within it but none of these attempts were successful. This is strange because I can perfectly echo $row['student_no'] outside of this context and is running fine.

I also looked at similar questions on this website. They were close but none of them had nearly to this context. I am open to any suggestions and better than that solutions.


Solution

  • echo '<form id="st_reg" action="" method="POST">
    <label>Student Number:</label>
    <input type="number" name = "st_number" min="1000000" max="3000000" value="<?php if(isset(\$row[\'student_no\'])) echo \$row[\'student_no\']; ?> ">
    

    should look like this:

    echo '<form id="st_reg" action="" method="POST">
    <label>Student Number:</label>
    <input type="number" name = "st_number" min="1000000" max="3000000" value="' . (isset($row['student_no']) ? $row['student_no'] : '') . '">
    CONTINUATION OF STRING...