Hi
I can't understand the following code
<input type="text" name="eid" value="<?php echo $eid ?>" />
at line 12 in the following program-
emp_search.php

<html>
<head>
<title>Search Application</title>
<!-- Program to accept an employee id from user & show the emp name & salary.If user given emp id doesn't exist in the table,then the program should display proper message -->
</head>
<body>
<center>
<form action="emp_search.php" method="post">
Employee ID<input type="text" name="eid" value="<?php echo $eid ?>" />
<input type="submit" value="search" />
</form>
<?php
$eid=$_REQUEST['eid'];

if(isset($eid))
{
echo "<hr>";
$host="localhost";
$user="root";
$passwd="";
$con=mysql_connect($host,$user,$passwd);
if(!$con)
{
die('Error:'.mysql_error());
}
mysql_select_db('db1',$con)
or die('Error:'.mysql_error());
$sql="select ename,salary from emp where emp_id='$eid'";
$result=mysql_query($sql,$con);
if($rec=mysql_fetch_array($result))
{
$enm=$rec[0];
$sal=$rec['salary'];
echo "Employee Name:$enm <br/>" ;
echo "Monthly Salary:$sal <br/>" ;
}
else
{
echo " $eid is an Invalid Employee ID <br/>";
}
mysql_close($con);
}
?>
</center>
</body>
</html>

Why do we use
echo $eid instead of giving any value ?
e.g. we could have written -

Employee ID<input type="text" name="eid" value="Hello World" />
instead of -
Employee ID<input type="text" name="eid" value="<?php echo $eid ?>" />
I find that there is no change in output if I change "<?php echo $eid ?>" to " Hi" or "Hello World" etc etc.
Then why the author of this program used that line of code?
Please can anyone explain to me ? :rolleyes:

In response to you're question. There can be many reasons why we use a variable for an input's value, over a hard coded value.

The problem in understanding is the example you provided is a poor example of a program and has many issues with it.

The input is using an undeclared variable. Unless there is a value assigned to $eid before it is displayed/used then the results are not going to be as desired.

For this reason I'd suggest removing the following code:

$eid=$_REQUEST['eid']; from line 13 and placing it somewhere before your form. (Don't forget to wrap it with opening and closing PHP tags)

Then i'd suggest filtering/validating this variable as it involves a user input communicating with the database. Unvalidated/filtered input is dangerous, any and every piece of user input that is passed to the database should be validated to prevent SQL injection.

For this reason we may want to assign a dynamic value '$eid' to the input value. Lets say our user mistypes the input in the field for whatever reason and it doesnt return the desired result. Setting the form input value to that of which was previously submited is useful in that if it's only say the last character which was incorrect. The end user would only have to change 1 character as opposed to retyping the whole thing.

To be honest there are too many reasons one may do so to explain. It all depends on the application's requirements and the authors intentions. Using harcoded values is something I always try to avoid where possible.

Anyways I had a little tidy up of the code example you provided and hope you are better able to understand it now.


<?php
/* you may wish to change $_REQUEST to post it's entirely up to you
* if the request is made store the data in a variable safely
* using $_REQUEST by default returns the value of $_POST $_GET and $_COOKIE
**/
if(isset($_REQUEST['eid'])) $eid = addslashes($_REQUEST['eid']);
?>
<html>
<head>
<title>Search Application</title>
</head>
<body>
<center>
<form action="emp_search.php" method="post" enctype="multipart/form-data">
Employee ID<input type="text" name="eid" value="<?php echo $eid ?>" />
<input type="submit" value="search" />
</form>
<?php

if(isset($eid)){
echo "<hr>";
$host="localhost";
$user="root";
$passwd="";
if(!mysql_connect($host,$user,$passwd)) die('Error:'.mysql_error());

mysql_select_db('db1',$con) or die('Error:'.mysql_error());

$sql="select ename,salary from emp where emp_id='$eid'";

$result=mysql_query($sql,$con);

if($rec=mysql_fetch_array($result)) {
$enm=$rec[0];
$sal=$rec['salary'];
echo "Employee Name:".$enm."<br/>" ;
echo "Monthly Salary:".$sal."<br/>" ;
}
else echo " $eid is an Invalid Employee ID <br/>";

mysql_close($con);
}
?>
</center>
</body>
</html>

If you are using this program in a production environment i'd strongly discourage it. I can't imagine any employee would be to happy about information/data regarding their salary being presented in such a weak/unsecure application.

Try taking a look at W3 Schools (http://w3schools.com/php/) theres a good selection of PHP beginner stuff in there that should answer allot of your problems.

Hope this helps answer your question.

I couldn't understand what you said.
Can you pls elucidate?
You didn't answer my query. If it is already set in $_REQUEST then why we use it again?

I've edited my previous post to explain in more depth. Let me know if you still do not understand and i'll do my best to help you.

If your question is why you might want to print a variable in that field (instead of simply writing the actual value), the answer (as henda described) is that it allows you to dynamically pass different values as needed.

If that's not your question, please elaborate.



...Try taking a look at W3 Schools (http://w3schools.com/php/) theres a good selection of PHP beginner stuff in there that should answer allot of your problems.

I would recommend the opposite - w3schools is a poor resource for web design in general, and php specifically (more (http://w3fools.com)).

I highly recommend visiting PHP's official site (http://php.net) for info about the language.

I would recommend the opposite - w3schools is a poor resource for web design in general, and php specifically (more (http://w3fools.com)).

I highly recommend visiting PHP's official site (http://php.net) for info about the language.

I used W3Schools back when I was learning the basics. The only real misconceptions regarding PHP there is the security risk involved, when not filtering/validating data in mysql queries and file uploads. That and allot of php's features arent explained in W3Schools.

For people with no background knowledge in programming, PHP.net (http://php.net) can appear quite daunting at first.
Which is why I usually recomend W3Schools for the really simple stuff when starting out. As it's spoon fed to the user in a really simple manor. For explaining something as simple as variables it's not really a problem. But i see where you're coming from.

Ultimately PHP's official site will always be the number 1 resource for anything PHP related in terms of accuracy.

Dear Henda,
I got ur point. But that was not my question.
I asked "why we are using <?php echo $eid ?> inside value?
Can you answer me that properly?

...I asked "why we are using <?php echo $eid ?> inside value?
Can you answer me that properly?

see my post above. please elaborate (what is it, exactly, that you don't understand?).

Dear Henda,
I got ur point. But that was not my question.
I asked "why we are using <?php echo $eid ?> inside value?
Can you answer me that properly?

To set the default value of a field, to whatever value $eid is.
There are far too many reasons to list why one might set the value of an input to something dynamic using PHP. The main reason being it will nearly always make your life easier working with the script.

What you all mean by dynamic?
I think it makes the form 'sticky' i.e. as soon you place the cursor in the textbox a pop-up window pops up saying ur employee id($eid). Isn't it?

Static means "constant - never changing".
Dynamic is can be changed.

By hardcoding a static value like value="somevalue". The value will always be "somevalue". Where as using a language like PHP and setting the value to a variable (vary-able - the value can vary) you can have the value change depending on different conditions.

example.


if($day == 'monday') $somevariable = 'Today is Monday';
else $somevariable = 'Today is not Monday';
echo $somevariable;

lets say we have a variable called $day which returns the current day. If the value of $somevariable is monday, the above script will print 'Today is Monday' - If it is not Monday the above script will print out 'Today is not Monday'.
This is how we work dynamicaly. I hope that clears that up, if not i'll be happy to explain in yet more detail at a later time.

What you're refering to about popups and stuff sounds like the HTML attribute title="some title" <- Thus will give a sort of popup when hovered over saying some title. value="some value" has nothing to do with popups, but sets the default value of an element. Ever loaded a form up where some of the fields are already filled out? Edited a comment on here? The value attribute is what is used to preload the input value of the given field in the form. It's loaded dynamicaly from a database and stored in a variable. Similar to $eid.

Ya thats what I am saying .
SAy you have text box called empid ,then what is the utility
of having filled a textbox with value (variable or static) when u r going to overwrite it everytime with some other value?
I mean ,maybe i am not clear yet with basic html,but what is the use?
you people are not getting my point at all!! :rolleyes:
A value already filled inside a blank text box is of no use,coz ultimately you have to type something inside it a textbox and then u click submit button.
I cant get why u fill textbox with some value

If you want a default value for the textbox.

For example:

1. The user filled out the form, but had one error. You can leave the correct values, so they don't have to fill out the entire form again.

2. You are retrieving a database record and putting the values into the form so they can be edited. (I would imagine that this is what is going on in your original post.)

... lots of other possibilities. everyone's trying to help you here; just take a moment to clarify what it is you actually want to know.