Just echo the value you want in the value attribute of the input field.
[hr]
You don’t need this code:
[php] function get_post($MyCONNECTION, $var)
{
return $MyCONNECTION->real_escape_string($_POST[$var]);
}
?>[/php]
Escaping parameters is not necessary if you use parameterized/prepared statements (as you should).
You also don’t need to close the PHP tag at the end of a file, only when you change from PHP to HTML output.
[hr]
[php]$yosEmp = get_post($MyCONNECTION,‘myEMP’);
$MyQUE = “INSERT INTO hourShifts (employer) VALUES($yosEmp)”;
$MyRESULT = $MyCONNECTION->query($MyQUE);
if (!$MyRESULT) echo “INSERT failed: $MyQUE
” . $MyCONNECTION->error . “
”;[/php]
Should be
[php]$stmt = $MyCONNECTION->prepare(“INSERT INTO hourShifts (employer) VALUES (?)”);
$stmt->bind_param(‘s’, $_POST[‘myEmp’]);
if($stmt->execute() === false) {
echo "INSERT failed: " . $MyCONNECTION->error . “
”
}[/php]
[hr]
And changing the code to a more readable format, snakeCase and outputting HTML properly you would en up with something like.
[php]<?php // db.php
$config = array(
‘host’ => ‘localhost’,
‘user’ => ‘user’,
‘pass’ => ‘pass’,
‘db’ => ‘test’
);
$db = new mysqli($config[‘host’], $config[‘user’], $config[‘pass’], $config[‘db’]);
if (mysqli_connect_errno()) {
printf(“Connect failed: %s\n”, mysqli_connect_error());
exit();
}
$mysqli->set_charset(“utf8”)[/php]
[php]<?php // abc.php
require ‘db.php’;
$errors = array();
$employee = isset($_POST[‘employer’]) ? $_POST[‘employer’] : null;
if ($_SERVER[‘REQUEST_METHOD’] === ‘POST’) {
$stmt = $db->prepare(“INSERT INTO hourShifts (employer) VALUES (?)”);
$stmt->bind_param(‘s’, $employer);
if($stmt->execute() === false) {
$errors[] = "INSERT failed: " . $db->error;
}
}
require ‘abc.html.php’;[/php]
[php]<php // abc.html.php
foreach ($errors as $error) {
echo $error . ‘
’; // not supposed to use breaks for layout like this
}
?>
Employer
[/php]
