PHP

Prefilling Text Fields and Password Fields

<input type="text" name="textfieldname"
  value="<?php
  echo (isset($_POST['textfieldname'])) ?
htmlspecialchars($_POST['textfieldname']) : '';
  ?>" />

The value in a text field (and in a password field and in a hidden field, as well) is provided in its value attribute. However, the data there must be properly encoded with htmlspecialchars() to get rid of dangerous characters such as ' or < or >. The code snippet in the preceding code expects the form to be submitted back to itself; thus, it extracts the current value of the text field from $_POST (it would work analogously with $_GET).

Prefilling Text Fields
<?php
  require_once 'stripFormSlashes.inc.php';
?>
...
<input type="text" name="textfieldname"
  value="<?php
  echo (isset($_POST['textfieldname'])) ?
    htmlspecialchars($_POST['textfieldname']) : '';
  ?>" />

This works for password fields and hidden fields, as well.

If you want to use a default value for this form element, you just have to provide this default value instead of the empty string in the PHP code:

<input type="text" name="textfieldname"
  value="<?php
  echo (isset($_POST['textfieldname'])) ?
    htmlspecialchars($_POST['textfieldname']) :
    'default value';
  ?>" />

Another possibility is to prefill form values from cookies. This is quite useful when users enter their data into a form several times. So, when they visit a form on the site a couple of days later, the old data can be retrieved from the cookie. Yes, just one cookie since only 20 cookies per domain are allowed. We use an array for that, of course. However, only strings are allowed as cookie values, so the use of serialize() and unserialize() is required.

The following function retrieves a value from the cookie that contains the form data. The order of precedence is as follows: If $_GET or $_POST contains a current value for this field, this value is used (specific versions of the function exist for $_GET and $_POST because only one of these two methods is normally used at a time). Otherwise, the script looks in $_COOKIE for an associated value. If nothing is found, an empty string is returned.

Retrieving Form Data from a Cookie
function getCookieData() {
  if (isset($_COOKIE['formdata'])) {
    $formdata = $_COOKIE['formdata'];
    if ($formdata != '') {
      if (get_magic_quotes_gpc()) {
        $formdata = stripslashes($formdata);
      }
      return unserialize($formdata);
    } else {
      return array();
    }
  } else {
    return null;
  }
}
function getFormDataPOST($name) {
  if (isset($_POST[$name])) {
    return $_POST[$name];
  } else {
    $cookiedata = getCookieData();
    if ($cookiedata != null &&
      isset($cookiedata[$name])) {
      return $cookiedata[$name];
    }
  }
  return '';
}
function getFormDataGET($name) {
  if (isset($_GET[$name])) {
    return $_GET[$name];
  } else {
    $cookiedata = getCookieData();
    if ($cookiedata != null &&
      isset($cookiedata[$name])) {
      return $cookiedata[$name];
    }
  }
  return '';
}

Now, prefilling the form value is easy: Because getFormDataGET() and getFormDataPOST() always return anythingincluding an empty stringthe return value can be directly used in the text field's value attribute.

Prefilling Text Fields
<?php
  require_once 'stripFormSlashes.inc.php';
  require_once 'getFormData.inc.php';
?>
...
<input type="text" name="textfieldname"
  value="<?php
    echo
htmlspecialchars(getFormDataPOST('textfieldname'));
  ?>" />

by BrainBellupdated
Advertisement: