Your HTML doesn't look correct; the value for a text input field is specified with the valueattribute, e.g.

您的 HTML 看起来不正确；文本输入字段的值由value属性指定，例如

<input name="lname" type="text" value="<?php echo( htmlspecialchars( $row['lname'] ) ); ?>" />

The row data will be present in the $rowhash; $resultis just a pointer to the MySQL result buffer. In addition, you're missing a ?>tag after the echostatement, and the final ?>is misplaced. There also appears to be no closing brace for the whileloop

行数据将出现在$row哈希中；$result只是一个指向 MySQL 结果缓冲区的指针。此外，您在语句?>之后缺少一个标签echo，并且最后?>一个放错了位置。while循环似乎也没有右大括号

Note the use of htmlspecialchars()to escape HTML entities in the text. This will prevent the text in the database from inadvertently closing the tag and spewing rubbish all over your HTML (and prevent against malicious input from users having any effect).

请注意使用htmlspecialchars()来转义文本中的 HTML 实体。这将防止数据库中的文本无意中关闭标签并在您的 HTML 中喷出垃圾（并防止来自用户的恶意输入产生任何影响）。

Overall, the correct solution might look something like:

总的来说，正确的解决方案可能类似于：

<?php
$con = mysql_connect( 'localhost', 'root', '' );
if( !$con ) {
    die( 'Could not connect: ' . mysql_error() );
} else {
    mysql_select_db( 'hospital', $con );
    $result = mysql_query( "SELECT * FROM t2 WHERE TELNUM='{$_POST["telnum"]}'" );
    while( $row = mysql_fetch_array( $result ) ) {
        ?>
        <form>
            <input name="lname" type="text" value="<?php echo( htmlspecialchars( $row['lname'] ) ); ?>" />
        </form>
        <?php
    }
}
?>

Finally, not to second-guess you, but be careful about inserting arbitrary values from user-supplied data (like $_GETand $_POST) into SQL queries - a malicious user could use this to intentionally construct queries you don't want performed, or a non-malicious user could quite reasonably provide data that unintentionally breaks the SQL, causing an unexpected error (or again, some form of unknown broken behaviour). Take a look at the SQL injection pageon the PHP web site as a good starting point to learn more about this.

最后，不要怀疑您，但要小心将用户提供的数据（如$_GET和$_POST）中的任意值插入 SQL 查询中 - 恶意用户可能会使用它来故意构建您不想执行的查询，或者非-恶意用户可以相当合理地提供无意中破坏 SQL 的数据，从而导致意外错误（或再次出现某种形式的未知破坏行为）。请查看PHP 网站上的SQL 注入页面，作为了解更多信息的良好起点。

It should be:

它应该是：

<input  name="lname" type="text"<?php echo $row['lname'];

Not

不是

<input  name="lname" type="text"<?php echo $result['lname'];

$result is just that - the boolean result of the mysql_query() call.

$result 就是这样 - mysql_query() 调用的布尔结果。

$row is the actual data on each iteration of the loop.

$row 是循环每次迭代的实际数据。

A number of things are wrong here.

这里有很多地方是错误的。

1. You're opening and closing PHP tags don't match. You can open them at the beginning and close them at the bottom like you're doing, you just have to echo the HTML when doing that.

2. The input takes a value attribute, which you can use to preset its value.

3. The array you want to be pulling your MySQL fetched array from is $row, not $result.

4. It would help to close your while loop.

5. It'd be good for you to escape output, depending on what's being output.

   while($row = mysql_fetch_array($result)){ echo " "; }

1. 您打开和关闭的 PHP 标签不匹配。您可以在开始时打开它们并在底部关闭它们，就像您正在做的那样，您只需要在执行此操作时回显 HTML。

2. 输入采用 value 属性，您可以使用它来预设其值。

3. 您想要从中提取 MySQL 获取的数组的数组是$row，而不是$result。

4. 这将有助于关闭您的 while 循环。

5. 根据输出的内容，逃避输出对您有好处。

   while($row = mysql_fetch_array($result)){ echo " "; }

Why htmlspecialchars instead htmlentities, i allways use htmlentities.

为什么 htmlspecialchars 而不是 htmlentities，我总是使用 htmlentities。