Some obvious wrongs: $sql = 'select * from issues_projects where project_id = '. $pid; $dbresult = db_query($sql); this is the biggest no-no $sql = 'select * from issues_projects where project_id = %d'; $dbresult = db_query($sql, $pid); (yes there is a is_numeric check -- that's at least something, but then you are reinventing the wheel... and what you will do when you work with strings? better if you get used to placeholders) $form['projectid'] = array('#type' => 'hidden', '#value' => $prj->project_id); you are much more secure with $form['projectid'] = array('#type' => 'value', '#value' => $prj->project_id); I would simply echo (or more nifty, watchdog) that $prj->project_id in here -- are you sure the problem is with form API? Anyways, this is much better suited for a forum topic...