Forum residents!
I had a problem with a MySQL and PhP based user system: I want you to display only the data of the user with I am currently logged in.
The problem is that it also displays data from other users.
There is a MySQL table containing the following columns: id, username, password, email, VPSID. The goal is for each user to display their own VPSID, if the user logged in.
The site does not write anything or this display the data of all users.
The code:
<?php
session_start();
if(!isset($_SESSION['username'])){
header('location: login.php');
}
$hostname = 'blabla..';
$username = '';
$password = '';
$dbname = '';
$conn = mysqli_connect($hostname, $username, $password, $dbname);
if(!$conn) {
echo "Connection error: " .mysqli_connect_error();
}
$result = mysqli_query($conn, "SELECT * FROM users WHERE id ='".$id."'");
while($row = mysqli_fetch_array($result)) {
echo $row['VPSID'];
}
?>
What have I done wrong and what is the right solution?
Thanks in advance!
$id is null thats your problem.
Maybe $id = $_SESSION["id"];
If you dont store it that way go off username since I'm going to guess they are unique
$user_name = $_SESSION["username"];
$result = mysqli_query($conn, "SELECT VPSID FROM users WHERE username ='$user_name'");
while($row = mysqli_fetch_array($result)) {
echo $row['VPSID'];
}
Related
I'm a beginner in learning how to set up database & PHP script and follow example
to do that, then when I run login.php script I can't retrieve data from the database ,
I really feel that is a very simple question for others but I tried to solve it But didn't succeed, so can someone take look on my code then Corrects it?
here is my php script :
init.php :
<?php
$db_name = "webapp";
$mysql_username = "root";
$mysql_password = "";
$server_name = "localhost";
$con=mysqli_connect($server_name, $mysql_username, $mysql_password, $db_name);
if (!$con) {
echo "Connection Error ......." . mysqli_connect_error();
} else {
echo "<h3>Database connection Success .....</h3>";
}
?>
login.php :
<?php
require "init.php";
$user_name = "YASER";
$user_phone = "123456";
$sql_query = "select name from user_info where user_name like'$user_name'and
user_phone like'$user_phone';";
$result = mysqli_query($con,$sql_query);
if (mysqli_num_rows($result)>0)
{
$row = mysqli_fetch_assoc($result);
$name = $row["name"];
echo "<h3> Hello And Wellcome" . $name . "</h3>";
} else {
echo " No Info Is Available .......";
}
?>
1st : First check that query is executing or failing
if(!$result){ echo mysqli_error($con); }
2nd : use = instead of like
$sql_query = "select name from user_info
where user_name='$user_name' and
user_phone='$user_phone'";
3rd : You need to give proper spacing In query
like'$user_name'and
^^^ ^^^
To
like '$user_name' and
You have error in your query.
try this to find error
$result = mysqli_query($con,$sql_query) or die(mysqli_error($con));
Your query should be like as follow...
'SELECT name FROM user_info WHERE user_name LIKE "'.$user_name.'" AND user_phone LIKE "'.$user_phone.'"';
I have mysql database with around 500 records. There is a column password which is currently containing plain text passwords.
I want to covert these passwords to encrypted with bcrypt. How can I do it from phpmyadmin ?
Second appended question : what will be login page coding to check this encrypted password and let member get in ? ( I am using mysqli)
First of all, backup your db... Then you have to do something like this...
Not knowing your app I can just make an example, this probably won't work in your current production code.
$servername = "YOUR_SERVER";
$username = "YOUR_USERNAME";
$password = "YOUR_PASSWORD";
$dbname = "YOUR_DB";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT id, password FROM your_table";
$result = $conn->query($sql);
$newPasswords = [];
if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
$newPasswords[] = ["id" => $row["id"], "newPass" = "YOUR_PASSWORD_ENCRYPTED_WITH_BCRYPY"];
}
} else {
echo "0 results";
}
foreach($newPasswords as $user) {
$sql = "UPDATE your_table SET password = $user["newPass"] WHERE id = $user["id"]";
$result = $conn->query($sql);
}
$conn->close();
After this, you can change your app to login the user taking care of the new encrypted password. To encrypt with bcrypt in PHP look here.
Again remember to backup your database before any operation!
I have a database which stores data. How can I view data in my database with the same username as my session? What I have tried is below. There is a session and the username is uploading in each row in the database.
This is what I'm trying to do: say I logged in as jack I typed data in and sent it to the database. It saves the name as jack and then only views the results with jack. But it is saying 0 results. Why?
<?php
session_start();
if (isset($_SESSION['username'])) {
$username = $_SESSION['username'];
echo "$username";
}
$servername = "localhost";
$username = "root";
$password = "root";
$dbname = "score";
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT id, name, description FROM all_scores WHERE username = '".$username."' ORDER BY id DESC LIMIT 5";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
echo "<p></p>";
echo "". $row["name"]. "";
echo "<p>". $row["description"]. "</p>";
}
} else {
echo "0 results";
}
$conn->close();
?>
you have two mistakes
1- SQL syntax error, correct syntax is
$sql = "SELECT id, name, description FROM all_scores WHERE username = '".$username."'";
2- the variable $username is overwritten by the username of the database
try this:
$sql = "SELECT id, name, description FROM all_scores WHERE username = '".$_SESSION['username']."'";
So in my users table there are 5 columns. Id, username, password, email and money.
The money column is an int which is supposed to show how much money that user has. (I'm making a game).
I'm trying to make a script which displays how much money the user in the current session has, but my script displays the money for every user.
My code:
<?php session_start(); ?>
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "database4";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT * FROM users";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
echo $row['money'];
}
} else {
echo "You have no items yet!";
}
$conn->close();
?>
How would I do this?
You've missing where clause in your select query.
it would be something like:
$sql = "SELECT * FROM users WHERE id='{$_SESSION['user_id']}'";
$result = $conn->query($sql);
You just need to replace $_SESSION['user_id'] with the user id you are storing while user gets logged in.
EDIT:
Make sure you have session_start(); where page starts, additionally you may create unique index on email column in users table.
$sql = "SELECT * FROM users WHERE email='{$_SESSION['email']}'";
$result = $conn->query($sql);
I have PHP + AS3 user login®ister modul.I want to check registered user by username.But can't do it because I'm new at PHP.If you can help it will helpfull thx.(result_message part is my AS3 info text box.)
<?php
include_once("connect.php");
$username = $_POST['username'];
$password = $_POST['password'];
$userbio = $_POST['userbio'];
$sql = "INSERT INTO users (username, password, user_bio) VALUES ('$username', '$password', '$userbio')";
mysql_query($sql) or exit("result_message=Error");
exit("result_message=success.");
?>
Use MySQLi as your PHP function. Start there, it's safer.
Connect your DB -
$host = "////";
$user = "////";
$pass = "////";
$dbName = "////";
$db = new mysqli($host, $user, $pass, $dbName);
if($db->connect_errno){
echo "Failed to connect to MySQL: " .
$db->connect_errno . "<br>";
}
If you are getting the information from the form -
$username = $_POST['username'];
$password = $_POST['password'];
$userbio = $_POST['userbio'];
you can query the DB and check the username and password -
$query = "SELECT * FROM users WHERE username = '$username'";
$result = $db->query($query);
If you get something back -
if($result) {
//CHECK PASSWORD TO VERIFY
} else {
echo "No user found.";
}
then verify the password. You could also attempt to verify the username and password at the same time in your MySQL query like so -
$query = "SELECT * FROM users WHERE username = '$username' AND password = '$password';
#Brad is right, though. You should take a little more precaution when writing this as it is easily susceptible to hacks. This is a pretty good starter guide - http://codular.com/php-mysqli
Using PDO is a good start, your connect.php should include something like the following:
try {
$db = new PDO('mysql:host=host','dbname=name','mysql_username','mysql_password');
catch (PDOException $e) {
print "Error!: " . $e->getMessage() . "<br/>";
die();
}
Your insert would go something like:
$username = $_POST['username'];
$password = $_POST['password'];
$userbio = $_POST['userbio'];
$sql = "INSERT INTO users (username, password, user_bio) VALUES (?, ?, ?)";
$std = $db->prepare($sql);
$std = execute(array($username, $password, $userbio));
To find a user you could query similarly setting your $username manually of from $_POST:
$query = "SELECT * FROM users WHERE username = ?";
$std = $db->prepare($query)
$std = execute($username);
$result = $std->fetchAll();
if($result) {
foreach ($result as $user) { print_r($user); }
} else { echo "No Users found."; }
It is important to bind your values, yet another guide for reference, since I do not have enough rep yet to link for each PDO command directly from the manual, this guide and website has helped me out a lot with PHP and PDO.