I'm trying to to create a users profile, it is suposed to get the id from the url, then get all the info from the user with that id.
<?php
session_start();
$userID = $_GET["id"];
$getUserNames = "SELECT * FROM users where id=$userID";
$result = $conn->query("getUserNames");
$row = mysqli_fetch_assoc($result);
if (isset($_GET["id"])) {
echo "<h1>";
echo $row["username"];
echo "</h1>";
echo "<p><b>Name: </b>";
echo $row["username"];
echo "</p>";
echo "<p><b>Password: </b>***** (<a href='#'>Change Password</a>)</p>";
} else {
if (isset($_SESSION["username"])) {
echo "<h1>";
echo $_SESSION["username"];
echo "</h1>";
echo "<p><b>Name: </b>";
echo $_SESSION["username"];
echo "</p>";
echo "<p><b>Password: </b>***** (<a href='#'>Change Password</a>)</p>";
} else {
echo "<p>You need to be logged in too see your profile!";
}
}?>
I get nothing from the echo and there is no error.
Please help!
You have an error at $conn->query("getUserNames"); which should be: $conn->query($getUserNames);
The complete new code with the fix looks like this:
<?php
session_start();
$userID = $_GET["id"];
$getUserNames = "SELECT * FROM users where id=$userID";
$result = $conn->query($getUserNames);
$row = mysqli_fetch_assoc($result);
if (isset($_GET["id"])) {
echo "<h1>";
echo $row["username"];
echo "</h1>";
echo "<p><b>Name: </b>";
echo $row["username"];
echo "</p>";
echo "<p><b>Password: </b>***** (<a href='#'>Change Password</a>)</p>";
} else {
if (isset($_SESSION["username"])) {
echo "<h1>";
echo $_SESSION["username"];
echo "</h1>";
echo "<p><b>Name: </b>";
echo $_SESSION["username"];
echo "</p>";
echo "<p><b>Password: </b>***** (<a href='#'>Change Password</a>)</p>";
} else {
echo "<p>You need to be logged in too see your profile!";
}
}?>
Related
I cannot find a way to access the username I used to log in with on my php web form.
I have had a look at these posts but I think my case varies slightly as they both declare the username variable at the top. I simply log in using a sql query.
Here is the login script
<?php
$uname=$_POST['uname'];
$password=$_POST['password'];
session_start();
$con=mysqli_connect("localhost","root","g7trj98o6fyr5","login");//mysqli("localhost","username of database","password of database","database name")
$result=mysqli_query($con,"SELECT * FROM `login_info` WHERE `uname`='$uname' && `password`='$password'");
$count=mysqli_num_rows($result);
if($count==1)
{
echo "Login success";
$_SESSION['log']=1;
header("refresh:2;url=welcome.php");
}
else
{
echo "please fill proper details";
header("refresh:2;url=index.php");
}
?>
I'm expecting to be able to do a if check using the currently logged in user to differentiate them from all other users online.
I have this if check which should only put the edit button next to the user who is logged in.
while($row = mysqli_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['uname'] . "</td>";
echo "<td>" . $row['clickrate'] . "</td>";
if($logedInUsername == $row['uname'])
echo "<td>" . $row['yourword'] . "<a href='edityourword.php?edit=$row[yourword]'> edit</a></td>";
else
echo "<td>" . $row['yourword'] . "</td>";
echo "</tr>";
}
echo "</table>";
?>
welcome.php (where the if statement is)
<?php
function add_ant(&$connection)
{
mysqli_query($connection, "UPDATE `login_info` SET `clickrate`=`clickrate`+'1' WHERE `uname`='rvbvakama' && `password`='pass'");
}
session_start();
if(isset($_SESSION['log']))
{
$_SESSION['uname'] = $_POST['uname'];
echo "<script type='text/javascript'>alert('$logedInUsername');</script>";
$con=mysqli_connect("localhost","root","pass","login"); //mysqli("localhost","username of database","password of database","database name")
if(array_key_exists('add',$_POST))
{
add_ant($con);
}
$result = mysqli_query($con,"SELECT * FROM login_info");
if (!$result)
{
printf("Error: %s\n", mysqli_error($con));
exit();
}
echo "<table border='1'>
<tr>
<th>username</th>
<th>clickrate</th>
<th>yourword</th>
</tr>";
while($row = mysqli_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['uname'] . "</td>";
echo "<td>" . $row['clickrate'] . "</td>";
if($logedInUsername == $_SESSION['uname'])
echo "<td>" . $row['yourword'] . "<a href='edityourword.php?edit=$row[yourword]'> edit</a></td>";
else
echo "<td>" . $row['yourword'] . "</td>";
echo "</tr>";
}
echo "</table>";
?>
<!DOCTYPE html>
<html>
<head>
<title></title>
</head>
<body>
<h1>Add ants</h1>
<button type='button' name="add">ADD</button> <br/> <br/>
<a href="index.php" >logout</a>
</body>
</html>
<?php
}
else
{
echo "please fill proper details";
header("refresh:2;url=index.php");
}
?>
Thanks.
Not safe, but put:
<?php
$uname=$_POST['uname'];
$password=$_POST['password'];
session_start();
$con=mysqli_connect("localhost","root","g7trj98o6fyr5","login");//mysqli("localhost","username of database","password of database","database name")
$result=mysqli_query($con,"SELECT * FROM `login_info` WHERE `uname`='$uname' && `password`='$password'");
$count=mysqli_num_rows($result);
if($count==1)
{
echo "Login success";
$_SESSION['log']=1;
$_SESSION['uname'] = $_POST['uname'];
header("refresh:2;url=welcome.php");
}
else
{
echo "please fill proper details";
header("refresh:2;url=index.php");
}
?>
and then check:
if($logedInUsername == $_SESSION['uname'])
...
also you need to set $logedInUsername to $row['uname'] in welcome.php
or check
if($row['uname'] == $_SESSION['uname'])
in login.php after login success execute this
$_SESSION['uname'] = $_POST['uname'];
in welcome.php execute this
$logedInUsername = $_SESSION['uname'];
Now the currently logged in username is stored in $logedInUsername for use in welcome.php, this is because SESSION is a global var in php and can be accessed from anywhere.
The while loop and if statement in it should now look like this:
while($row = mysqli_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['uname'] . "</td>";
echo "<td>" . $row['clickrate'] . "</td>";
if($row['uname'] == $logedInUsername)
echo "<td>" . $row['yourword'] . "<a href='edityourword.php?edit=$row[yourword]'> edit</a></td>";
else
echo "<td>" . $row['yourword'] . "</td>";
echo "</tr>";
}
echo "</table>";
?>
I have code for list values from database but when I add them to echo "<div>" it stops working
My code:
$sql = "SELECT name, size, type, username FROM Files";
$result = $conn->query($sql);
if ($result->num_rows > 0)
{
while($row = $result->fetch_assoc())
{
echo "<div class='filediv'>";
echo "<a href='uploads/$row['name']' download>$row['name']</a>";
echo "<p>Size: $row['size']KB</p>";
echo "<p>Type: $row['type']</p>";
echo "<p>Creator: $row['username']</p>";
echo "</div>";
echo "<hr>";
}
}
you have a syntax error
echo "<div class='filediv'>";
echo "<a href='uploads/".$row['name']."' download>".$row['name']."</a>";
echo "<p>Size:". $row['size']."KB</p>";
echo "<p>Type: ".$row['type']."</p>";
echo "<p>Creator: ".$row['username']."</p>";
echo "</div>";
echo "<hr>";
You can use {} for print php variables in html.
echo "<div class='filediv'>";
echo "<a href='uploads/{$row['name']}' download>{$row['name']}</a>";
echo "<p>Size: {$row['size']}KB</p>";
echo "<p>Type: {$row['type']}</p>";
echo "<p>Creator: {$row['username']}</p>";
echo "</div>";
echo "<hr>";
My code is working as for my needs. But the only thing bugging me is
the "else" is not working. When i search for a correct record the
record will appear and it was running fine. But if i Incorrectly
search a record nothing will happen. i am expecting "Records not Found" will echo but nothing happen.
}else{
echo "Records not found";
}
This is the whole code.
<?php
$conn = mysqli_connect("localhost", "root", "", "my1stdb") or die("could not connect");
$set = $_POST['search'];
if ($set) {
$show = "SELECT * FROM users where email='$set'";
$result = mysqli_query($conn, $show);
while ($rows = mysqli_fetch_array($result)) {
echo "Registrant Found";
echo "<tr>";
echo "<td>";
echo $rows['username'];
echo "</td>";
echo "<td>";
echo $rows['fullname'];
echo "</td>";
echo "<td>";
echo $rows['password'];
echo "</td>";
echo "<td>";
echo $rows['email'];
echo "</td>";
echo "</tr>";
echo "<br/>";
}
} else {
echo "Records not found";
}
?>
</table>
You need to use mysqli_num_rows() along with mysqli_fetch_assoc():-
<?php
$conn=mysqli_connect("localhost","root","","my1stdb") or die("could not connect");
$set = $_POST['search'];
if($set) {
$show="SELECT * FROM users where email='$set'";
$result=mysqli_query($conn,$show) or die(mysqli_error($conn));
if(mysqli_num_rows($result)>0){ // check data present or not
while($rows=mysqli_fetch_assoc($result)){ // for lighter array due to associative indexes only
echo "Registrant Found";
echo "<tr>";
echo "<td>";
echo $rows['username'];
echo "</td>";
echo "<td>";
echo $rows['fullname'];
echo "</td>";
echo "<td>";
echo $rows['password'];
echo "</td>";
echo "<td>";
echo $rows['email'];
echo "</td>";
echo "</tr>";
echo "<br/>";
}
}else{
echo "Records not found";
}
}else{
echo "Please insert search term";
}
?>
</table>
Note:- Your code is wide-open for SQL INJECTION. to prevent from it use prepared statements
Reference:-
mysqli prepared statements
PDO prepared statements
You could count the number of results returned.
if($set) {
$show="SELECT * FROM users where email='$set'";
$result=mysqli_query($conn,$show);
$recordCount = 0;
while($rows=mysqli_fetch_array($result)){
$recordCount++;
echo "Registrant Found";
echo "<tr>";
echo "<td>";
echo $rows['username'];
echo "</td>";
echo "<td>";
echo $rows['fullname'];
echo "</td>";
echo "<td>";
echo $rows['password'];
echo "</td>";
echo "<td>";
echo $rows['email'];
echo "</td>";
echo "</tr>";
echo "<br/>";
}
if($recordCount==0){
echo "Records not found";
}
}
I've been trying to figure this out on and off for a while, but I have a member based site that returns the same user regardless of the profile chosen and I'm not sure what's going on.
Here is my header
<?php
//START SESSION
ob_start();
session_start();
include_once 'functions.php';
if(isset($_SESSION['email']))
{
$email = $_SESSION['email'];
$loggedin = TRUE;
$userstr = " $email";
} else {
$loggedin = FALSE;
}
if($loggedin) {
include_once "navIn.php";
} else {
include_once "navOut.php";
}
This is my function that actually returns the user profile.
function showProfile($email)
{
if(file_exists("users/$row[0]/$row[0]pi.jpg"))
echo "<img src='/users/$row[0]/$row[0]pi.jpg'>";
else
echo "<i id='user-img-dflt' class='fa fa-user' aria-hidden='true'></i><br>";
$result = queryMysql("SELECT * FROM profiles");
if(mysql_num_rows($result))
{
$row = mysql_fetch_row($result);
echo "Contact: $row[3]";
echo "<h4>Statement</h4>";
echo "<p>";
echo stripcslashes($row[2]) . "<br clear='left' /><br/>";
echo "</p>";
echo "<h4>Work</h4>";
echo "<div class='gallery row'>";
//image1
if(file_exists("users/$row[0]/work/$row[0]w1.jpg"))
echo "<div class='col-md-2'>".
"<a href='/users/$row[0]/work/$row[0]w1.jpg'>" .
"<img class='thumbnail' src='/users/$row[0]/work/$row[0]w1.jpg'>" .
"</a>" .
"</div>";
else
echo "<div class='col-md-2'></div>";
//image2
if(file_exists("users/$row[0]/work/$row[0]w2.jpg")) {
echo "<div class='col-md-2'>".
"<a href='/users/$row[0]/work/$row[0]w2.jpg'>" .
"<img class='thumbnail' src='/users/$row[0]/work/$row[0]w2.jpg'>" .
"</a>" .
"</div>";
} else {
echo "<div class='col-md-2'></div>";
}
//image3
if(file_exists("users/$row[0]/work/$row[0]w3.jpg")) {
echo "<div class='col-md-2'>".
"<a href='/users/$row[0]/work/$row[0]w3.jpg'>" .
"<img class='thumbnail' src='/users/$row[0]/work/$row[0]w3.jpg'>" .
"</a>" .
"</div>";
} else {
echo "<div class='col-md-2'></div>";
}
//image4
if(file_exists("users/$row[0]/work/$row[0]w4.jpg")) {
echo "<div class='col-md-2'>".
"<a href='/users/$row[0]/work/$row[0]w4.jpg'>" .
"<img class='thumbnail' src='/users/$row[0]/work/$row[0]w4.jpg'>" .
"</a>" .
"</div>";
} else {
echo "<div class='col-md-2'></div>";
}
//image5
if(file_exists("users/$row[0]/work/$row[0]w5.jpg")) {
echo "<div class='col-md-2'>".
"<a href='/users/$row[0]/work/$row[0]w5.jpg'>" .
"<img class='thumbnail' src='/users/$row[0]/work/$row[0]w5.jpg'>" .
"</a>" .
"</div>";
} else {
echo "<div class='col-md-2'></div>";
}
//image6
if(file_exists("users/$row[0]/work/$row[0]w6.jpg")) {
echo "<div class='col-md-2'>".
"<a href='/users/$row[0]/work/$row[0]w6.jpg'>" .
"<img class='thumbnail' src='/users/$row[0]/work/$row[0]w6.jpg'>" .
"</a>" .
"</div>";
} else {
echo "<div class='col-md-2'></div>";
}
echo "</div>";
}
}
Lastly here is my members page that displays members and allows you to click on the profile.
<?php
//members.php
include_once 'head.php';
echo "<div id='content' class='container'>";
if(isset($_GET['view']))
{
$view = sanitizeString($_GET['view']);
$result = queryMysql("SELECT * FROM members");
$row = mysql_fetch_row($result);
echo "<h3>$row[2] $row[3]</h3>";
showProfile($view);
echo "</div>";
include_once 'footer.php';
die();
}
$stuff = queryMysql("SELECT * FROM members");
$num = mysql_num_rows($stuff);
echo "<h3>Members</h3>";
echo "<div class='row'>";
for ($j = 0; $j < $num; ++$j)
{
$row = mysql_fetch_row($stuff);
if($row[1] == $email) continue;
if(file_exists("users/$row[0]/$row[0]pi.jpg")) {
echo "<div class='col-md-4'><a href='?view=$row[0]'><img src='/users/$row[0]/$row[0]pi.jpg'/> <br>$row[2] $row[3] </a></div>";
}
else {
echo "<div class='col-md-4'><a href='?view=$row[0]'><i id='user-img-dflt' class='fa fa-user' aria-hidden='true'></i> <br>$row[2] $row[3] </a></div>";
}
}
echo "</div>";
echo "</div>";
?>
<?php include_once 'footer.php'; ?>
My MySQL database is pretty simple it has two tables:
members[id, email, firstName, lastName, pass]
profiles[id, statement, contact, website]
When I click on another profile the view id is correct but the profile remains regardless.
Figured it out thanks to the comments posted.
In my showProfile function:
$result = queryMysql("SELECT * FROM profiles WHERE id='$id'");
And in my members page:
$result = queryMysql("SELECT * FROM members WHERE id = '$view'");
I try to fetch all image from database but only one image is shown.
this is my code:
<?php
$query = "SELECT id, name, image, price FROM products ORDER BY name";
$stmt = $con-> prepare ( $query );
$stmt->execute();
$num = $stmt->rowCount();
if($num>0){
//some html code
this is my while loop:
while ($row = $stmt->fetch(PDO::FETCH_ASSOC))
{
extract($row);
echo "<div class='inner'>";
//creating new table row per record
echo "<ul>";
echo "<li>";
echo "<a class='thumb' href='images/{$image}'>";
echo "<div class='product-id' style='display:none;'>{$id}</div>";
echo "<span class='hoodnamecarousel'>{$name}</span>";
echo"</a>";
echo "</li>";
echo "</ul>";
echo "</div>";
echo "</div>";
This is second part of displaying image after click on any image:
echo "<div id='thumbs2' style='display:none;'>";
echo "<div class='inner'>";
echo "<ul>";
echo "<li>";
echo "<a class='thumb' href='images/{$image}'></a>";
echo "<div class='product-id' style='display:none;'>{$id}</div>";
echo "<span class='hoodnamecarousel'>{$name}</span>";
echo "<br />";
echo "<span class='price'>{$price}</span>";
echo "<br />";
echo "<a href='add_to_cart.php?id={$id}&name={$name}' class='button btn btn-primary'>";
echo "افزودن به سبد <span class='glyphicon glyphicon-shopping-cart'></span>";
echo "</a>";
echo "</li>";
echo"</ul>";
echo "</div>";
echo "<div id='closeBtn'>بستن</div>";
}
echo "</div>";
echo "</div>";
}
else {
echo "محصولات در حال بروزرسانی می باشند.";
}
?>
this code only display 1 image and doesn't show other images from database
please help me!