<?php
include 'config.php'; //connect to db
if(isset($_REQUEST["pwd"]) && isset($_REQUEST["name"])) {
$password = $_REQUEST['pwd']; //pass from previous page
$name = $_REQUEST['name']; //pass from previous page
$checkUserPass = mysql_query("SELECT * FROM validPersonnel WHERE Passkey = '$password' and Name = '$name'", $conn); //check if the user exist
if(mysql_num_rows($checkUserPass) == 1) {
$personnelId = mysql_query("SELECT PersonnelID FROM validPersonnel WHERE Passkey = '$password' and Name = '$name'", $conn); //query user id
while($row = mysql_fetch_assoc($personnelId)) {
echo $row['PersonnelD']; // print user id
}
mysql_close($conn);
//echo "<br/><br/>";
//echo "<script>alert('Logged In.')</script>";
//header("Refresh: 1; url=profile/profile.php?id="'.$id.');
//header('Refresh: 1; url=test.php?id=$personnelId');
} else {
echo "<br/><br/>";
echo "<script>alert('Wrong Password.')</script>";
header('Refresh: 1; url=personnelselect.php');
}
}
?>
i cannot echo the $row['PersonnelD'] the page shows blank. i cannot understand where did i go wrong. this page quesion have been solved
Looks like you have mistake in code:
echo $row['PersonnelD'];
shouldn't it be following?
echo $row['PersonnelID'];
check the mysql_fetch_assoc() function may be its parameter is empty so it can't enter the while loop
Try to debug and check the values came in the variables using var_dump() function. Ex: var_dump($row); in while loop.
In both your querys, you have
"SELECT * FROM validPersonnel WHERE Passkey = '$password' and Name = '$name'"
It should be:
"SELECT * FROM validPersonnel WHERE Passkey = '".$password."' and Name = '".$name."';"
PHP doesn't recognize the $var unless you close the quotes. The period adds the $var to the string.
Related
I have a two forms from one form. I can sucessfully store the data to database.when that form submitted user will directed to the second form. I am passing variable $uniqueid in the url from first form to second form. But, when I tried stored the data of the second form into the database that relevant to the same user its not stored.
I want to store mobile number of the user from second page.databse column also mobile number.
This is my code
<?php
include_once 'dbconnect.php';
$a = $_GET['uniquekey'];
if(isset($_POST['btn-signup']))
{
$mobilenumber = $_POST['mobilenumber'];
$xxx = mysql_query("SELECT * FROM who WHERE uniquekey = '$a'")or die(mysql_error());
$yyy = mysql_fetch_row($xxx);
if(mysql_num_rows($xxx) > 0) {
$aaa = mysql_query("INSERT INTO who(mobilenumber) VALUES('$mobilenumber')");
}
else{
echo 'wrong';
}
}
?>
$xxx = mysql_query("SELECT * FROM who WHERE uniquekey = '$a'")or die(mysql_error());
$yyy = mysql_fetch_row($xxx);
if(mysql_num_rows($xxx) > 0) {
$aaa = mysql_query("UPDATE who setmobilenumber='$mobilenumber' where uniquekey = '$a' ");
}
else{
echo 'wrong';
}
Here you can use update query for update user mobile number.
include_once 'dbconnect.php';
$a = $_GET['uniquekey'];
if(isset($_POST['btn-signup']))
{
$mobilenumber = $_POST['mobilenumber'];
$xxx = mysql_query("SELECT * FROM who WHERE uniquekey = '$a'")or die(mysql_error());
$yyy = mysql_fetch_row($xxx);
if($yy>0)
{
$update="update who set mobilenumber=$mobilenumber where uniquekey='$a'";
$query=mysql_query($update);
}
else
{
echo "wrong";
}
}
got a problem with my while statement, it will not display the first row & I have no idea why, any help would be appreciated.
<?php
$user = $_SESSION['username'];
$result = mysql_query("SELECT *FROM bookwrite WHERE username = '$user' ", $connection);
if (mysql_fetch_array($result)==0){
$class = "hideMe";
$firstnameResult = mysql_query("SELECT * FROM users WHERE username = '$user' ", $connection);
$row2 = mysql_fetch_array($firstnameResult);
echo "<div class=\"platOptions welcome\"><div class=\"welcomeinfo\"><h1>Welcome!</h1>Welcome to Little Quill, ".$row2["firstName"].". We see you are new to the platform. To get started by adding your first post please click the \"New Entry\" button below <a class=\"newentryBTN\" href=\"newEntry.php\">New Entry</a></div></div>";
} else {
$class = "";
while ($row = mysql_fetch_array($result)) {
echo nl2br("<li class=\"editable\" id=\"".$row["id"]."\">"."<div class=\"entryInfo clearfix\">"."<div class=\"statusWrapper\"><div class=\"status\"></div><div class=\"statusIcon\"></div></div>"."<h1>".$row["post_title"]."</h1>"."<div class=\"timeline-date entryDate\">".$row["post_date"]."</div>"."</div>"."<p contentEditable=\"true\">".$row["post_details"])."</p><a class=\"deleteBTN\"href='delete.php?id=".$row["id"]."'>x</a></li>";
}
}
?>
The first result is consumed by mysql_fetch_array, so when you start your loop you are consuming the second item. Try this code out, I basically assign the next value, at the end of the loop.
Also, I 100% agree with Jason McCreary, and I will make the comment that your current query is subject to SQL Injection. However, this should solve your first problem, helping you take a baby step towards to solution that's ultimately correct.
<?php
$user = $_SESSION['username'];
$result = mysql_query("SELECT * FROM bookwrite WHERE username = '$user' ", $connection);
$bookwrite_row = mysql_fetch_array($result);
if($bookwrite_row) {
while($bookwrite_row) {
echo nl2br("<li class=\"editable\" id=\"".$row["id"]."\">"."<div class=\"entryInfo clearfix\">"."<div class=\"statusWrapper\"><div class=\"status\"></div><div class=\"statusIcon\"></div></div>"."<h1>".$row["post_title"]."</h1>"."<div class=\"timeline-date entryDate\">".$row["post_date"]."</div>"."</div>"."<p contentEditable=\"true\">".$row["post_details"])."</p><a class=\"deleteBTN\"href='delete.php?id=".$row["id"]."'>x</a></li>";
$bookwrite_row = mysql_fetch_array($result);
}
} else {
$class = "hideMe";
$firstnameResult = mysql_query("SELECT * FROM users WHERE username = '$user' ", $connection);
$row2 = mysql_fetch_array($firstnameResult);
echo "<div class=\"platOptions welcome\"><div class=\"welcomeinfo\"><h1>Welcome!</h1>Welcome to Little Quill, ".$row2["firstName"].". We see you are new to the platform. To get started by adding your first post please click the \"New Entry\" button below <a class=\"newentryBTN\" href=\"newEntry.php\">New Entry</a></div></div>";
}
if (mysql_num_rows($result)==0){
$class = "hideMe";
...
I am trying to echo out all of the user rows in my database as a select in a form.
It is only showing a blank space. Nothing else.
Here is my code.
<?php
session_start();
require('../../config.php');
$user = $_SESSION['user'];
$qry=("SELECT `rank`, `uname` FROM users WHERE `uname` = '$user'");
$result=mysql_query($qry);
$row = mysql_fetch_assoc($result);
$rank = $row['rank'];
$logged = $_SESSION['loggedin'];
if ($logged == true) {
if ($rank >= 3) {
echo "Succesful, $user.<br />
<form method='POST' action='delete.php'>
<select><option>Please select</option>";
while ($row = mysql_fetch_assoc($result)) {
$users = $row['uname'];
$lol = ucwords($users);
}
echo "<option>$lol</option>";
echo "</select>
</form>";
} else {
echo "Your not an admin. $user";
}
} else {
echo "Please login.";
}
?>
First, please stop using mysql_ functions as they are being deprecated. Look into mysqli_ or PDO. Be aware that your script is vulnerable to SQL injection.
The reason your script is not working is because it appears you are calling mysql_fetch_assoc twice. When calling it the second time, there won't be any output if your query only returns a single row.
$qry=("SELECT `rank`, `uname` FROM users WHERE `uname` = '$user'");
$result=mysql_query($qry);
$row = mysql_fetch_assoc($result);
$rank = $row['rank'];
You will need to resubmit a query (something like below) and call that result separately to populate the drop down, or store the result in an array.
$qry=("SELECT `uname` FROM users");
$result=mysql_query($qry);
while ($row = mysql_fetch_assoc($result)) {
echo '<option>' . ucwords($row['uname']) . '</option>';
}
It looks like your while loop is set up badly, I think you need to change
while ($row = mysql_fetch_assoc($result)) {
$users = $row['uname'];
$lol = ucwords($users);
}
echo "<option>$lol</option>";
to this
while ($row = mysql_fetch_assoc($result)) {
$users = $row['uname'];
$lol = ucwords($users);
echo "<option>$lol</option>";
}
UPDATE:
I reread your question and it seems that you want to display all unames from your table.
The original query was to check if the user is an admin.
Here's how it will look like. But it's just a duplicate of njk's answer.
<?php
session_start();
require('../../config.php');
$user = $_SESSION['user'];
$qry=("SELECT `rank`, `uname` FROM users WHERE `uname` = '$user'");
$result=mysql_query($qry);
$row = mysql_fetch_assoc($result);
$rank = $row['rank'];
$logged = $_SESSION['loggedin'];
if ($logged == true) {
if ($rank >= 3) {
echo "Succesful, $user.<br />
<form method='POST' action='delete.php'>
<select><option>Please select</option>";
// added these 2 lines
$qry=("SELECT `rank`, `uname` FROM users");
$result=mysql_query($qry);
while ($row = mysql_fetch_assoc($result)) {
$users = $row['uname'];
$lol = ucwords($users);
echo "<option>$lol</option>";
}
echo "</select>
</form>";
} else {
echo "Your not an admin. $user";
}
} else {
echo "Please login.";
}
?>
Are you sure your database has more than 1 row? You are calling the fetch 1 time so the second time it will try to fetch the second row.
Try also running the query directly into mysql and see if you get the rows you're expecting back, may be its not returning what you expected
I am trying to echo out all of the user rows in my database as a select in a form.
It is only showing a blank space. Nothing else.
Here is my code.
<?php
session_start();
require('../../config.php');
$user = $_SESSION['user'];
$qry=("SELECT `rank`, `uname` FROM users WHERE `uname` = '$user'");
$result=mysql_query($qry);
$row = mysql_fetch_assoc($result);
$rank = $row['rank'];
$logged = $_SESSION['loggedin'];
if ($logged == true) {
if ($rank >= 3) {
echo "Succesful, $user.<br />
<form method='POST' action='delete.php'>
<select><option>Please select</option>";
while ($row = mysql_fetch_assoc($result)) {
$users = $row['uname'];
$lol = ucwords($users);
}
echo "<option>$lol</option>";
echo "</select>
</form>";
} else {
echo "Your not an admin. $user";
}
} else {
echo "Please login.";
}
?>
First, please stop using mysql_ functions as they are being deprecated. Look into mysqli_ or PDO. Be aware that your script is vulnerable to SQL injection.
The reason your script is not working is because it appears you are calling mysql_fetch_assoc twice. When calling it the second time, there won't be any output if your query only returns a single row.
$qry=("SELECT `rank`, `uname` FROM users WHERE `uname` = '$user'");
$result=mysql_query($qry);
$row = mysql_fetch_assoc($result);
$rank = $row['rank'];
You will need to resubmit a query (something like below) and call that result separately to populate the drop down, or store the result in an array.
$qry=("SELECT `uname` FROM users");
$result=mysql_query($qry);
while ($row = mysql_fetch_assoc($result)) {
echo '<option>' . ucwords($row['uname']) . '</option>';
}
It looks like your while loop is set up badly, I think you need to change
while ($row = mysql_fetch_assoc($result)) {
$users = $row['uname'];
$lol = ucwords($users);
}
echo "<option>$lol</option>";
to this
while ($row = mysql_fetch_assoc($result)) {
$users = $row['uname'];
$lol = ucwords($users);
echo "<option>$lol</option>";
}
UPDATE:
I reread your question and it seems that you want to display all unames from your table.
The original query was to check if the user is an admin.
Here's how it will look like. But it's just a duplicate of njk's answer.
<?php
session_start();
require('../../config.php');
$user = $_SESSION['user'];
$qry=("SELECT `rank`, `uname` FROM users WHERE `uname` = '$user'");
$result=mysql_query($qry);
$row = mysql_fetch_assoc($result);
$rank = $row['rank'];
$logged = $_SESSION['loggedin'];
if ($logged == true) {
if ($rank >= 3) {
echo "Succesful, $user.<br />
<form method='POST' action='delete.php'>
<select><option>Please select</option>";
// added these 2 lines
$qry=("SELECT `rank`, `uname` FROM users");
$result=mysql_query($qry);
while ($row = mysql_fetch_assoc($result)) {
$users = $row['uname'];
$lol = ucwords($users);
echo "<option>$lol</option>";
}
echo "</select>
</form>";
} else {
echo "Your not an admin. $user";
}
} else {
echo "Please login.";
}
?>
Are you sure your database has more than 1 row? You are calling the fetch 1 time so the second time it will try to fetch the second row.
Try also running the query directly into mysql and see if you get the rows you're expecting back, may be its not returning what you expected
I am trying to check if the session username matches the record in my database and if it does, I want to include a file.
This is my code
<?php
$username = $_SESSION['username'];
echo $username;
include('connect.php');
mysqli_select_db($connect,"persons");
$sql = "SELECT * FROM users WHERE sessionusername='$username'";
$r = mysqli_query($connect,$sql) or die(mysqli_error($connect));
$geez = mysqli_fetch_array($r);
if($geez)
{
include('check.php');
}
else
{
echo "error";
}
?>
The session username does not match the record in my database, yet the file is being included. Why?
OH, I FOUND THE ISSUE. IT IS CONSIDERING MY USERNAME TO BE ROOT...BUT WHEN I SAY ECHO $_SESSION['USERNAME'] IT IS CRAIG#CRAIG.COM..WHY SO>
<?php
$username = $_SESSION['username'];
echo $username;
include('connect.php');
mysqli_select_db($connect,"persons");
$sql = "SELECT sessionusername FROM users WHERE sessionusername='$username'";
$r = mysqli_query($connect,$sql) or die(mysqli_error($connect));
$geez = mysqli_fetch_array($r);
if($geez["sessionusername"]==$username)
{
include('check.php');
}
else
{
echo "error";
}
?>
You are simply testing whether the array $geez is empty or not. If the array has anything in it, you if($geez) will return true. To stop this behaviour, please see ceteras' answer, particularly this part:
if($geez["sessionusername"]==$username)
{
include('check.php');
}
I believe that's the only part that has changed.
Thanks,
James