Fetch data from a row from mysql database - php

I need to display a reply data on my page from my 'feedback' field in my mysql table. I want each user to have a different 'feedback' response stored per row and fetched when the user logs into a page through a session. I have set up my database but find it difficult forming the php code to view the feedback on my page...please can someone help../
<?php
session_start();
if ($_SESSION['username'])
{
$con = mysqli_connect('localhost','root','');
if (!$con)
{
die('Could not connect: ' . mysqli_error($con));
}
mysqli_select_db($con,"loginsession");
$username = $_SESSION['username'];
$sql="SELECT * FROM users WHERE username = $username";
$result = mysqli_query($con,$sql);
$feedback = mysql_query("SELECT feedback FROM users WHERE username='$username'");
echo $feedback;
}
else
header("Location: index.php");
?>

$feedback in this case is not a string, its a mysql resource. You need to fetch each row individually with something like:
echo "<PRE>";
while ($row = mysql_fetch_assoc($feedback)) {
print_r($row);
}
Also you should put $username through mysql_real_escape_string() or else your code may be vulnerable to SQL injection attacks.
Edit: (Disclaimer) The method you are using and my suggestion are very outdated and have been depreciated in php5.5 I suggest you look into prepared statements.

$sql = mysql_query("SELECT feedback FROM users WHERE username='{$username}' LIMIT 1");
$feedback = mysql_fetch_assoc($sql);
echo $feedback[0];

<?php
session_start();
if ($_SESSION['username'])
{
$con = mysqli_connect('localhost','root','');
if (!$con)
{
die('Could not connect: ' . mysqli_error($con));
}
mysqli_select_db($con,"loginsession");
$username = $_SESSION['username'];
$sql='SELECT feedback FROM users WHERE username = "'.$username.'"';
$result = mysqli_query($con,$sql);
while($row = mysqli_fetch_array($result))
{
echo $row['feedback'];
}
}
else
header("location: index.php");
?>

Related

Delete From a Database Using Session ($_SESSION)

I have a record i want to remove from the database. I have so far been able save to the mysql database now i have several information in several rows, now suppose the information isnt the needed one, i want to delete it from the database. Thats what i am trying to achieve here
I tried this
<?php
session_start();
require_once('inc/config.php');
if(!isset($_SESSION['username'])){
header('Location: signon.php');
}
?>
<?php
require_once('inc/config.php');
$con = mysqli_connect($host, $user, $pass, $db) or die ('Cannot connect: '.mysqli_error());
$sql = "SELECT * FROM education_info WHERE username = '" . $_SESSION['username'] . "'";
$result = mysqli_query($con,$sql);
$row = mysqli_fetch_array($result);
$id = $row['id'];
$username = $row['username'];
$sql2 = "DELETE FROM education_info WHERE id = $id" ;
$result = mysqli_query($con,$sql);
mysqli_close($con);
header("Refresh:0; url=EDWE.php");
?>
Only that the information still remains present in the database, How do i go about deleting it completely, if not needed?
You are passing wrong variable while executing delete query:
$sql2 = "DELETE FROM education_info WHERE id = $id" ;
$result = mysqli_query($con,$sql2); //<---pass $sql2

Login not checking if password is wrong

So for some reason if the password is correct it knows and takes the user to the correct user account, but if the pass is wrong, it wont log them in but still takes them to the account page that isn't logged in.
Can someone please help me out to not re-direct them if the password is wrong
<?php
session_start();
//$connection = mysqli_connect('localhost', 'root', '');
$connection = mysqli_connect("pdb18.awardspace.net","*****","******","*****");
if (!$connection){
die("Database Connection Failed" . mysqli_error($connection));
}
$select_db = mysqli_select_db($connection, '******');
if (!$select_db)
{
die("Database Selection Failed" . mysqli_error($connection));
}
$username=trim($_POST['username']);
$password=trim($_POST['password']);
//$encoded_password = base64_encode($password);
$sql = "SELECT * from register where Username='".$username."' and Password='".$password."'";
$result = mysqli_query($connection, $sql) or die(mysqli_error($connection));
$result = $con->query($sql);
$count = mysqli_num_rows($result);
//echo $count;
if ($count == 1){
while($row = $result->fetch_assoc()) {
$id=$row['id'];
}
$_SESSION['User'] = $username;
$_SESSION['UserId'] = $id;
echo "valid";
}
else{
echo "Invalid";
}
?>
Remove this line:
$result = $con->query($sql);
You are using procedural functions, mysqli_*.
This part of code $con->query is OOP style, which you are not using in your code, and overwritting the value o $result variable.
You can use both styles, but you should use the same connection, or $connection in your case.

SQL in PHP failure

If the value of the result is 0 it has to go to 'cid_check_firstdep.php' otherways (if its 1) it has to go to 'cid_check_depwid.php'.
It has to work, but i don't know why it doesn't. I've tried what i could that i think would be possible to fix it, but nono.
Code:
<?php
$con = mysql_connect("localhost","root","password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
header('Location: /ucp/error.php');
}
$sql = "SELECT validated FROM users WHERE username='".($_SESSION['username'])."'";
mysql_select_db("bluecard");
mysql_query($sql,$con);
if ($sql<'1')
{
mysql_close($con);
header('Location: /ucp/cid_check_firstdep.php');
}
else
{
mysql_close($con);
header('Location: /ucp/cid_check_depwid.php');
}
?>
or do i have to use :
if ($sql=='0')
?
|||
#John Conde
<?php
if(! get_magic_quotes_gpc() )
{
$withdraw = addslashes ($_POST['withdraw']);
}
else
{
$withdraw = $_POST['withdraw'];
}
$con = mysql_connect("localhost","root","password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
header('Location: /ucp/error.php');
}
$__sql = "SELECT cardvalue FROM users WHERE username='".($_SESSION['username'])."'";
mysql_select_db("bluecard");
mysql_query($__sql,$con);
if ($__sql<'5000000')
{
header('Location: /ucp/includes/withdraw_fail.php');
mysql_close($con);
}
else
{
$_sql = "UPDATE users SET Bank=Bank + '$deposit' WHERE Username='".($_SESSION['username'])."'";
mysql_select_db("server");
mysql_query($_sql,$con);
$sql = "UPDATE users SET cardvalue=cardvalue +- '$deposit', thismonth_withdraw=thismonth_withdraw + '$deposit', lastwithdraw = Now() WHERE username='".($_SESSION['username'])."'";
mysql_select_db("bluecard");
mysql_query($sql,$con);
mysql_close($con);
header('Location: /ucp/includes/withdraw_done.php');
}
?>
You're checking the wrong variable for your SQL result. You're using the variable containing your query instead of the variable you never assigned to capture the result of mysql_query(). You also want to use mysql_num_rows() to see how many results were returned.:
$result = mysql_query($sql,$con);
if ($result && mysql_num_rows($result) == 1) {
FYI, you shouldn't use mysql_* functions in new code. They are no longer maintained and are officially deprecated. See the red box? Learn about prepared statements instead, and use PDO, or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.
Hi Morgan I change your code according to my knowledge. I think this will help you to work done.
If you found any match to the username "count($return_data)" will get 1.
Thanks.
<?php
$con = mysql_connect("localhost","root","password");
$select_db = mysql_select_db("bluecard");
if (!$con)
{
die('Could not connect: ' . mysql_error());
header('Location: /ucp/error.php');
}
$sql = "SELECT validated FROM users WHERE username='".($_SESSION['username'])."'";
$query = mysql_query($sql,$con);
$return_data = array();
while($rows = mysql_fetch_array($query)){
$return_data[]=$rows;
}
if (count($return_data)<=1)
{
mysql_close($con);
header('Location: /ucp/cid_check_firstdep.php');
}
else
{
mysql_close($con);
header('Location: /ucp/cid_check_depwid.php');
}
?>

Selecting certain row in mysql

I am completely new to MYSQL and PHP, so i just need to do something very basic.
I need to select a password from accounts where username = $_POST['username']... i couldn't figure this one out, i keep getting resource id(2) instead of the desired password for the entered account. I need to pass that mysql through a mysql query function and save the returned value in the variable $realpassword. Thanks!
EDIT:
this code returned Resource id (2) instead of the real password
CODE:
<?php
$con = mysql_connect('server', 'user', 'pass');
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
echo '<br/> ';
// Create table
mysql_select_db("dbname", $con);
//Variables
//save the entered values
$enteredusername = $_POST['username'];
$hashedpassword = sha1($_POST['password']);
$sql = "SELECT password from accounts where username = '$enteredusername'";
$new = mysql_query($sql,$con);
echo "$new";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
mysql_close($con);
?>
It will be a lot better if you use PDO together with prepared statements.
This is how you connect to a MySQL server:
$db = new PDO('mysql:host=example.com;port=3306;dbname=your_database', $mysql_user, $mysql_pass);
And this is how you select rows properly (using bindParam):
$stmt = $db->prepare('SELECT password FROM accounts WHERE username = ?;');
$stmt->bindParam(1, $enteredusername);
$stmt->execute();
$result = $stmt->fetch(PDO::FETCH_ASSOC);
$password = $result['password'];
Also, binding parameters, instead of putting them immediately into query string, protects you from SQL injection (which in your case would be very likely as you do not filter input in any way).
I think your code looks something like this
$realpassword = mysql_query("SELECT password
from accounts where username = '$_POST[username]'");
echo $realpassword;
This will return a Resource which is used to point to the records in the database. What you then need to do is fetch the row where the resource is pointing. So, you do this (Note that I am going to use structural MySQLi instead of MySQL, because MySQL is deprecated now.)
$connection = mysqli_connect("localhost", "your_mysql_username",
"your_mysql_password", "your_mysql_database")
or die("There was an error");
foreach($_POST as $key=>$val) //this code will sanitize your inputs.
$_POST[$key] = mysqli_real_escape_string($connection, $val);
$result = mysqli_query($connection, "what_ever_my_query_is")
or die("There was an error");
//since you should only get one row here, I'm not going to loop over the result.
//However, if you are getting more than one rows, you might have to loop.
$dataRow = mysqli_fetch_array($result);
$realpassword = $dataRow['password'];
echo $realpassword;
So, this will take care of retrieving the password. But then you have more inherent problems. You are not sanitizing your inputs, and probably not even storing the hashed password in the database. If you are starting out in PHP and MySQL, you should really look into these things.
Edit : If you are only looking to create a login system, then you don't need to retrieve the password from the database. The query is pretty simple in that case.
$pass = sha1($_POST['Password']);
$selQ = "select * from accounts
where username = '$_POST[Username]'
and password = '$pass'";
$result = mysqli_query($connection, $selQ);
if(mysqli_num_rows($result) == 1) {
//log the user in
}
else {
//authentication failed
}
Logically speaking, the only way the user can log in is if the username and password both match. So, there will only be exactly 1 row for the username and password. That's exactly what we are checking here.
By seeing this question we can understand you are very very new to programming.So i requesting you to go thru this link http://php.net/manual/en/function.mysql-fetch-assoc.php
I am adding comment to each line below
$sql = "SELECT id as userid, fullname, userstatus
FROM sometable
WHERE userstatus = 1"; // This is query
$result = mysql_query($sql); // This is how to execute query
if (!$result) { //if the query is not successfully executed
echo "Could not successfully run query ($sql) from DB: " . mysql_error();
exit;
}
if (mysql_num_rows($result) == 0) { // if the query is successfully executed, check how many rows it returned
echo "No rows found, nothing to print so am exiting";
exit;
}
while ($row = mysql_fetch_assoc($result)) { //fetch the data from table as rows
echo $row["userid"]; //echoing each column
echo $row["fullname"];
echo $row["userstatus"];
}
hope it helps
try this
<?php
$con = mysql_connect('server', 'user', 'pass');
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
echo '<br/> ';
// Create table
mysql_select_db("dbname", $con);
//Variables
//save the entered values
$enteredusername = mysql_real_escape_string($_POST['username']);
$hashedpassword = sha1($_POST['password']);
$sql = "SELECT password from accounts where username = '$enteredusername'";
$new = mysql_query($sql,$con);
$row = mysql_fetch_array($new) ;
echo $row['password'];
if (!$new)
{
die('Error: ' . mysql_error());
}
mysql_close($con);
?>
<?php
$query = "SELECT password_field_name FROM UsersTableName WHERE username_field_name =".$_POST['username'];
$result = mysql_query($query);
$row = mysql_fetch_array($result);
echo $row['password_field_name'];
?>
$username = $_POST['username'];
$login_query = "SELECT password FROM users_info WHERE users_info.username ='$username'";
$password = mysql_result($result,0,'password');

Login Page in PHP is not working

<body>
<?php
session_start();
function salt($pw) {
$salt = "This comment should suffice as salt.";
return sha1($salt.$pw);
}
if (isset($_POST['submit'])) {
$link = mysql_connect('localhost', 'codekadiya', 'pass');
if (!$link) {
die('Could not connect: ' . mysql_error());
}
echo 'Connected successfully';
mysql_close($link);
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$password = salt($password);
$query = mysql_query("SELECT * FROM test WHERE username='$username' AND password='$password'");
if (mysql_num_rows($query)== 0) {
header("location:register.php");
exit;
}
else {
$_SESSION['user'] = $username;
header("location: register.php");
}
}
?>
</body>
I checked on my Connection. It says connection successful but I cant figure out what the other mistake are. Can someone guide me the mistake I have done? I can't find it.
echo 'Connected successfully';
mysql_close($link);
So you're closing the connection and then try to run queryes ? how should that work out ?
You should close the connection ( mysql_close($link); ) after you made you're query to the database ( meaning after $query = mysql_query("SEL..... )
You haven't really told us what doesn't work exactly, but it seems you are closing the MySQL link before the authentication query.
i don't tend to use isset instead i just use if($_POST["something"]) that way i get more relevant errors
also - you're closing the $link before you use it - ???

Categories