can anyone help me with the situation I'm in. I've been trying to find answers on how to display a user's first name, last name email...etc from the table that has the info stored but my only luck with echoing this info is only getting either ALL the info for a certain feel to show like all emails instead of just 1 specific email for the user or I just end up with mysql errors.
here's my index.php source
<?php
session_start();
if (isset($_SESSION['id'])) {
// Put stored session variables into local php variable
$userid = $_SESSION['id'];
$email = $_SESSION['email'];
$firstname = $_SESSION['first_name'];
$lastname = $_SESSION['last_name'];
$businessname = $_SESSION['company_name'];
$country = $_SESSION['country'];
$plan = $_SESSION['plan'];
} else {
header("Location: http://somewebsite.com");
}
include 'connect.php';
$first_name = $_GET['first_name'];
$last_name = $_GET['last_name'];
?>
for instance I would like to echo the user's first name in the header
<span class="username">USER</span> <--replace user with logged in user's firstname n last name-->
You can do something like this:
Write a function to fetch specific data from the table such as one below.
function getuserfield($field) {
$query = "SELECT $field FROM users WHERE id='".$userid."'";
if ($query_run = mysqli_query($query)) {
if ($query_result = mysqli_result($query_run, 0, $field)) {
return $query_result;
}
}
}
/* userid = $_SESSION['id']; */
The "$query_result" will display the username. $field is the specific field you want to display. By this function you can fetch any particular data from the specified field
Related
I'm trying to make a system where an administrator can add multiple people at the same time into a database. I want this system to prevent the administrator from adding people with email addresses already existing in the database.
IF one of the emails in the _POST["emailaddress"] matches with one of the emailaddresses in the db, the user should get a message saying one of the emails already exists in the database. To achieve this, I've tried using the function array_intersect(). However, upon doing so I get a warning saying:
Warning: array_intersect(): Argument #2 is not an array in ... addingusers.php on line 41
At first i thought it had something to do with the fact my second argument was an associative array, so I tried the function array_intersect_assoc, which returns the same warning. How can I solve this?
The code on addingusers.php
<?php
session_start();
error_reporting(E_ALL);
ini_set('display_errors',1);
$conn = mysqli_connect('localhost','*','*','*');
$condition = false; // this is for the other part of my code which involves inserting the output into db
$name = $_POST["name"];
$affix = $_POST["affix"];
$surname = $_POST["surname"];
$emailaddress = $_POST["emailaddress"];
$password = $_POST["password"];
//amount of emailaddresses in db
$checkquery2 = mysqli_query($conn, "
SELECT COUNT(emailaddress)
FROM users
");
$result2 = mysqli_fetch_array($checkquery2);
// the previously mentioned amount is used here below
for($i=0; $i<$result2[0]; $i++){
// the actual emails in the db itself
$q1 = mysqli_query($conn, "
SELECT
emailaddress
FROM
users
");
// goes through all the emails
$result_array1 = array();
while ($row1 = mysqli_fetch_assoc($q1)) {
$result_array1[] = $row1;
}
$query1 = $result_array1[$i]["emailaddress"];
}
// HERE LIES THE ISSUE
for($i=0; $i<count($emailaddress); $i++){
if (count(array_intersect_assoc($emailaddress, $query1)) > 0) {
echo "One of the entered emails already exists in the database...";
echo '<br><button onclick="goBack()">Go Back</button>
<script>
function goBack() {
window.history.back();
}
</script><br>';
$condition = false;
}
else{
$condition = true;
}
}
EDIT
as the comments point out, $query1 is indeed not an array it is a string. However, the problem remains even IF i remove the index and "[emailaddress]", as in, the code always opts to the else-statement and never to if.
$query1 is not an array, it's just one email address. You should be pushing onto it in the loop, not overwriting it.
You also have more loops than you need. You don't need to perform SELECT emailaddress FROM users query in a loop, and you don't need to check the intersection in a loop. And since you don't need those loops, you don't need to get the count first.
<?php
session_start();
error_reporting(E_ALL);
ini_set('display_errors',1);
$conn = mysqli_connect('localhost','*','*','*');
$condition = false; // this is for the other part of my code which involves inserting the output into db
$name = $_POST["name"];
$affix = $_POST["affix"];
$surname = $_POST["surname"];
$emailaddress = $_POST["emailaddress"];
$password = $_POST["password"];
$q1 = mysqli_query($conn, "
SELECT
emailaddress
FROM
users
");
// goes through all the emails
$result_array1 = array();
while ($row1 = mysqli_fetch_assoc($q1)) {
$result_array1[] = $row1['emailaddress'];
}
$existing_addresses = array_intersect($emailaddress, $result_array1);
if (count($existing_addresses) > 0) {
echo "Some of the entered emails already exists in the database: <br>" . implode(', ', $existing_addresses);
echo '<br><button onclick="goBack()">Go Back</button>
<script>
function goBack() {
window.history.back();
}
</script><br>';
$condition = false;
}
else{
$condition = true;
}
I'm currently creating the account management system of my website and I decided to add a feature that enables me to declare weather a specific account is active or inactive. The data is retrieved from my mysql table.
$query = mysqli_query($DBConnect,"SELECT * from REG");
echo "<table class = 'table' style = 'width:90%;text-align:center'>";
while($getData = mysqli_fetch_assoc($query))
{
$username = $getData['uname'];
$fname = $getData['fname'];
$mname = $getData['mname'];
$lname = $getData['lname'];
$bday = $getData['bday'];
$email = $getData['email'];
$contact = $getData['contact'];
$gender = $getData['gender'];
if($getData['userlevel'] == 1)
{
$userlevel = "user";
}
else
{
$userlevel = "admin";
}
if($getData['status'] == 1)
{
$status = "active";
}
else
{
$status = "disabled";
}
echo "<tr>";
echo "<td>$username</td><td>$fname</td><td>$mname</td><td>$lname</td><td>$bday</td><td>$email</td><td>$contact</td><td>$gender</td><td>$userlevel</td><td>
<a href ='..\status.php' >$status </a></td></tr>";
}
echo "</table>";
This is the content of status.php
session_start();
$DBConnect = mysqli_connect("localhost", "root","","kenginakalbo")
or die ("Unable to connect".mysqli_error());
$query = mysqli_query($DBConnect,"SELECT * from REG where id = '$_SESSION[id]'");
while($getData = mysqli_fetch_assoc($query))
{
$status = $getData['status'];
echo "'$_SESSION[id]'";
}
if($status == 1)
{
$query = mysqli_query($DBConnect, "UPDATE REG SET status = 0 where id = '$_SESSION[id]'");
}
else if ($status == 0)
{
$query = mysqli_query($DBConnect, "UPDATE REG SET status = 1 where id = '$_SESSION[id]'");
}
header("Location: admin/login.php");
What I need to do is get the ID of the row clicked and declare it in my session so that it can be used in the "status.php" file. But in this code, the last id in the table is the one that is declared into the session because of the loop. How do I get the value of the id of the row that is clicked? (is there sort of like onClick function in php? Thank you.
pass id parameter,
status.php?id=$id;
in status.php
$id = $_GET['id'];
Change:
echo "<td>$username</td><td>$fname</td><td>$mname</td><td>$lname</td><td>$bday</td><td>$email</td><td>$contact</td><td>$gender</td><td>$userlevel</td><td>
<a href ='..\status.php' >$status </a></td></tr>";
to:
echo "<td>$username</td><td>$fname</td><td>$mname</td><td>$lname</td><td>$bday</td><td>$email</td><td>$contact</td><td>$gender</td><td>$userlevel</td><td>
<a href ='..\status.php{$getData['id']}' >$status </a></td></tr>";
And in your status.php change $_SESSION['id'] to $_GET['id']. But make sure to first prevent SQL injection either through mysql_real_escape_string($_GET['id']) or through PDO.
There is no onclick function in PHP but you can create a form with a button on each row that holds the value of the row that it is in. Have that form simply do a post or a get request back to the status.php. Adding it to the session might be a bad idea.
Instead of a button you can also create a link modify your loop so that there is a property called $rowid and increment it within your loop.
Perhaps, what you really want is to use a GET superglobal here. You can switch
for
Then, you use $_GET["userid"] instead of $_SESSION[id] on the status.php page.
Also, you dont need a while for the status page. You should check the number of results, if it was 1 it means the user exists, and then you just do a $getData = mysqli_fetch_assoc($query) without the while
I'm using Italy language as main language in my website so when i edit details the some of language characters automatically converting to special character. does anyone know how to fix this issue...!
here is the code which i used to edit database value and convert specialchars
$title7 = mysql_real_escape_string(htmlspecialchars($_POST['title7']));
$description7 = mysql_real_escape_string(htmlspecialchars($_POST['description7']));
Here is the full code which i used to edit database values
// connect to the database
include('db.php');
if (isset($_POST['submit']))
{
// confirm that the 'id' value is a valid integer before getting the form data
if (is_numeric($_POST['id']))
{
// get form data, making sure it is valid
$id = $_POST['id'];
$language = mysql_real_escape_string($_POST['txtLanguage']);
$pkg_name = mysql_real_escape_string($_POST['pkg_name']);
$category = mysql_real_escape_string($_POST['category']);
$title = mysql_real_escape_string($_POST['title']);
$description1 = mysql_real_escape_string($_POST['description1']);
$title2 = mysql_real_escape_string($_POST['title2']);
$description2 = mysql_real_escape_string($_POST['description2']);
if ($pkg_name == '' || $category == '')
{
// generate error message
$error = 'ERROR: Please fill in Package name field!';
//error, display form
renderForm($id,$language,$pkg_name,$category,$title,$description1,$title2,$description2);
}
else
{
// save the data to the database
mysql_query("UPDATE saved_packages SET
language ='$language',
pkg_name ='$pkg_name',
category ='$category',
title ='$title',
description1 ='$description1',
title2 ='$title2',
description2 ='$description2',
WHERE id='$id'");
// once saved, redirect back to the view page
header("Location: adm_view_package.php");
}
}
else
{
// if the 'id' isn't valid, display an error
echo 'Error!';
}
And here is the result
Don't use htmlspecialchars when save data to database.
You should only do:
$title7 = mysql_real_escape_string($_POST['title7']);
$description7 = mysql_real_escape_string($_POST['description7']);
And when render the data get from database, use it:
echo htmlspecialchars($title7);
echo htmlspecialchars($description7);
I am trying to make permission page thy will check if user have full access than some option allow to this person.I have table named users there i have 5 columns name user_id , username , password , email , permission
respectively .so now i am showing what i have done.
permissions.php
<?php
include('db.php');
$result=mysql_query("SELECT permission,user_id FROM users");
while($test = mysql_fetch_array($result))
{
$test['user_id'];
$test['permission'];
}
?>
For example mysql result on first row: $test['user_id'] = 1 and $test['permission'] = full .
Session result: $_SESSION['user_name'] = admin
So how can i check if this user id have permission full than do some think.
I am new on php sorry for my bad explanation.
<?php
include('db.php');
$result = mysql_query("SELECT permission,user_id FROM users WHERE username = '$_SESSION[user_name]'");
if(mysql_num_rows($result)){
$data = mysql_fetch_row($result); // fetch first row of result, we don't need a loop, as username should be unique
$permission = $data['permision'];
$user_id = $data['user_id'];
}else{
echo "Username not found.";
}
?>
if user have full permission, store in session full permission
while($test = mysql_fetch_array($result))
{
$_SESSION['permission'] = $test['permission'];
}
check if user have full permission
if($_SESSION['permission'] == full){
//do shomething
}
<?php
include('db.php'); // though you should look in to "PDO"
// default permission--disallowed
$allowed = false;
// get the permission for the current user (based on the username within
// your session variable). also make sure to sanitize anything that's being
// placed within a query to the database.
$query = sprintf("SELECT permission "
."FROM users "
."WHERE username = '%s'",
mysql_real_escape_string($_SESSION['user_name']));
$result = mysql_query($query);
while (($test = mysql_fetch_array($result)) !== false){
// we found the username, now check their access
$allowed = $test['permission'] == 'full';
}
// if ($allowed){
// super secret area
// } else {
// get out of here
// }
I try to get the data from database to display data via ajax but failed to worked. It's partially working because data from mysql make this thing failed to function.
Here is my funds_transfer_backend.php page. This page will assign variable to json array.
session_start();
if(!isset($_SESSION['myusername']))
{
header("Location: ../index.html");
die();
}
include("../connect.php");
$myusername = $_SESSION['myusername'];
$sql="SELECT client_id FROM `client` WHERE username='$myusername'";
$result=mysqli_query($conn, $sql);
while ($row=mysqli_fetch_row($result)){
$id = $row['0'];
}
$index_num = $_POST['index_num'];
$to_account_num = $_POST['recipient'];
$amount = $_POST['amount'];
if ($amount == '' || $to_account_num == '' || $index_num == -1){
//echo "Please complete the form!";
$response = -1;
}
else {
// check account number exist
$query2 = "SELECT 1 FROM account WHERE id='$to_account_num' LIMIT 1";
if (mysqli_num_rows(mysqli_query($conn, $query2))!=1) {
//echo "Recipient account number is invalid!";
$response = -2;
}
else {
$query2 = "SELECT client.name, client.email FROM account JOIN client USING (client_id) WHERE account.id = '$to_account_num' LIMIT 1";
$result=mysqli_query($conn, $query2);
while($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) {
$name = $row['name'];
$email = $row['email'];
}
$response = 1;
}
} // check account num else bracket
$display = array('response' => $response, 'name' => $name);
echo json_encode($display);
However if I remove 'name' => $name from array the #stage div will trigger like image below:
Here is my funds_transfer.php page
<script type="text/javascript">
function update() {
var two = $('#index_num').val();
var three = $('#recipient_box').val();
var five = $('#amount_box').val();
$.post("funds_transfer_backend.php", {
index_num : two,
recipient : three,
amount : five
},function(data){
if (data.response==-1) {
$('#stage').show().html("Please complete the form!");
}
$('#stage').delay(2000).fadeOut();
},"json");
}
</script>
...other code goes here
<div id="stage" style="background-color:#FF6666; padding-left:20px; color: white;"></div>
<div id="confirm" style="background-color:#FF7800; padding-left:20px; color: white;"></div>
I try to check the data from db whether it exist using manual form method="post" and I can see the name being echo. Any help is appreciated and thanks in advance.
When your response is -1, your $name variable is undefined. So php could show a warning (depending on your settings) and you are trying to add an undefined variable to your array. This will invalidate your output / json.
You can set for example:
$name = '';
at the start of your script or check whether the variable is set with isset($name) before you try to use it to avoid these problems.
There are of course other solutions, like outputting your -1 directly and exiting the script there.
I always initialize my variables.
$myusername = isset($_SESSION['myusername']) ? $_SESSION['myusername'] : false;
Then you can safely do:
if ($myusername) {} without throwing warnings.
I do this weather I get my data from a db, post/get/session or json/ajax.
It takes a little extra time upfront but removes dozens of errors in the back end so you net more time.