Now I have created a login form with a session, what I need now that when the user login with his username and password, get his data such as name, about etc.. and put it in the welcome page.
Currently I have created this code but this code get all users data,
<?php
mysql_connect("localhost", "root", "") or die(mysql_error());
mysql_select_db("usersdata") or die(mysql_error());
$data = mysql_query("SELECT * FROM userid")
or die(mysql_error());
Print "<table border cellpadding=3>";
while($info = mysql_fetch_array( $data ))
{
Print "<tr>";
Print "<th>Name:</th> <td>".$info['Name'] . "</td> ";
Print "<th>Username:</th> <td>".$info['Email'] . " </td></tr>";
}
Print "</table>";
?>
I hope to find a way to do that. :D
Since you already created a login form with session then you get the data for the current logged in user by doing this:
$_SESSION['userid']: Should be filled in the login page.
$_SESSION['userid'] = $id
Learn more about the sessions: PHP Sessions W3schools
And then:
$query= mysql_query("SELECT * FROM `userid` WHERE `id` = '".$_SESSION['userid']."' ")or die(mysql_error());
$arr = mysql_fetch_array($query);
$num = mysql_numrows($query); //this will count the rows (if exists)
HTML
<html>
//...
<?php if($num > 0){ ?>
<table border="1" cellpadding="3">
<tr><td colspan="2" align="center">Your Info</td></tr>
<tr>
<td>Name: <?php echo $arr['Name']; ?></td>
</tr>
<tr>
<td>Email: <?php echo $arr['Email']; ?></td>
</tr>
</table>
<?php }else{ ?>
User not found.
<?php } ?>
//...
</html>
Although you should use the mysqli_ extension, rather than mysql_, you would want something like:
$result = mysql_query("SELECT * FROM userid WHERE username = '" . $username . "'")
or die(mysql_error());
if(mysql_num_rows($result) == 1) {
//Found the user
$row = mysql_fetch_array($result);
//Results can be accessed like $row['username'] and $row['Email']
} else {
//Too few or too many records were found
}
Note: I've used username='$username' as an example. It would be best to track the user's ID from the login process as the ID refers to a specific row.
$data = mysql_query("SELECT * FROM userid")
Should be
$data = mysql_query("SELECT * FROM userid WHERE Name='$selectedName'")
Of course you need to define $selectedName
I also recommend you read http://dev.mysql.com/doc/refman/5.0/en/select.html to learn about some fundamentals.
Your example code retrieves all users from the database and loops through the data using a while loop.
To get the user that has logged in you need to change your query that fetches the data.
I'm assuming you have a primary key in your table and know the id because the user already logged in.
$data = mysql_query("SELECT * FROM userid WHERE id={$userid}");
$info = mysql_fetch_array( $data );
echo $info['Name'];
$info will now contain all the user info for 1 user, you need to fill $userid with the actual id from the user that is logged in.
Related
I'm looking for the best way for a user to be able to click on a link displayed on each row from mysql results page which will take them to a page which displays all the with regards to the id from that row.
HTML TABLE
<?php
$sql = "SELECT firstName, lastName, id FROM users";
$result = $conn->query($sql);
echo "<table border='1px'>";
echo "<tr><th>First Name</th><th>Last Name</th><th>Link</th></tr>";
if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
echo "<tr>
<td>{$row['firstName']}</td>
<td>{$row['lastName']}</td>
<td> LINK HERE </td>
</tr>";
}
} else {
echo "0 results";
}
echo "</table>";
?>
USER PAGE
$sql = "SELECT firstName, lastName FROM users WHERE id="????";
$result = $conn->query($sql);
You can pass the information in the URL query string:
http://www.example.con/user.html?id=123456
Where the '123456' is the ID in the database for the user. This will be available in the GET array;
$_GET['id']
So now you can use that variable in your query to get the user's info for the page
Warning
Little Bobby says your script is at risk for SQL Injection Attacks.. Even escaping the string is not safe!
EDIT
I also noticed that you had this:
<td> LINK HERE </td>
Here is how your link would look:
<td>link text</td>
I'm using php to display what I have in my data base of user name.
When I want to delete the user name it works and deletes it from the database but it still shows in my php page.
Heres the delete command I'm using:
<table class="table">
<tr><th>#</th><th>Date</th><th>ID</th><th>Actions</th></tr><?php
if ($_GET['a'] == 'delete' && $_GET['i']) {
$UserId = $_GET['i'];
$res=mysql_query("SELECT FROM `users` WHERE `UserId`=$UserId");
$TraderId=mysql_result($res,0,"TraderId");
mysql_query("DELETE FROM `users` WHERE `UserId`=$UserId");
mysql_query("DELETE FROM `traders` WHERE `TraderId`=$TraderId");
echo '<br><br><div class="alert alert-warning"><strong>Bye bye!</strong> Result has been deleted.</div>';
}
if($_GET['s']=="true")
{
echo '<br><br><div class="alert alert-success"><strong>Success!</strong> The user has been saved.</div>';
}
$res = mysql_query("SELECT * FROM `users`");
for ($i = 0; $i < mysql_num_rows($res); $i++) {
$Username = mysql_result($res, $i, "Username");
$UserId = mysql_result($res, $i, "UserId");
$IsAdmin = (string) (bool) mysql_result($res, $i, "IsAdmin");
echo "<tr><td>$UserId</td><td>$Username</td><td>$IsAdmin</td><td>
Delete
Edit</td></tr>";
}
?>
</table>
and here is where the names should show .. this is the trader page where the TraderId is displayed:
<table border="">
<head><tr><th style="padding-bottom:40px; padding-right:70px; padding-top:20px;">Date</th><th style="padding-left:200px; float:right;">Screenshots</th></tr></thead>
<?php
$res=mysql_query("SELECT * FROM `traders`");
for($i=0;$i<mysql_num_rows($res);$i++)
{
$Name=mysql_result($res,$i,"Name");
$Price=mysql_result($res,$i,"Price");
$Timezone=mysql_result($res,$i,"Timezone");
$TraderId=mysql_result($res,$i,"TraderId");
echo '<tbody><tr><td style="padding-left:0px;padding-bottom:10px;">'.$Name.'</td><td style="padding-left:200px;"><a href="details.php?i='.$TraderId.'">View details<a/></td></tr></tbody>';
}
?>
</table>
Again the delete function works as I see the result been removed from my sql database but not from the output page.
$res=mysql_query("SELECT FROM `users` WHERE `UserId`=$UserId");
select what?
Guessing the delete users works as it gets the id from $_GET, where as the traders never actually gets any data from mysql query.
EDIT - longer explanation
The delete users works as your userid used on the delete query is provided without needing the select:
$UserId = $_GET['i'];
The delete traders wont work because you did not select anything to get the traders id from the user id to use on the delete query
$res=mysql_query("SELECT FROM `users` WHERE `UserId`=$UserId");
$TraderId=mysql_result($res,0,"TraderId");
ie "SELECT FROM users" - select WHAT?
Hope some one can help me out here,
i created a system with more than 1 user, each user have a unique username and id.
My problem now is how can i set my system in such a way that when a user log in, the system will direct the user to view a particular row in the database based on their username or id.
My Code to Access the Database is:
<?php
$con = mysql_connect("localhost","root","");
mysql_select_db("uloaku", $con);
$count = 1;
$y = mysql_query("SELECT * FROM transaction WHERE username = '".$_SESSION['username']."' LIMIT 1");
if(mysql_num_rows($y) != 0){
echo "<table border=\"1\" width=\"800\" >";
echo "<tr id=\"bold\">
<td>No</td>
<td align=\"center\" width=\"120\">Account Owner</td>
<td align=\"center\" width=\"120\">Deposit Date</td>
<td align=\"center\" id=\"bold\" width=\"150\">Current Balance</td>
<td align=\"center\" width=\"150\">Available Balance</td>
<td align=\"center\">Account Status</td>
</tr>";
while ($z = mysql_fetch_array($y, MYSQL_BOTH)){
echo "<tr>
<td>".$count++."</td>
<td id=\"color\" align=\"center\">".$z[1]."</td>
<td id=\"color\" align=\"center\">".$z[2]."</td>
<td id=\"color\" align=\"center\">".$z[3]."</td>
<td id=\"color\" align=\"center\">".$z[4]."</td>
<td id=\"color3\" align=\"left\">".$z[5]."</td>
</tr>";
}
echo "</table>";
}
?>
My Login Page Looks Like This:
<?php
session_start();
$_SESSION['username'] = $username;
$username = $_POST['username'];
$password = $_POST['password'];
if ($username&&$password)
{
$connect = mysql_connect("localhost","root","") or die("cannot connect!");
mysql_select_db("uloaku") or die("cannot find data base!");
$query = mysql_query ("SELECT * FROM keyaku WHERE username='".mysql_real_escape_string($username)."' AND password='".mysql_real_escape_string($password)."'");
$numrows = mysql_num_rows($query);
if ($numrows!=0)
{
while ($row = mysql_fetch_assoc($query))
{
$dbusername = $row['username'];
$dbpassword = $row['password'];
}
if ($username==$dbusername&&$password=$dbpassword)
{
echo "Welcome $username";
}
else
echo "Invalid Password";
}
else
die("Invalid User");
}
else
die("Please Enter a UserName and Password.");
?>
So far my log-in is working as i want it, and my database retrieves information the only problems is that it retrieves all information which is in the database but i want it to retrieve information based on the username or id of the person that logs in
First of all, I bet this piece of code does not work at all:
$query = mysql_query ("SELECT * FROM keyaku WHERE username='$username'&&password='$password'");
... there is no such thing as && in MySQL, therefore the query will return empty result. If you want it to work, do it at least this way (prevents SQL injection, too!):
$query = mysql_query ("SELECT * FROM keyaku WHERE username='".mysql_real_escape_string($username)."' AND password='".mysql_real_escape_string($password)."'");
Second of all, you need some way to store your login information, so it can be reused later on. If you can use sessions, the simplest way is to store username (or whichever information is linked to the row you need):
$_SESSION['username'] = $username;
Then, in your first page, update SQL to read as follows (change the column ID per your needs):
$y = mysql_query("SELECT * FROM transaction WHERE username = '".$_SESSION['username']."' LIMIT 1");
... you don't even need the LIMIT 1 part if your username field in transaction table is indexed as a primary/unique key.
I created a website that has multiple logins and unique informations to it.. i want to retrieve the data from one user. example my username is qwert and my password is 1234, I want to retrieve his unique information to the database. I used the sample code in w3schools and it selects all the data but all I want to do is to retrieve the data from the user which is only logged in.
can anyone help me about this? any help will be much appreciated.
mysql_select_db("xone_login", $con);
$result = mysql_query("SELECT * FROM admin WHERE username = '$myusername' ");
echo "<table border='1'>
<tr>
<th>Firstname</th>
<th>Lastname</th>
</tr>";
while($row = mysql_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['overtime'] . "</td>";
echo "<td>" . $row['daily_rate'] . "</td>";
echo "</tr>";
}
echo "</table>";
mysql_close($con);
?>
Replace the code in SQL in that tutorial with this (and adapt the table and column names) one:
SELECT * FROM USERS where name ='qwert' and pass = MD5('1234')
And take care at sanitizing your variables in order to avoid SQL injection attacks !
You need to use a where clause
Also you will need to specify limits on the query to restrict the result set to 1 record
$select = "SELECT * FROM usertable WHERE username = '$user' LIMIT 0, 1";
$query = mysql_query($select) or die(mysql_error());
$result = mysql_fetch_assoc($query);
//Prints the array
print_r($result);
I have my data stored in a MySQL table, which includes an auto_increment ID number (unique) for each new row.
I'd like users to be able to get a certain ID number, using the $_GET function.
eg. User loads http://mysite.com/id.php?id=123
Page displays ID number 123 along with the row.
echo $row['id'];
echo "<table>";
echo "<tr> <th>Unit</th> <th>Message</th> <th>Date</th> </tr>";
while($row = mysql_fetch_array( $result )) {
echo "<tr><td>";
echo $row['title'];
echo "</td><td>";
echo $row['description'];
echo "</td><td>";
echo $row['pubDate'];
echo "</td></tr>";
}
echo "</table>";
echo "</center>";
I'm stuck as to where I put the $_GET bit.
Thanks :)
You should append it to your query (using intval to avoid SQL injection) like this:
// use the id in your WHERE clause, convert it to an integer to avoid sql injections
$query = 'SELECT fields FROM table WHERE id = ' . intval($_GET['id']);
$result = mysql_query($query);
$row = mysql_fetch_row($result);
... do stuff with $row ...
Firstly, your code does not make much sense, since you use $row before it was defined.
Secondly, $result isn't defined at all, and it should be, for example like this:
$id = intval($_GET['id']);
$result = mysql_query("SELECT FROM table WHERE id = '$id'");
And now you know how and where to use $_GET['id'].
Dont waste your time doing the comparison afterwards, you'll save yourself alot of time by adding it to the original query
$id = intval($_GET['id']);
$query = "SELECT whatever FROM table WHERE id=$id";
$id = $_GET['id'];
$id = mysql_real_escape_string($id);
$query = "SELECT * FROM `Table` WHERE `id`='" . $id . "'";
$res = mysql_query ($query);
$exist = mysql_num_rows($res);
if ($exist) {
$row = mysqlfetch_assoc($res);
...
}