My users have a user_ID when logging in and this appears within the URL. However when moving to a page from 'myaccount.php' when the next form has been saved (thesis.php) the same ID should still be in the URL and therefore the correct data they inputted should be under their own ID in the database. At the moment the thesis.php page just refreshes with the following code:
$err = array();
$result = mysql_query("SELECT `id` FROM `users` WHERE `banned` = '0' ORDER BY
`id` DESC");
if(isset($_SESSION['user_id']))
if(empty($_SESSION['$user_id'])) { // user not logged in; redirect to somewhere else }
if (!empty($_POST['doThesis']) && $_POST['doThesis'] == 'Save')
{
list($id) = mysql_fetch_row($result);
session_start();
// this sets variables in the session
$_SESSION['user_id'] = $id;
foreach($_POST as $key => $value)
$stamp = time();
$ckey = GenKey();
mysql_query("update users set `ctime`='$stamp', `ckey` = '$ckey' where id='$id'")
or die(mysql_error());
$row = mysql_fetch_array($result);
print_r($row);
if(empty($err)) {
$thesis_Name = mysql_real_escape_string($_POST['thesis_Name']);
$abstract = mysql_real_escape_string($_POST['abstract']);
$sql_insert = "INSERT into `thesis`
(`user_id`,`thesis_Name`,`abstract` )
VALUES
('$id','$thesis_Name','$abstract') ";
mysql_query($sql_insert,$link) or die("Insertion Failed:" . mysql_error());
}
header("Location: myaccount.php?id=' . $_SESSION[user_id] .'");
exit();
}
}
HTML:
<p align="center">
<input name="doThesis" type="submit" id="doThesis" value="Save">
</p>
I believe you need to call session_start() before you can do isset($_SESSION['blah']).
Try shifting session_start(); to the top of the file
<?php
session_start();
.....
the rest of your code
session_start(); Must be at the top;
if you want to pass the id var in the URL use
<a href='myaccount.php?id=<? echo $id; ?>'>
Related
i want to make TOEFL test. when user want to start the test, first user must input email. So, when user click start, user have an id. I want take id from table 'id' and save it in session. so when i want to take score from 'listening', 'structure' and 'reading' table, i used that id.
but the problem is: when i do the test, listening, reading and structure score will be '0'. but i sure i has answered the questions correctly. Maybe it because id not save in session correctly. please help meeee
index.php
<form method="POST" action="add_id.php">
<input type="text" name="email" placeholder="Email">
<input name="btn" type="submit" value="Start"/>
</form>
add_id.php
<?php
include "connection.php";
$email = $_POST['email'];
$query = "INSERT INTO id(email) VALUES ('$email')";
if(mysql_query($query)){
$q = "SELECT * FROM id";
$ex=mysql_query($q);
$id = $ex['id'];
session_start();
$_SESSION['id'] = $id;
header("location:test_structure.php");
}
else {
echo mysql_error();
}
?>
calculate.php
<?
include "connection.php";
$id =$_SESSION['id'];
$query ="SELECT * FROM Reading WHERE Reading.id='$id'";
$ex=mysql_query($query);
$data=mysql_fetch_array($ex);
$right_structure = $data['rightanswer_read'];
$Reading = $data['score_read'];
$query ="SELECT * FROM Structure WHERE Structure.id='$id'";
$ex=mysql_query($query);
$data=mysql_fetch_array($ex);
$right_structure = $data['rightanswer_struct'];
$Structure = $data['score_struct'];
$q ="SELECT * FROM Listening WHERE Listening.id='$id'";
$e=mysql_query($q);
$d=mysql_fetch_array($e);
$right_listening = $d['rightanswer_list'];
$Listening = $d['score_list'];
$final_score = (($Listening + $Structure + $Reading)/3) * 10;
$NA = "INSERT INTO final_score VALUES ('$email', '$final_score', '$Listening', '$Structure', '$Reading', '$right_listening', '$right_structure', '$right_reading')";
if(mysql_query($NA)){
header("location:index.php");
}else {
echo mysql_error();
}
}
?>
this is id table structure:
CREATE TABLE IF NOT EXISTS `id` (
`id` int(100) NOT NULL,
`email` varchar(30) NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;
Change your add_id.php file like this,
<?php
session_start();
include "connection.php";
$email = $_POST['email'];
$query = "INSERT INTO id(email) VALUES ('$email')";
if(mysql_query($query)){
$id = mysql_insert_id();
$_SESSION['id'] = $id;
header("location:test_structure.php");
}
else {
echo mysql_error();
}
?>
Also read about function mysql_insert_id() at http://php.net/manual/en/function.mysql-insert-id.php
I have this code :
if(isset($_POST['remove'])){
$con = mysqli_connect(".","","","");
$q = mysqli_query($con,"UPDATE members SET picture = '' WHERE username = '".$_SESSION['username']."'");
header( "refresh:2;url=settings.php" );
echo "<div class='notemarg'>Profile Picture has been removed. Refreshing page within 3 seconds...</div>";
}
It is working, but I want it to do something like this
if(isset($_POST['remove'])){
$con = mysqli_connect("","","","");
while($row = mysqli_fetch_assoc($q)){
if($row['picture'] == ""){
echo "<div class='notemarg'> No pictures to delete</div>";
} else {
$q = mysqli_query($con,"UPDATE members SET picture = '' WHERE username = '".$_SESSION['username']."'");
header( "refresh:2;url=settings.php" );
echo "<div class='notemarg'>Profile Picture has been removed. Refreshing page within 3 seconds...</div>";
}
}
}
This means that the picture from database will be removed only if there IS any picture.. if not, then it will display that message "No pictures to delete" ... but it does not work.. it still shows that error message that there is no picture even though there is no blank row in database and so it does not delete the information in row either...
Where is problem?
BTW: first code works fine... and it works even if there is nothing in database so it kinda does not make sense that the "profile picture has been removed." is being displayed...
Try this instead:
$con = mysqli_connect("","","","");
if(isset($_POST['remove'])){
$q = mysqli_query($con, "SELECT picutre FROM members where username = '". $_SESSION['username']. "'");
$row = mysqli_fetch_assoc($q);
if( empty($row['picture'])){
echo "<div class='notemarg'> No pictures to delete</div>";
}
else {
$q = mysqli_query($con,"UPDATE members SET picture = '' WHERE username = '".$_SESSION['username']."'");
header( "refresh:2;url=settings.php" );
echo "<div class='notemarg'>Profile Picture has been removed. Refreshing page within 3 seconds...</div>";
}
}
You need the mysqli_query statement:
$con = mysqli_connect("","","","");
if(isset($_POST['remove'])){
$q = mysqli_query($con,"SELECT IFNULL(picture,'') AS picture
FROM members
WHERE username = '".$_SESSION['username']."'");
$row = mysqli_fetch_assoc($q);
if( empty($row['picture'])){
echo "<div class='notemarg'> No pictures to delete</div>";
}
else {
$q = mysqli_query($con,"UPDATE members SET picture = '' WHERE username = '".$_SESSION['username']."'");
header( "refresh:2;url=settings.php" );
echo "<div class='notemarg'>Profile Picture has been removed. Refreshing page within 3 seconds...</div>";
}
}
Here is my PHP code:
// Collect data from URL
$mid = $_GET['m'];
if (isset($_POST['submit']))
{
$insert = "insert into table SET from_id = '".$loginuser['members_id']."', to_id = '". $mid ."', date = '".$_POST['date']."' ";
$add_member = mysql_query($insert);
}
The data gets entered in the database correctly except the $mid
But if in my HTML I put this :
<?php print $mid;?>
Then i can see the print of the ID number ... so I know my variable $mid has the proper value.... I don't know why it not getting inserted in the DB.
I also tried this SQL
$insert = "insert into table SET from_id = '".$loginuser['members_id']."', to_id = "$mid", date = '".$_POST['date']."' ";
$add_member = mysql_query($insert);
Same thing... everything works except the value of $mid doesn't go in the DB.
My field in the DB is set to Int(11) and there is no mistake in the column name.. i checked 5 times... Don'T know what's wrong.. thx
ENTIRE CODE HERE :
<?
ob_start();
include 'datalogin.php';
//checks cookies to make sure they are logged in
if(isset($_COOKIE["user"]))
{
$username = $_COOKIE["user"];
$pass = $_COOKIE["password"];
$check = mysql_query("SELECT * FROM members WHERE email = '$username'")or die(mysql_error());
$loginuser = false;
while($info = mysql_fetch_array( $check ))
{
if(! $loginuser)
{ $loginuser = $info; }
//if the cookie is present but has the wrong password, they are taken to the login page
if ($pass != $info['password'])
{
header("Location: login.php");
exit();
}
else //if the cookie is present and doesn'T have the wrong password they are shown the admin area
{
include 'header.php';
}
}
}
else //if there is no cookie present
{
header("Location: login.php");
exit();
}
// Collects data from images table
$mid = $_GET['m'];
$data = mysql_query("SELECT images.image_id, images.members_id, images.image_url, members.members_id, members.name, members.age
FROM members
LEFT JOIN images
ON members.members_id=images.members_id WHERE members.members_id ='". $mid ."' ")
or die(mysql_error());
$data2 = mysql_fetch_array( $data );
if (isset($_POST['submit']))
{
$insert = "insert into booking SET from_id = '".$loginuser['members_id']."', to_id = '$mid', date = '".$_POST['date']."'";
$add_member = mysql_query($insert) or die(mysql_error());
header('Location: index.php');
exit();
}
?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" >
<table cellspacing='0' id="booking" align="center" width="680">
<tr>
<td>Date:</td>
<td><input name="date" type="text" size="10" maxlength="10" class="form-field" /> </td>
</tr>
<tr>
<td> </td>
<td><input class="submit-button" type="submit" name="submit" value="SEND REQUEST" /></td>
</tr>
</table>
</form>
<br />
HERE IS THE TABLE STRUCTURE
CREATE TABLE IF NOT EXISTS `booking` (
`booking_id` int(11) NOT NULL AUTO_INCREMENT,
`from_id` int(11) NOT NULL,
`to_id` int(11) NOT NULL,
`date` varchar(10) NOT NULL,
PRIMARY KEY (`booking_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=17 ;
Try in this way
if (isset($_POST['submit']))
{
$mid = $_GET['m'];
$insert = "insert into table SET from_id = '".$loginuser['members_id']."', to_id = '". $mid ."', date = '".$_POST['date']."' ";
$add_member = mysql_query($insert);
}
I have a simple question,
I have a login and workspace area.
After the user logs in It shows the username of the logged in user at workplace as what I wanted. Now my problem is when user finish filling form available in his workspace the form is then stored in database also i need the username that is coming from session also get stored to the database.
here is code that is storing username and maintaining session after user reach at workspace after login:
<?php
require_once($_SERVER['DOCUMENT_ROOT'].'/MainProject/connect/auth.php');
session_start();
?>
The final version of the updated insert file :
//This code is included to check session and store username
<?php
require_once('..\connect\auth.php');
// session_start();
$usern = $_SESSION['SESS_FIRST_NAME'];
?>
<?php
mysql_connect('localhost','root','');
mysql_select_db('main_project') or die (mysql_error());
if(isset($_POST['WID'])){
for ($ix=0; $ix<count($_POST['WID']); $ix++)
{
$WID = mysql_real_escape_string(#$_POST['WID'][$ix]);
$website = mysql_real_escape_string(#$_POST['website'][$ix]);
//var_dump("<pre>", $_POST['cat']); die(); // Debugger for checking cat counter.
// $cat = implode(",", mysql_real_escape_string($_POST['cat'][$ix]));
if(is_array(#$_POST['cat'][$ix]))
$cat = mysql_real_escape_string(implode(',', #$_POST['cat'][$ix]));
else
$cat = mysql_real_escape_string(#$_POST['cat'][$ix]);
$email = mysql_real_escape_string(#$_POST['email'][$ix]);
$cform = mysql_real_escape_string(#$_POST['cform'][$ix]);
$contactp = mysql_real_escape_string(#$_POST['contactp'][$ix]);
$contacts = mysql_real_escape_string(#$_POST['contacts'][$ix]);
$fax = mysql_real_escape_string(#$_POST['fax'][$ix]);
$Ctype = mysql_real_escape_string(#$_POST['Ctype'][$ix]);
$usern = mysql_real_escape_string(#$_POST['usern'][$ix]);
$sql_res = mysql_query("INSERT INTO website_01data (WID,website,cat,email,cform,contactp,contacts,fax,Ctype,TimeStamp,usern)
VALUES ('".$WID."', '".$website."', '".$cat."', '".$email."','".$cform."', '".$contactp."', '".$contacts."', '".$fax."', '".$Ctype."', Now(), '".$usern."' )");
$sql_res = mysql_error();
}//end for..
echo "<p><span style=\"color: red;\">Thank You; your records are sent to database. DO NOT REFRESH THE PAGE or data will be sent again.</span></p>";
}
?>
In the logging in process, you must store your username in a session
$_SESSION['username'] = $username;
in the process of saving the form, you can call session_start(); and get the session using
$tobeinserted = $_SESSION['username'];
I believe
Remove comment in session start.
Use this.
//This code is included to check session and store username
<?php
require_once('..\connect\auth.php');
session_start();
$usern = $_SESSION['SESS_FIRST_NAME'];
?>
<?php
mysql_connect('localhost','root','');
mysql_select_db('main_project') or die (mysql_error());
if(isset($_POST['WID'])){
for ($ix=0; $ix<count($_POST['WID']); $ix++)
{
$WID = mysql_real_escape_string(#$_POST['WID'][$ix]);
$website = mysql_real_escape_string(#$_POST['website'][$ix]);
//var_dump("<pre>", $_POST['cat']); die(); // Debugger for checking cat counter.
// $cat = implode(",", mysql_real_escape_string($_POST['cat'][$ix]));
if(is_array(#$_POST['cat'][$ix]))
$cat = mysql_real_escape_string(implode(',', #$_POST['cat'][$ix]));
else
$cat = mysql_real_escape_string(#$_POST['cat'][$ix]);
$email = mysql_real_escape_string(#$_POST['email'][$ix]);
$cform = mysql_real_escape_string(#$_POST['cform'][$ix]);
$contactp = mysql_real_escape_string(#$_POST['contactp'][$ix]);
$contacts = mysql_real_escape_string(#$_POST['contacts'][$ix]);
$fax = mysql_real_escape_string(#$_POST['fax'][$ix]);
$Ctype = mysql_real_escape_string(#$_POST['Ctype'][$ix]);
//$usern = mysql_real_escape_string(#$_POST['usern'][$ix]);
$sql_res = mysql_query("INSERT INTO website_01data (WID,website,cat,email,cform,contactp,contacts,fax,Ctype,TimeStamp,usern)
VALUES ('".$WID."', '".$website."', '".$cat."', '".$email."','".$cform."', '".$contactp."', '".$contacts."', '".$fax."', '".$Ctype."', Now(), '".$usern."' )");
$sql_res = mysql_error();
}//end for..
echo "<p><span style=\"color: red;\">Thank You; your records are sent to database. DO NOT REFRESH THE PAGE or data will be sent again.</span></p>";
}
?>
So, I have a simple script that allows you to choose between any of your "team names". When you choose and sumbit, it is then supposed to do a php setcookie with the value of the selection which is a hashed version of the team name.
Here is the relevant code:
<?php
include 'include/db.php';
if(isset($_POST['submitteam'])) {
$team_hash = $_POST['teams'];
setcookie('ver_aet', $team_hash, time()+2592000);
header('Location: index.php');
}
$email = $_COOKIE['ver_ame'];
//Find the User Id from the Email Hash
$sql_finduid = "SELECT * FROM users_sensitive WHERE email_hash = '$email'";
$sql_finduid_result = mysql_query($sql_finduid);
while ($row = mysql_fetch_array($sql_finduid_result)) {
$user_id = $row['user_id'];
} //End Find User Id
/*
$sql_finduid = mysql_query("SELECT user_id FROM users WHERE email = '$email'");
$user_id = mysql_result($sql_finduid) or die(mysql_error());
*/
//Find the Team Id from the User Id above
$sql_findteams = "SELECT * FROM team_members WHERE user_id = '$user_id'";
$sql_findteams_result = mysql_query($sql_findteams);
if(mysql_num_rows($sql_findteams_result) < 1){
header('Location: registerteam.php?ver_ame=' . $email);
} else {
while ($row = mysql_fetch_array($sql_findteams_result)) {
$team_id = $row['team_id'];
/*
$sql_finduid = mysql_query("SELECT user_id FROM users WHERE email = '$email'");
$user_id = mysql_result($sql_finduid) or die(mysql_error());
*/
if((mysql_num_rows($sql_findteams_result)) <= 1) {
$sql_findteamname = "SELECT * FROM teams WHERE team_id = '$team_id'";
$sql_findteamname_result = mysql_query($sql_findteamname);
while ($row = mysql_fetch_array($sql_findteamname_result)) {
$team_name = $row['team_name'];
$team_hash = $row['team_name_hash'];
}
setcookie('ver_aet', $team_hash, time()+2592000);
header('Location: index.php');
} else {
//setcookie('ver_ame', $teamname_hash, time()+2592000);
//setcookie('ver_aet', $email, time()+2592000);
//header('Location: index.php'); ?>
and the HTML
Select the team you would like to view: <br />
<form method="post" action="<?PHP echo $_SERVER['PHP_SELF']; ?>">
<select name="teams">
<?PHP
$sql_findteams = "SELECT * FROM team_members WHERE user_id = '$user_id'";
$sql_findteams_result = mysql_query($sql_findteams);
while ($row = mysql_fetch_array($sql_findteams_result)) {
$team_id = $row['team_id'];
/*
$sql_finduid = mysql_query("SELECT user_id FROM users WHERE email = '$email'");
$user_id = mysql_result($sql_finduid) or die(mysql_error());
*/
$sql_findteamname = "SELECT * FROM teams WHERE team_id = '$team_id'";
$sql_findteamname_result = mysql_query($sql_findteamname);
while ($row = mysql_fetch_array($sql_findteamname_result)) {
$team_name = $row['team_name'] . " ";
$team_hash = $row['team_name_hash'] . "<br />";
?>
<option value="<?= $team_hash; ?>"><?= $team_name . $team_hash; ?></option>
<?PHP
}
}
?>
</select>
<input type="submit" name="submitteam" value="Submit" />
</form>
</div>
</div>
</div>
basically, "if the submit button is clicked, set the cookie for the name of the team. If not clicked, continue. Find the cookie of your email, find out how many teams you belong to, if there is one team, make that your team cookie and continue, if not, show all available teams and allow the user to select one. loop"
I currently have the $team_hash echoing just to show that it is pulling the correct hash number (and it is). When I hit submit, it loops to the top of the page and does the setcookie statement. It sets a cookie but the cookie seems to end up having random percent signs throughout it after it is set.
What should be set: d2fea5c982b6cb3f5bffc4998d96cbe5
What is actually set: d2fea5c982b6cb3f5bffc4998d96cbe5%3Cbr+%2F%3E
Where are these extra things coming from?
The problem is that you're adding <br /> at the end of the hash when you're doing $team_hash = $row['team_name_hash'] . "<br />"; and when you're setting the value of the option, you're using $team_hash which contains a <br />. When you're doing the set cookie, the <br /> gets URL encoded hence why it's at the end of your cookie.
Simple change the line to:
$team_hash = $row['team_name_hash'];
You have a <br/> in there somehow, and PHP is url encoding it.
Right here
$team_hash = $row['team_name_hash'] . "<br />";