Hey there,

Now I have my member Logged in, now After he logs in he is taken to his profile, now I want to Show his Full name and Email... knowing that I already created a database and everything... here is the code im talking about:

$result = mysql_query("SELECT * FROM Persons
WHERE Id='?????'");

while($row = mysql_fetch_array($result))
  {
  echo $row['FirstName'] . " " . $row['LastName'];
  echo "<br />";
  }

mysql_close($con);
Member Avatar

So, what's the problem? You get the ID from the session variable. I assume you're using sessions to keep everybody logged in? When you do the login bit, it's usually easier to store the user id and perhaps the username in a session.

Here is my login code:

// username and password sent from form 
$Email=$_POST['Email']; 
$Passwrd=$_POST['Passwrd'];

// To protect MySQL injection 
$Email = stripslashes($Email);
$Passwrd = stripslashes($Passwrd);
$Email = mysql_real_escape_string($Email);
$Passwrd = mysql_real_escape_string($Passwrd);

$sql="SELECT * FROM $tbl_name WHERE Email='$Email' and password='$Passwrd'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("Email");
session_register("Passwrd"); 
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
?>
Member Avatar

So where's the user's id in all this? You are using an autoincrement, primary key (integer) ID field for the users right?

Member Avatar

Ok. I don't do this:

session_register("Email");
session_register("Passwrd");

I place

session_start();

at the very top of each page.

How about this:

$sql="SELECT * FROM $tbl_name WHERE Email='$Email' and password='$Passwrd'";
$result=mysql_query($sql);
 
// Mysql_num_row is counting table row
if(mysql_num_rows($result) > 0){
  $data = mysql_fetch_array($result);
  $_SESSION['id'] = $data['id'];
  $_SESSION['username'] = $data['username'];
  header("location:login_success.php");
} else {
  echo "Wrong Username or Password";
}

You can now access the user's id and name from each page with $_SESSION and $_SESSION respectively. Useful to have the username if you've got a link like 'logout *Username*' somewhere.

Thanks for that ^^

I have a question, When a member hits the login button, it takes him to a page, I want this page to be his profile with the tittle being his Name, I already have his First Name, Second Name, Email and password in my database in a table called "Persons" ... and in that profile page it has his Name, Email... Please Help? :)

Member Avatar

OK, so use the ID from the session variable to extract his info:

$id = $_SESSION['id'];
$r = mysql_query("SELECT ...all the fields you want... FROM profiles WHERE id = $id");

should I put

$id = $_SESSION['id'];

in the file that processes the login too?

Thanks for the help really :)

Member Avatar

Yes. The variable (info) is only propagated via session. Different pages have no 'memory' of 'normal' variables.

Thanks for all the help!

now I have everything as set.. but when I hit login button, it takes me to Member.php, but on member.php it doesnt show the info!

here is the code in member.php

$id = $_SESSION['id'];
$r = mysql_query("SELECT * FROM Persons WHERE id = $id");
 $ow=mysql_query($r); 

  {
  echo $row['FirstName'] . " " . $row['LastName'];
  echo $row['Email'];
  echo "<br />";
  }

Thanks!

Maybe you forgot to initialize the session with session_start().
And instead of line 3 it shoud read

$row = mysql_fetch_row( $r );

I did.. here is the full code

<?php
session_start();
$host="localhost"; // Host name 
$username="INFO"; // Mysql username 
$password="INFO"; // Mysql password 
$db_name="INFO"; // Database name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

    $id = $_SESSION['id'];
$r = mysql_query("SELECT * FROM Persons WHERE Id ='$id'");
while($row = mysql_fetch_array($r))
  {
  echo $row['FirstName'] . " " . $row['LastName'];
  echo $row['Email'];
  echo "<br />";
  }
 
  
?>
Member Avatar

session_start() has to be put at the top of every page including the login form handler.

echo the $id to see if it's empty or not.

Also echo the query to see if it's complete. If so copy the query and run it in phpMyAdmin sql window to see if that works.

Session_start() is everywhere lol xD

I echo'ed the $id ... seems empty.. nothing showed up!

Same for the query.... help?

EDIT: I entered the query in PHPmyadmin

error:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '$r = mysql_query("SELECT * FROM Persons WHERE Id ='$id'")' at line 1
Member Avatar

No point checking is phpmyadmin if id is empty!

OK your username and password are passed to the form handler on log in right?

e.g.

session_start();
...
$user = mysql_real_escape_string($_POST['username']);
$pass = mysql_real_escape_string($_POST['password']); //are you hashing??

$r = mysql_query("SELECT id, username FROM users WHERE username = '$user' AND password = '$pass'");
if(mysql_num_rows($r)>0){
  $d = mysql_fetch_array($r);
  $_SESSION['id'] = $d['id'];
  $_SESSION['username'] = $d['username'];
}else{
  //return to login form
}

This is my Login handler:

// To protect MySQL injection 
$Email = stripslashes($Email);
$Passwrd = stripslashes($Passwrd);
$Email = mysql_real_escape_string($Email);
$Passwrd = mysql_real_escape_string($Passwrd);

$sql="SELECT * FROM Persons WHERE Email='$Email' and password='$Passwrd'";
$result=mysql_query($sql);
 
// Mysql_num_row is counting table row
if(mysql_num_rows($result) > 0){
  $data = mysql_fetch_array($result);
  $_SESSION['id'] = $data['id'];
  $_SESSION['Email'] = $data['Emai'];
  header("location:member.php");
} else {
  echo "Wrong Username or Password";
}

?>
Member Avatar

OK

$_SESSION = $data; Missing 'l'

Sorry to keep asking, but you do have session_start() at the top of this file right?

OK, before you do header:

echo $_SESSION['id'];

THis will prevent header and give you an error, but it's just to test that id is actually in the session.

Yes I have it :)

It didnt prevent header?

There is a problem with Sessions! User is not recognized!

Member Avatar

OK if the header was sent, it means session is empty and there was no output.

OK check to see if $data gives anything. Echo that instead.

EDIT: Still it loads the member page with no info in it!

Member Avatar

So you're telling me the id field from the db IS BLANK. ARe you certain it's called 'id' as opposed to user_id or person_id?

commented: like a father patiently teaching a child... kudos. :D +2

yes its called Id not id though!

Member Avatar

SO does it work with the changes?

Hell yeah!! I love you (no homo xD)

Thanks for the help man! Could I pm you if I have any question? :)

Member Avatar

No. Forum only please. That way we all benefit. I learn a lot from my mistakes and from being corrected by real programmers. If I did any correspondence via PM, I'd lose that opportunity.

Okay :D

There is a problem... Other members cant access other member's profile.. I should use $_GET? but how? :D

Member Avatar

Yes, using get would be fine for this, just pass the username or the id in the querystring.

How? What should I edit? Login Handling? and the member page?