Member Avatar for PF2G

Hi, i'm doing a profile page, where the user can see all his information. To begin i'm putting the information in a label, but for real i want to put it in textbox, so the user can change the information.

That's one poit i would like change, the other - most important - is pick the info from the table, and it's giving me error.

<?PHP
include 'topo.php';

$sql = "SELECT * FROM alunos where username ='" . $_SESSION ['username'] . "'";
?>


<table>
	<tr>
		<td>
			Utilizador: 
		</td>
		
		<td>
			<?PHP echo $_SESSION ['username']; ?>
		</td>
	</tr>

	<tr>
		<td>
			Password:
		</td>
		
		<td>
			<?PHP echo $_SESSION ['password']; ?>
		</td>
	</tr>
</table>

Help me, please.

Thank You,
PF2G

  • 3 Contributors
  • 2 Replies
  • 118 Views
  • 1 Week Discussion Span
  • Latest Post Latest Post by degroundshaker

Recommended Answers

All 2 Replies

Member Avatar for diafol

This code snippet is very unclear as we don't know the contents of topo.php.

You need a session_start() at the top of every page in order to use $_SESSION vars (is this in the topo.php include?).

I don't understand the use of the $sql query string. It's not run and no data is extracted from the resulting resource. So it seems pointless.

In addition, why are you displaying a cleartext password in the page? This is very dangerous. I'd suggest that you don't do this. Why are you storing the pw in a session variable? It shouldn't be required. I suggest that you only store the user id in a session variable and extract the relevant details for the user on each page (via include file).

Member Avatar for degroundshaker

It seems funny.

When you have already stored the required username, password values in your session then whats the need of executing select statement and fetching the values?

Moreover, only that statement is not enough to extract the data from database,

it should be something like:

<?PHP
include 'topo.php';

$sql = "SELECT * FROM alunos where username ='" . $_SESSION['username'] . "'";

$result = mysql_query($sql); 
while ($row_settings = mysql_fetch_array($result)) {
$name=$row_settings['username'];
$passwd=$row_settings['password'];

}

?>


<table>
<tr>
<td>
Utilizador:
</td>
 
<td>
<?PHP echo $name; ?>
</td>
</tr>
 
<tr>
<td>
Password:
</td>
 
<td>
<?PHP echo $passwd; ?>
</td>
</tr>
</table>

Above code will extract all value of the user with that particular if and store them in respective variables $name, $passwd and so on....

Moreover, I totally agree with ARDAV with what he said that we should not display password in plain text. Instead, you can use textbox for displaying password and then making its type as password. something like:

<input type="password" value="<?php echo $passwd; ?>">
Edited by degroundshaker because: n/a
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.