0

Hi all, I am trying output the following 1 user after validating data from a database and I have no output to the screen.

I am not sure what is missing from query?
Any help would be appreciated

Thanks in advance

David

------- Index.php ------

<?php 
session_start();
    ob_start();

    include_once ("includes/settings.php");
    include("includes/functions/functions.php");

    $Errors = "";
    $_SESSION['LoggedIn'] = false;
    $_SESSION['UserID'] = "";
    $_SESSION['UserAdmin'] = false;

      if ($_POST['Submitted'] == "true") {

        // process submitted data
        $userSQL = $Database->Execute("SELECT UserID, UserFullname, UserEmail, UserLastPassword 
        FROM Users WHERE UserName = '" . mysql_real_escape_string($Text->ValidSQLString($_POST['Username'])) . "' 
        AND UserPassword = '" . md5($_POST['Password']) . "' 
        AND UserActive = 1 AND UserListingOnly = 0 
        AND UserID NOT IN (61)");
        $UserCount = $Database->RecordCount($userSQL);

        if ($UserCount == 1) {
            // user found
            $rowUser = $Database->Records($userSQL);

        }//end if
    }//end if

    else {
                // valid log in
                $_SESSION['LoggedIn'] = true;
                $_SESSION['UserID'] = $rowUser['UserID'];

                // do what I need to display

    }// end else if



 ------ settings.php -----

    <?php 
        require_once("includes/functions/sitesettings.php");
        require_once("includes/functions/database.php");

        $SiteSettings = new SiteSettings();
        $Database = new Database();

        $Settings = $SiteSettings->SettingValues();
    ?>



----sitesetting.php----

<?php 
    /*-----------------------------------------------------
    This class contains generic the setting for the website
    -----------------------------------------------------*/
    ini_set('display_errors','off');
    error_reporting(E_ALL);


    class SiteSettings {
        var $Settings;

        /*-------------------------------------------------------------------------------
        Function to retrieve the site setting of the website
        You must fill in all of the settings below

        $Settings['WS-Filepath'] is the Linux file path of the websites root folder
        $Settings['WS-HTTPpath'] is the full web path to the websites root folder
        $Settings['DB-Hostname'] is the hostname or the IP address of the database server
        $Settings['DB-Username'] is the username to access the database
        $Settings['DB-Password'] is the password to access the database
        $Settings['DB-Database'] is the name of the database you wish to access
        -------------------------------------------------------------------------------*/
        function SettingValues() {
            $Settings['WS-Filepath'] = "http://localhost/admin/";
            $Settings['WS-HTTPpath'] = "http://localhost/admin/";
            $Settings['DB-Hostname'] = "localhost";
            $Settings['DB-Username'] = "xxxxx";
            $Settings['DB-Password'] = "";
            $Settings['DB-Database'] = "xxxxxxx";

            return $Settings;
        }
    }
?>







------ database.php -----------

<?php 
    /*-------------------------------------------------
    This class contains generic database functions to 
    view, add, edit and delete all facets of a database
    -------------------------------------------------*/

    require_once ("sitesettings.php");

    class Database extends SiteSettings {
        var $Query;
        var $Connection;

        function Database() {
            $Settings = SiteSettings::SettingValues();

            $Hostname = $Settings['DB-Hostname'];
            $Username = $Settings['DB-Username'];
            $Password = $Settings['DB-Password'];
            $Database = $Settings['DB-Database'];

            $this->Connection = mysql_connect($Hostname, $Username, $Password);
            mysql_select_db($Database);
            register_shutdown_function(array(&$this, "close"));
        }

        function Execute($SQL) {
            $this->Query = $SQL;
            return mysql_query($SQL, $this->Connection);
        }

        function Records($SQL) {
            return mysql_fetch_array($SQL);
        }

        function RecordCount($SQL) {
            return mysql_num_rows($SQL);
        }

        function Close() {
            mysql_close($this->Connection);
        }
    }
?>
2
Contributors
12
Replies
45
Views
3 Years
Discussion Span
Last Post by davidjennings
0

In Execute output $SQL it to the screen, then run it on phpMyAdmin, see what happens.

Apart from that, I suggest you add error handling to your database class.

Edited by pritaeas

0

Hi Pritaeas, I have been working on this and I put error back to on and i am getting this error and it relates to this row 19 FROM Users WHERE UserName = '" . mysql_real_escape_string($Text->ValidSQLString($_POST['Username'])) . "' Undefined variable: Text in C:\wamp\www\oop_settings\index.php on line 19. A include is made to text.php and in that the fuction is stored.
I have tested echo $userSQL no output
I have run the SQL as procedural and works.

Any help is appreciated again

Thanks

David

--- text.php ---

/* -----------------------------------------------------------------------
        Function to make a string suitable for use in an SQL query
        $String - The string that is going to be used in an SQL query
        $NoUpper - Set to 1 to turn off uppercase on first character of every word
        $FullUpper - Set to 1 to make the string completely uppercase
        ----------------------------------------------------------------------- */
        function ValidSQLString($String, $NoUpper = 0, $FullUpper = 0) {
            //$String = str_replace("'", "''", $String);

            if ($NoUpper == 0) {
                $String = ucwords($String);
            }

            if ($FullUpper == 1) {
                $String = strtoupper($String);
            }

            return $String;
        }
0

$Text->ValidSQLString

Assumes a method from an object, so I think it should just be a regular function call:

mysql_real_escape_string(ValidSQLString($_POST['Username']))
0

Hi Pritaeas, having looked at this again, I have added $Text = new StringFunctions(); and runs without any errors. I have again echoed out the echo $userSQL; string and I get this output Resource id #10 not sure what this means.

Any help would be appriciated

Thanks

David

Edited by davidjennings

0

That means that $userSQL already contains a mysql result object, instead of a query. Since you already made changes, I think you can remove the echo.

0

Hi Pritaeas, thanks for your reply, I have checked how many records it found and it records 1 and is correct, How do i display the record I have found.

Thanks in advance

D

0

Pass the resource ($userSQL) to the Records method. It will return an array with the actual record data.

0

Hi Pritaeas, thanks for the reply - I have a execute function can I call that and echo out? function Execute($SQL) { $this->Query = $SQL; return mysql_query($SQL, $this->Connection);}

Thanks

David

0

Hi Pritaeas, I have placed it in the second if statement line 25-28 and using

if ($UserCount == 1) {
        // user found
        $rowUser = $Database->Records($userSQL);
        echo $rowUser['UserFullname'] . " " . $rowUser['UserLastPassword'];

Is that where you would have placed just for learning etc.

Thanks

David

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.