Member Avatar for Jake2025

Greetings,

I am having a problem on retrieving the users firstname after logging in. Here's my code

<HTML>
<BODY>
<?php
    session_start();
    include ("connectDB.php");

    $stud_test_ID = $_POST["testIDtxt"];
    $password_Field = $_POST["Passtxt"];

    $insertSql = "SELECT firstName FROM testdb WHERE stud_Id = '$stud_test_ID' And Password = '$password_Field'";
    $result = $mysqli->query($insertSql); 


    $numrows = $result->num_rows;
    if($numrows==1)
    {

        echo "record found successfully." . "username: " . $stud_test_ID;
        echo " Are you ready for the exam? " . "<a href='math(1).php' > Click here</a>"; 
        $_SESSION['studName'] = $_POST['firstName'];
    }
    else
    {
        echo "Invalid Student ID# or Password.";
    }
?>
</HTML>
</BODY>

And this is where i display my user's first name.

<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<header id="head" >

         </header>
</head>

<body>

<label>
  Examiner's Name: 

  <?php
  session_start();
  $_SESSION['studName']; 
  ?>
</label>

<form name="frmMath" action="mathQuestionnaire.php" method="post">
<table align="center" cellpadding="2" cellspacing="2" border="2" style="width:autopx;">

Any help would be appreciated.

  • 3 Contributors
  • 3 Replies
  • 164 Views
  • 21 Hours Discussion Span
  • Latest Post Latest Post by DJBirdi
Member Avatar for hericles

So you are seeing the 'invalid student id' error? That would suggest your query string is returning zero. Confirm the format of the string by echoing it and make sure the variables match your user id and password in the database.
I'm guessing the query string is incorrect.

Member Avatar for Jake2025

Sorry i wasn't able to explain it up clearer.

I have a login page and an authentication page. After the user login it will direct him to the authentication page. (The authentication page has a link that will direct you to the exams). After the user clicks the link it will direct him to the Math.php page along with his Firstname. But what happen to me is; its not retrieving the users firstname. there's no error

Member Avatar for DJBirdi

Waoooza that code's got SQL injection written all over it. Anyway, try this for a sec:

echo " Are you ready for the exam " . $_POST['firstName'] . "?" . "<a href='math(1).php' > Click here</a>";

and see if you're getting the firstname correctly on that page before saving it to a session variable. Also, session_start() should always be the first thing on any page you need to use it on ... before any HTML, outputs or variable declarations.

And lastly, if you're not seeing any visible errors, check your error_log. I can almost guaratee you'll have some sessional errors in there.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.