php

Hello Mohammed, helping people is the job of a forum, but you need to show us your efforts first. With your codes we will help you find your way out of the concerned problem.

hoo sorry,i didnt post my code here..its like this

<?php
session_start();
include "connect.php";
if(isset($_POST['submit']))
{
  $Email=$_POST['username'];
  $Password=$_POST['passwordname'];
   $query="SELECT * FROM users WHERE email='$Email' and password='$Password'";
  $result=mysql_query( $query);

  $count=mysql_num_rows($result);
  if($count==0){

      echo "invalid";
  }

  else if($count > 0)
  {
    $fetch = mysql_fetch_array($result);

    header("location:direct.php");
  }
    }
    ?>

haii..this is my code and in direct.php i have two files directlist.php and directlist1.php.and i want to get only specific data in both directlist and directlist1.php and the column name "code" is specified in both and in login data base also.

haii....i had lot of different school datas and when i want to login into the data i want to get only the specified data according to the username and password..username and password is different for different schools can you please help me thanks in advance and iam waiting for your answer

Hello Mohammed, the only flaws I see in your codes are you are using mysql PHP database connection layer which is deprecated. I recommend you to use mysqli or PDO database connection layer. Also your codes are not escaped which makes it very open to sql injection.

Now coming to your question, you are saying its a login system but there is no session set. After successful login you can set a session with the value of the user id (which should be a unique field in the database).

Example

<?php
    session_start();

    //including database connection file
    include "connect.php";

    //if form is submitted
    if (isset($_POST['submit'])) {

        //validating that input fields are not empty (also escaping them).
        if (!empty($_POST['username']) && !empty($_POST['passwordname'])) {

            //setting variables
            $email    = mysql_real_escape_string($_POST['username']);
            $password = mysql_real_escape_string($_POST['passwordname']);

            //querying the database
            $sql   = "SELECT * FROM users WHERE email='{$email}' AND password='{$password}'";
            $query = mysql_query( $query);

            //rows returned
            $count = mysql_num_rows($query);

            //if there is no user return invalid
            if ($count == 0) {
                echo "invalid";

                //user must be only one so need for >0
            } else if ( $count == 1) {

                //fetching user data
                $results = mysql_fetch_array($result);

                //setting session with user id
                $_SESSION['user'] = $results['id'];

                //redirecting user to direct.php.
                header("location:direct.php");
            }
        }
    }
?>

Sorry for making few changes in your variable names, but hope it helped.

Going on what @Gideon_1 first said, here is the mysqli_* version of his example (I haven't had a chance to test it at all yet, but I think it should work). Hope this helps:

<?php
    session_start();

    // database connection
    $mysqli = new mysqli('host','username','password','database_name');
    ... Check connection ...

    //if form is submitted
    if (isset($_POST['submit'])) {

        //validating that input fields are not empty (also escaping them).
        if (!empty($_POST['username']) && !empty($_POST['passwordname'])) {

            //setting variables
            $email = $mysqli->real_escape_string($_POST['username']);
            $password = $mysqli->real_escape_string($_POST['passwordname']);

            $results = $mysqli->query("SELECT COUNT(*) FROM users WHERE email='' AND xx=''");
            $get_total_rows = $results->fetch_row(); //hold total records in variable

            if($get_total_rows == 1) {
                // valid, so you can set your session in the same way as we've queried data above.
                $data = $results->fetch_assoc();
                $_SESSION['user'] = $data['id'];
            }
            $mysqli->close();
        }
    }
?>

@mattster, its not that I'm encouraging the mysql database connection layer but I don't know whether he has the basics of the mysqli database layer. And surprisely you just jumped to OOP mysqli for someone who codes in procedual and deprecated mysql.

I think he should learn the foundamentals first with procedual and then switch to OOP.(Personal Preference)

hey its ok...any way thanks in advance but when it goes to direct.php the entire information is displaying and what to do for that.e only column in all databases is column name "code" so with that can we acess

No no, my apologies for how that may have come across, I'm not accusing you for encouraging anything bad, just making sure he clearly knows the difference in using mysqli_*.

Personally, having done nothing but OOP, I think that he is more than capable of using bits of OOP in his code (even if he doesn't understand it all), because small steps are better than none at all. Granted, it would be unfair to write the whole thing as a class, but by learning the fundamentals of procedural is still learning the fundamentals of inefficiency and poor, mucky code.

Most people would hardly even notice that this is object based and not procedural, so for what little bit extra it is to realise the function looks different, but provides far more efficient database handling - is surely worth it?

yaaaa..iam new to here,had many problems..i hope you can help me in this..