Jump to content

Help with getting info from database from a session.

TheEddy

By TheEddy
in PHP Coding Help

 Share

Recommended Posts

TheEddy Member

TheEddy

Posted
Posted

Well, I have been able to create a registration and login page.  Now I am trying to make an "Edit Profile" page but I can't seem to be able to pull up their primary key field which is called "userID" and I need help doing this.  How would I get it from the MySQL database?

Link to comment
Share on other sites
TheEddy Member

TheEddy

Posted
  • Author
Posted

What information are you storing in the $_SESSION array that is associated with the user?

That's what I want to know lol.

$_SESSION['userID'] = "1";

 

That's currently what I have for testing purposes.  But I want it to have a variable that will equal the userID of whoever is logged in.

Link to comment
Share on other sites
TheEddy Member

TheEddy

Posted
  • Author
Posted

Oh, well you should store that information in the $_SESSION array when the user logs in successfully, then it will be available for use during the time they are on the site.

Is that how scripts such as forums normally do it?

Link to comment
Share on other sites
Joshua4550 Member

Joshua4550

Posted
Posted

Oh, well you should store that information in the $_SESSION array when the user logs in successfully, then it will be available for use during the time they are on the site.

Is that how scripts such as forums normally do it?

Yes. When they log in, it stores username/user id in a session (Eg: $_SESSION['mysite_logid']) and then providing you start sessions for the relative page, you can use that session to tell your next script the logged in user's username/ID.

Link to comment
Share on other sites
TheEddy Member

TheEddy

Posted
  • Author
Posted 

<?php
session_start();

require_once ("dbconn.php");

$select_user = mysql_query("SELECT * FROM `users` WHERE `userName` = '".mysql_real_escape_string($_POST['username'])."' AND `password` = '".mysql_real_escape_string(md5($_POST['password']))."'");

if (mysql_num_rows($select_user) != 0) 
{
    $_SESSION['authorized'] = true;
    $_SESSION['userID'] = $row["userID"];

    header("Location: editprofile.php");
    exit;
} 
else 
{
    header("Location: login.php");
    exit;       
}
?>

 

That's what I have set up for the login form.  Do I have "userID" part right?

Link to comment
Share on other sites
TheEddy Member

TheEddy

Posted
  • Author
Posted

Oh, and this is what I have for my editprofile.php so far.  Nothing much in the content part, just trying to get it to work.

 

<?php 
if(!isset($_SESSION))
{
session_start();
}
$_SESSION['userID'] = $row["userID"];
?>
<?php
if ($_SESSION['authorized'] != true) 
{
    header("Location: login.php");	
    exit;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html lang="EN" dir="ltr" xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <meta http-equiv="content-type" content="text/xml; charset=utf-8" />
    <title>Edit Profile</title>
    <style type = "text/css">
      table {
        margin: 0 auto;
    </style>
  </head>
  <body>
<?php
require_once ("dbconn.php");
?>
<?php
if(isset($_SESSION['userID'])){

$result = mysql_query("SELECT * FROM `users` WHERE `userID` = '".mysql_real_escape_string($_SESSION['userID'])."' LIMIT 1") or die(mysql_error());

while ($row = mysql_fetch_array($result)) {
$userName = $_SESSION['userID'];
print ("Testing.  Your ID is $userID 
<br /><a href=\"http://localhost/mgnml/logout.php\">Log Out</a>");
}
}


?>
  </body>
</html>

Link to comment
Share on other sites
Pikachu2000 Prolific Member

Pikachu2000

Posted
Posted

Yes, it appears to be just fine. I have a couple suggestions though, if you're interested.

 

If you don't actually need the data from all the fields in a database, don't use a wildcard SELECT * FROM `table` query. Specify the fields you need: SELECT `userID` FROM `users` WHERE . . .

 

You should separate your query strings from the query execution. Store the string in a variable, $query = "SELECT whatever FROM some_table":, then use the variable in the query execution. $result = mysql_query( $query );. This gives you the ability to echo the query separately, or send it to the PHP error log when debugging is needed, and sooner or later it will be.

 

When you're checking the mysql_num_rows result, since you're expecting exactly one record to be returned, you should check that one, and only one record is returned. Less than one is no matching record, but more than one match is ambiguous, and can be an indication of data corruption, SQL injection, etc. So if( mysql_num_rows($select_user) == 1 ) would be a better option.

 

 

Link to comment
Share on other sites
TheEddy Member

TheEddy

Posted
  • Author
Posted

Yes, it appears to be just fine. I have a couple suggestions though, if you're interested.

 

If you don't actually need the data from all the fields in a database, don't use a wildcard SELECT * FROM `table` query. Specify the fields you need: SELECT `userID` FROM `users` WHERE . . .

 

You should separate your query strings from the query execution. Store the string in a variable, $query = "SELECT whatever FROM some_table":, then use the variable in the query execution. $result = mysql_query( $query );. This gives you the ability to echo the query separately, or send it to the PHP error log when debugging is needed, and sooner or later it will be.

 

When you're checking the mysql_num_rows result, since you're expecting exactly one record to be returned, you should check that one, and only one record is returned. Less than one is no matching record, but more than one match is ambiguous, and can be an indication of data corruption, SQL injection, etc. So if( mysql_num_rows($select_user) == 1 ) would be a better option.

The code I have set up doesn't work.  If I change the edit profile code from:

 

$_SESSION['userID'] =  $row['userID'];

 

to:

 

$_SESSION['userID'] =  1;

 

It works for the user with the userID of 1.

 

I think that there is nothing in $row['userID'] or $_SESSION['userID'] is not working correctly.

 

Edit: Yup, the problem is with $row['userID']

Link to comment
Share on other sites
Pikachu2000 Prolific Member

Pikachu2000

Posted
Posted

You posted some more while I was writing, I guess. In the editprofile.php script, the session_start() needs to be before any attempt to use a $_SESSION var. You should also check specifically for the $_SESSION array element you need to be set. This is untested, but it should work as written. Let me know if it doesn't . . .

 

<?php
session_start();
// UNCOMMENT NEXT LINE TO PRINT THE $_SESSION ARRAY TO THE SCREEN . . .
// echo '<pre>'; print_r($_SESSION); echo '</PRE>';
if(empty($_SESSION['userID']) || $_SESSION['authorized'] != true ) {
header("Location: login.php");
exit;
} else {

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html lang="EN" dir="ltr" xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <meta http-equiv="content-type" content="text/xml; charset=utf-8" />
    <title>Edit Profile</title>
    <style type = "text/css">
      table {
        margin: 0 auto;
    </style>
  </head>
  <body>
<?php
require_once ("dbconn.php");
$result = mysql_query("SELECT * FROM `users` WHERE `userID` = '{$_SESSION['userID']}' LIMIT 1") or die(mysql_error());
$row = mysql_fetch_array($result);
$userName = $_SESSION['userID'];
print ("Testing.  Your ID is $userID<br /><a href=\"http://localhost/mgnml/logout.php\">Log Out</a></body></html>");
}
?>

Link to comment
Share on other sites
TheEddy Member

TheEddy

Posted
  • Author
Posted

You posted some more while I was writing, I guess. In the editprofile.php script, the session_start() needs to be before any attempt to use a $_SESSION var. You should also check specifically for the $_SESSION array element you need to be set. This is untested, but it should work as written. Let me know if it doesn't . . .

 

<?php
session_start();
// UNCOMMENT NEXT LINE TO PRINT THE $_SESSION ARRAY TO THE SCREEN . . .
// echo '<pre>'; print_r($_SESSION); echo '</PRE>';
if(empty($_SESSION['userID']) || $_SESSION['authorized'] != true ) {
header("Location: login.php");
exit;
} else {

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html lang="EN" dir="ltr" xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <meta http-equiv="content-type" content="text/xml; charset=utf-8" />
    <title>Edit Profile</title>
    <style type = "text/css">
      table {
        margin: 0 auto;
    </style>
  </head>
  <body>
<?php
require_once ("dbconn.php");
$result = mysql_query("SELECT * FROM `users` WHERE `userID` = '{$_SESSION['userID']}' LIMIT 1") or die(mysql_error());
$row = mysql_fetch_array($result);
$userName = $_SESSION['userID'];
print ("Testing.  Your ID is $userID<br /><a href=\"http://localhost/mgnml/logout.php\">Log Out</a></body></html>");
}
?>

 

Had to also make some changes to the other code.  Now it works.  Thanks for the help!

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.