Selecting user specific information after login

[ben.matthews18]

Hi this is what I have set up -

 

SQL tables -

 

Members -

• memberid - primary key
  Username
  Password
   
  

 

Orders -

• Orderid - primary key
  memberid - foreign key
  orderno
  

 

 

In my sql table there are two members and two orders.

1 order is assigned to 1 member and the other order to the other member.

 

After each member logs in I need to 'echo' that order on the page.

 

 

I've not been able to write any succesful php code that 'gets' the specific order that is related to the member that has signed in.

 

I would appreciate help on this!

Thanks

 

[btherl]

Can you please post the code you have (that isn't working)

[ben.matthews18]

Here is the sql i used to create tables -

members -

    CREATE TABLE `members` (
    `memberid` int(4) NOT NULL auto_increment,
    `Username` varchar(65) collate latin1_general_ci NOT NULL,
    `Password` varchar(65) collate latin1_general_ci NOT NULL,
    PRIMARY KEY (`memberid`)
    ) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci AUTO_INCREMENT=1002 ;
     
    --
    -- Dumping data for table `members`
    --
     
    INSERT INTO `members` VALUES(1000, 'flour', '1234');
    INSERT INTO `members` VALUES(1001, 'xrated', 'password');

 

orders -

    CREATE TABLE `Orders` (
    `Orderid` int(11) NOT NULL,
    `Orderno` int(11) NOT NULL,
    `memberid` int(11) default NULL,
    PRIMARY KEY (`Orderid`),
    KEY `memberid` (`memberid`)
    ) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci;
     
    --
    -- Dumping data for table `Orders`
    --
     
    INSERT INTO `Orders` VALUES(1010, 5892584, 1000);
    INSERT INTO `Orders` VALUES(1011, 1234567, 1001);

 

here is my php code i'm using on the page to get the orders -

<?php
$host="host"; // Host name
$username="user"; // Mysql username
$password="password"; // Mysql password
$db_name="db_name"; // Database name
$tbl_name="Orders"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

$Orderid=$_GET['Orderid'];

$sql="SELECT * FROM $tbl_name WHERE Orderid='$Orderid'";


$rows=mysql_fetch_array($result);
?>

<table width="50%" border="0" align="center" style="margin-top:100px;">
  <tr>
    <td width="23%">Order ID -</td>
    <td width="77%">Echo Order ID</td>
  </tr>
  <tr>
    <td><? echo $rows['orderid']; ?></td>
    <td><? echo $rows['orderno']; ?></td>
  </tr>
  <tr>
    <td> </td>
    <td> </td>
  </tr>
  <tr>
    <td> </td>
    <td> </td>
  </tr>
</table>
<?php
mysql_close();
?>

 

 

[btherl]

Thanks for posting the code.  There is a step missing here:

 

$sql="SELECT * FROM $tbl_name WHERE Orderid='$Orderid'";

$result = mysql_query($sql) or die("Error in $sql: " . mysql_error());  # <--- This line was missing

$rows=mysql_fetch_array($result);

 

Also you should ensure that the final version of your code checks that the order id requested really belongs to the user, otherwise anyone can view anyone's order.

 

The other thing you should do before making this public is deal with mysql injection.  I can give more info about that if you are interested.

[ben.matthews18]

Thanks for the code.

 

Also you should ensure that the final version of your code checks that the order id requested really belongs to the user, otherwise anyone can view anyone's order.

 

that is what i'm trying to do, i've been unable to write a php script that does this.. i'm trying to do that with the script I posted for you.

 

thanks

[ben.matthews18]

By the way, i've just tried the code you edited and it doesn't echo anything at all.

[btherl]

Do you have a login page where users log in to your site?