Getting account name from MySQL DB

[xQuasar]

Okay, I'm trying to make a site that for every different account that's logged in, it displays different information (eg. account name, race, etc. as you might've guessed it's a game)

 

But I'm at loss at how to make php find which account it is logged in for and display the correct row of information from mySQL for that.

 

Anyone, help?

[revraz]

Do it based on the time they logged in and update this time based on actions.  After so much time, consider them "offline".

[xQuasar]

Do it based on the time they logged in and update this time based on actions.  After so much time, consider them "offline".

 

Sorry, I'm still new to php. Can you give me an example so I can comprehend better?  :-\

[xQuasar]

*bump*

 

:-\ Really need help T_T

[blueman378]

*new to php*

 

how new?

 

eg, are you familiar with sessions, connecting to databases ect?

[xQuasar]

Uhhh. Only about over a week I'm a quick learner though. Can someone demonstrate how it could be done? =/

[redarrow]

you create a database example

 

id int not null auto_increment primary key

username varchar 100 not null

password varchar 100 not null

 

know each time a user submits info, The table gets a new id with the relevent info.

 

You need to set a session for all the ids in the database to be used in the future to no who is who....

 

example from a sign in form username and password.....

 

<?php session_start();

//database connection

$sql="select * from users where username='$username' and password='$password' ";

$res=mysql_query($sql)or die(mysql_error());

if(mysql_num_rows($res)>0){

while($data=mysql_fetch_assoc($res)){

$_SESSION["id"]=$data['id'];

header("location: members_page.php");

exit;
}

}else{

echo "Sorry we dont no you please join us! <br> <a href='signup.php'>join us!</a>";

exit;
}

?>

 

 

now u can use the session to show only that logged in user info

 

example.......

 

you need session_start on all pages for the id to be used anywere on your pages.......

 

members_page.php

<?php session_start();

$sql="select * from users where id=".$_SESSION['id']." ";

$res=mysql_query($sql)or die(mysql_error());

while($data=mysql_fetch_assoc($res)){

echo "Hello ".$data['username']." your logged in with the id off  ".$_SESSION['id']."";
}
?>

 

yes ur need valadation but it only a quick example

[xQuasar]

Is it possible to have more than 1 session (different names, of course) running at the same time?

[blueman378]

that would basically require two login scrips with alot of if statements

 

 

[xQuasar]

Oh. Uh. Nevermind that, then. Another problem.

 

(I don't know as much mysql as I thought I did. Go easy on me, i'm only 14  )

 

How come this:

 

<?php

session_start();

include 'mysql/login.php';
include 'mysql/open.php';

$username = $_SESSION['username'];
$race_query = "SELECT `race` FROM `accounts` WHERE `username`='$username'";
$race = mysql_query($race_query);

?>
Race: <?php echo "$race" ?>

 

Is giving me the output: 'Race: Resource id #7 '

 

when all that's stored in my 'race' column is 1,2,3,4, and 5? (1 digit integers)

[blueman378]

replace this line : $race = mysql_query($race_query);

with $race = mysql_query($race_query) or die(mysql_error());

 

its basically saying you have an error in your sql and this will tell you why

 

ps good job for 14

[waterssaz]

Is it possible to have more than 1 session (different names, of course) running at the same time?

Every user that logins will have their own session created :-?

[blueman378]

heh acctually thats a bit of a vague question isnt it.

 

im assuming he meant for the same user.

 

whereas waterssaz is assuming hes asking about each user.

[xQuasar]

Nevermind my sessions question, I worked it out in the end and it works now.

 

elseif (isset($_POST['username']) && isset($_POST['password'])) {
   include 'mysql/login.php';
   include 'mysql/open.php';

   $username = $_POST['username'];
   $password = $_POST['password'];
   $_SESSION['username'] = $username;

   // check if the user id and password combination exist in database
   $sql = "SELECT username
           FROM accounts
           WHERE username = '$username'
                 AND password = PASSWORD('$password')";

   $result = mysql_query($sql)
             or die('Query failed. ' . mysql_error());

   if (mysql_num_rows($result) == 1) {
      // the user id and password match,
      // set the session
      $_SESSION['logged_in'] = true;

      // after login we move to the main page
      header('Location: base.php');
      exit;
   } else {

 

^ That's how I'm saving usernames.

 

But, even after using 'or die (mysql_error());' it's still giving me 'resource id #7' o.O any ideas?

[bgadberry]

I believe you are getting that resource ID # because you only retrieved the resource and havent used it.  A simple grabbing of the array (the columns in the row) such as

 

$query="Query goes here";
$result=mysql_query($query);  //THIS IS WHERE YOU ARE.  You sent the query and now you need to "fetch" the results.
while ($resultarray = mysql_fetch_array($result))  //THIS GRABS THE ARRAY FROM YOUR  QUERY RESULTS
{	
	$columnOne=$resultarray['ColumnName1']; //THESE ARE THE VARIABLES YOU CAN USE
	$columnTwo=$resultarray['ColumnName2']; //THESE ARE THE VARIABLES YOU CAN USE
	$columnThree=$resultarray['ColumnName3'];//THESE ARE THE VARIABLES YOU CAN USE
	$columnFour=$resultarray['ColumnName4']; //THESE ARE THE VARIABLES YOU CAN USE
}

 

 

[blueman378]

opps didnt even see that, cheers bgadberry.

 

@op i hope your going to add some security in before you make that live

[xQuasar]

Security in what?

[blueman378]

sql injection

[xQuasar]

How? Remember I'm a php newbie.

[blueman378]

put it this way put this in the username field of your login form and then press submit

 

anything' OR 'x'='x

 

[xQuasar]

Oof. Heavy errors.

 

How to prevent this? Is there any way I can check if the username contains a certain character, then provide an error message and make the user re-try?

[revraz]

Look into Regex.