doddsey_65 Posted November 18, 2009 Share Posted November 18, 2009 Im using a query to display a users email address from the database. The problem is when i use this query i get the word email displayed on the screen twice and then their email, but the word email should only be appearing once. Any suggestions? Heres the code: <?php ob_start(); include('header.php'); include('contentholder.php'); // Connects to your Database $db=mysql_connect("sql304.000a.biz", "a000b_4450564", "984497") or die(mysql_error()); mysql_select_db("a000b_4450564_BBT") or die(mysql_error()); //checks cookies to make sure they are logged in if(isset($_COOKIE['ID_my_site'])) { $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die (mysql_error()); while($info = mysql_fetch_array( $check )) { //if the cookie has the wrong password, they are taken to the login page if ($pass != $info['password']) { header("Location: login.php"); } //otherwise they are shown the admin area else { echo '<center>Welcome to your area ' .$username. '</center><br><br>'; $emailresult = mysql_query("SELECT * FROM users"); while($row1 = mysql_fetch_array($emailresult)){ echo '<font size="2"><b>Email:</b></font>','<b>',' ',$row1['email']; echo "<br />","<br />"; } echo "<br><br><a href=logout.php>Logout</a>"; } } } else //if the cookie does not exist, they are taken to the login screen { header("Location: login.php"); } include('footer.php'); ob_flush(); ?> Quote Link to comment Share on other sites More sharing options...
cags Posted November 18, 2009 Share Posted November 18, 2009 Your query fetches all rows from the users table. You then loop through them. My guess is you have one row that doesn't have an email value followed by one that does. Quote Link to comment Share on other sites More sharing options...
mrMarcus Posted November 18, 2009 Share Posted November 18, 2009 you're only pulling one user from the db, correct? if so, you don't need to loop the results. i re-wrote your script minus the while() loops (there were two of them): <?php ob_start(); include('header.php'); include('contentholder.php'); // Connects to your Database $db = mysql_connect("sql304.000a.biz", "a000b_4450564", "984497") or trigger_error(mysql_error()); mysql_select_db("a000b_4450564_BBT") or trigger_error(mysql_error()); //checks cookies to make sure they are logged in if (isset ($_COOKIE['ID_my_site'])) { $username = mysql_real_escape_string($_COOKIE['ID_my_site']); $pass = mysql_real_escape_string($_COOKIE['Key_my_site']); $check = mysql_query("SELECT * FROM users WHERE username = '{$username}'")or trigger_error (mysql_error()); if (mysql_num_rows ($check) > 0) { $info = mysql_fetch_array ($check); //if the cookie has the wrong password, they are taken to the login page if ($pass != $info['password']) { header("Location: login.php"); } //otherwise they are shown the admin area else { echo '<center>Welcome to your area ' .$username. '</center><br><br>'; echo '<font size="2"><b>Email:</b></font>','<b>',' ',$info['email']; echo "<br />","<br />"; echo "<br><br><a href=logout.php>Logout</a>"; } } } else { header("Location: login.php"); exit (0); } include('footer.php'); ob_flush(); ?> EDIT: added mysql_real_escape_string() to your username and password variables to help prevent any SQL injection on your query. Quote Link to comment Share on other sites More sharing options...
doddsey_65 Posted November 18, 2009 Author Share Posted November 18, 2009 Undefined variable $row1 where is the query that looks in the db? Also i noticed i included my db details.....but you can just pretend you missed them lol Quote Link to comment Share on other sites More sharing options...
mrMarcus Posted November 18, 2009 Share Posted November 18, 2009 i don't see any $row1. the query in question should be $check = mysql_query(); right under $username and $pass declarations. and you've been including your details all day long, brother. check your other threads Quote Link to comment Share on other sites More sharing options...
doddsey_65 Posted November 19, 2009 Author Share Posted November 19, 2009 okay i did it again and it worked, took a while for it to ftp over i guess. Anyway thanks mate your a life saver. And i think you're all nice enough to leave my db alone lol.......hoping anyway. On that note can people use those to their advantage? should i be changing the pass? Quote Link to comment Share on other sites More sharing options...
mrMarcus Posted November 19, 2009 Share Posted November 19, 2009 okay i did it again and it worked, took a while for it to ftp over i guess. Anyway thanks mate your a life saver. And i think you're all nice enough to leave my db alone lol.......hoping anyway. On that note can people use those to their advantage? should i be changing the pass? no worries with me, man. i don't have the desire nor disrespect to hack someone's db. however, yes, knowledgeable people can use that information to gain access. these pages do get indexed and can show up in Google search results, so i'd change your db credentials to ensure you don't get taken over. glad i could be of help. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.