webguync Posted February 3, 2010 Share Posted February 3, 2010 Hi, I am storing a name in a field in MySQL called 'name' and retrieving it via SQL and using SESSION variable to echo out the info. $query = "SELECT username,password,name FROM Editor_Candidates WHERE password = '$password' AND username='$username'"; $_SESSION['name'] = $row->name; echo "<div id='welcome'><h3>Welcome! You are now logged in " . $_SESSION['name'] . "</h3>"; I am then trying to take that info and submit the name variable into another table in MySQL when a form is submitted, but it isn't working. Field is blank in MySQL. in the form submit code I have: $sql="INSERT INTO Responses (name,Answer1,Answer2,Answer3,Answer4,Answer5,Answer6,Answer7,Answer8,Answer9) VALUES ('$name','$A1','$A2','$A3','$A4','$A5','$A6','$A7','$A8','$A9')"; /*form_data is the name of the MySQL table I am probably missing a step or two, so need some assistance. Quote Link to comment Share on other sites More sharing options...
KevinM1 Posted February 3, 2010 Share Posted February 3, 2010 Do you take the name value out of the session variable? Quote Link to comment Share on other sites More sharing options...
webguync Posted February 4, 2010 Author Share Posted February 4, 2010 I am doing everything I posted so maybe that is a no. Please post an example of what you are referring to. Quote Link to comment Share on other sites More sharing options...
KevinM1 Posted February 4, 2010 Share Posted February 4, 2010 I am doing everything I posted so maybe that is a no. Please post an example of what you are referring to. Well, you have a variable named $name that you attempt to use in your query. I'm assuming the value stored in it is supposed to be what you stored in $_SESSION['name']. If this is the case, and you want to use $name, you need to essentially unpack the session variable like so: $name = $_SESSION['name']; Also, be sure to have session_start(); as the first line of every page you want to be able to use sessions on. It won't work otherwise. If this doesn't fix it, post more code so we can better diagnose the problem. Quote Link to comment Share on other sites More sharing options...
webguync Posted February 4, 2010 Author Share Posted February 4, 2010 yea, I tried again and the name still didn't display. Here is all of my submit code <?php session_start(); $_SESSION['name'] = $row->name; $con = mysql_connect("localhost","username","pw") or die('Could not connect: ' . mysql_error()); mysql_select_db("DBName") or die(mysql_error()); $name=mysql_real_escape_string($_POST['name']); //This value has to be the same as in the HTML form file $A1=mysql_real_escape_string($_POST['Answer1']); //This value has to be the same as in the HTML form file $A2=mysql_real_escape_string($_POST['Answer2']); //This value has to be the same as in the HTML form file $A3=mysql_real_escape_string($_POST['Answer3']); //This value has to be the same as in the HTML form file $A4=mysql_real_escape_string($_POST['Answer4']); //This value has to be the same as in the HTML form file $A5=mysql_real_escape_string($_POST['Answer5']); //This value has to be the same as in the HTML form file $A6=mysql_real_escape_string($_POST['Answer6']); //This value has to be the same as in the HTML form file $A7=mysql_real_escape_string($_POST['Answer7']); //This value has to be the same as in the HTML form file $A8=mysql_real_escape_string($_POST['Answer8']); //This value has to be the same as in the HTML form file $A9=mysql_real_escape_string($_POST['Answer9']); //This value has to be the same as in the HTML form file $sql="INSERT INTO Responses (name,Answer1,Answer2,Answer3,Answer4,Answer5,Answer6,Answer7,Answer8,Answer9) VALUES ('$name','$A1','$A2','$A3','$A4','$A5','$A6','$A7','$A8','$A9')"; /*form_data is the name of the MySQL table where the form data will be saved. name and email are the respective table fields*/ if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo "The answer was submitted successfully"; mysql_close($con); ?> and the code where the $name is originally assigned <?php ini_set("display_errors","1"); ERROR_REPORTING(E_ALL); session_start(); $con = mysql_connect("localhost","username","password") or die('Could not connect: ' . mysql_error()); mysql_select_db("DBName") or die(mysql_error()); // Same checking stuff all over again. if(isset($_POST['submit'])) { if(empty($_POST['username']) || empty($_POST['password']) ) { echo "<h2 style='color:#0080b2;font-weight:bold;font-family:arial, helvetica, sans-serif;font-size:'14px';>Please fill in both your username and password to access your exam results.</h2>"; echo "<meta http-equiv='refresh' content='5; url=ExamLogin.php'>"; exit; } // Create the variables again. $username = mysql_real_escape_string($_POST['username']); $password = $_POST['password']; // Encrypt the password again with the md5 hash. // This way the password is now the same as the password inside the database. //$pwid = md5($pwid); // Store the SQL query inside a variable. // ONLY the username you have filled in is retrieved from the database. $query = "SELECT username,password,name FROM Editor_Candidates WHERE password = '$password' AND username='$username'"; $result = mysql_query($query) or die(mysql_error()); if(mysql_num_rows($result) == 0) { // Gives an error if the username/pw given does not exist. // or if something else is wrong. echo "<h2 style='color:#0080b2;font-weight:bold;font-family:arial, helvetica, sans-serif;font-size:'14px';>You have entered a username or password that does not match our database records. please try again. You will be redirected back to the login screen in 5 seconds.</h2> " . mysql_error(); echo "<meta http-equiv='refresh' content='5; url=EditorLogin.php'>"; exit(); /* this would benefit from a redirect to a page giving better information to the user and maybe logging some errors. */ } else { // Now create an object from the data you've retrieved. $row = mysql_fetch_object($result); // You've now created an object containing the data. // You can call data by using -> after $row. // For example now the password is checked if they're equal. // By storing data inside the $_SESSION superglobal, // you stay logged in until you close your browser. $_SESSION['name'] = $row->name; $_SESSION['username'] = $username; $_SESSION['sid'] = session_id(); // Make it more secure by storing the user's IP address. $_SESSION['ip'] = $_SERVER['REMOTE_ADDR']; // Now give the success message. // $_SESSION['username'] should print out your username. //move this to after your redirect further below.. //Update record with current time IF the account has never logged in before $query = "UPDATE `Editor_Candidates` SET `login_timestamp` = NOW() WHERE `username` = '$username' AND `password` = '$password' AND login_timestamp = '';"; $result = mysql_query($query); //Check if query ran succesfully } } // Start a session. If not logged in will be redirected back to login screen. if(!isset($_SESSION['username'])){ header("Location:EditorLogin.php"); exit; } echo "<div id='welcome'><h3>Welcome! You are now logged in " . $_SESSION['name'] . "</h3>"; ?> Quote Link to comment Share on other sites More sharing options...
KevinM1 Posted February 4, 2010 Share Posted February 4, 2010 What order is this code being executed in? Is the first bit of code in a different file than the second? Where does the first code block's $row->name come from? Quote Link to comment Share on other sites More sharing options...
webguync Posted February 4, 2010 Author Share Posted February 4, 2010 the flow is like this. Starts out with a login form (code below) <form enctype="multipart/form-data" method="post" action="test.php"> <label for="username">Username (email address): </label><br /> <input type="text" name="username" id="username"><br /> <label for="password">Password<br /> (you should have been given this): </label><br /> <input type="password" name="password" id="password"><br /> <input class="submit" type="submit" name="submit" value="Log In" /> </form> the username and password is stored in the database and when submitted the code in test.php goes into action which contains the SQL to authenticate against the DB username and password and also SQL to pull out the name which is also in the database. In test.php I am also storing the name variable $_SESSION['name'] = $row->name; test.php also has forms when submitting activates the submit code I posted which is where I was trying to get the $name information submitted into the database. <form action ="TestSubmit.php" method="post"> <!--question1--> <label for="Question1"> <img src="Questions/Q1.png" alt="Question 1" width="650" height="69" /> </label><br /><br /> <textarea name="Answer1" id="Answer1" rows="15" cols="80"> </textarea> <br /><br /> <input type="submit" value="submit" name="submit" class="submit" /><br /> <input type="reset" value="reset" name="reset" class="submit"/> </form> Quote Link to comment Share on other sites More sharing options...
webguync Posted February 4, 2010 Author Share Posted February 4, 2010 anyone see what I did wrong? Quote Link to comment Share on other sites More sharing options...
webguync Posted February 5, 2010 Author Share Posted February 5, 2010 any ideas? Quote Link to comment Share on other sites More sharing options...
webguync Posted February 5, 2010 Author Share Posted February 5, 2010 just a quick update. I tried printing out the name variable on the submit page after the form is submitting, and it does not. So apparently the value of the name SESSION variable is is not holding through to this page. <?php session_start(); $_SESSION['name'] = $row->name; $con = mysql_connect("localhost","username","password") or die('Could not connect: ' . mysql_error()); mysql_select_db("ETSI_Internal") or die(mysql_error()); $name = $_SESSION['name']; $name=mysql_real_escape_string($_POST['name']); //This value has to be the same as in the HTML form file $A1=mysql_real_escape_string($_POST['Answer1']); //This value has to be the same as in the HTML form file $A2=mysql_real_escape_string($_POST['Answer2']); //This value has to be the same as in the HTML form file $A3=mysql_real_escape_string($_POST['Answer3']); //This value has to be the same as in the HTML form file $A4=mysql_real_escape_string($_POST['Answer4']); //This value has to be the same as in the HTML form file $A5=mysql_real_escape_string($_POST['Answer5']); //This value has to be the same as in the HTML form file $A6=mysql_real_escape_string($_POST['Answer6']); //This value has to be the same as in the HTML form file $A7=mysql_real_escape_string($_POST['Answer7']); //This value has to be the same as in the HTML form file $A8=mysql_real_escape_string($_POST['Answer8']); //This value has to be the same as in the HTML form file $A9=mysql_real_escape_string($_POST['Answer9']); //This value has to be the same as in the HTML form file $sql="INSERT INTO Responses (name,Answer1,Answer2,Answer3,Answer4,Answer5,Answer6,Answer7,Answer8,Answer9) VALUES ('$name','$A1','$A2','$A3','$A4','$A5','$A6','$A7','$A8','$A9')"; /*form_data is the name of the MySQL table where the form data will be saved. name and email are the respective table fields*/ if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo "The answer was submitted successfully" . $_SESSION['name'] . ""; mysql_close($con); ?> Quote Link to comment Share on other sites More sharing options...
webguync Posted February 7, 2010 Author Share Posted February 7, 2010 *bump* Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.