Jump to content

name variable info not making it into Database.

webguync

By webguync
in PHP Coding Help

 Share

Recommended Posts

webguync Advanced Member

webguync

Posted
Posted

Hi,

 

I am storing a name in a field in MySQL called 'name' and retrieving it via SQL and using  SESSION variable to echo out the info.

 

$query = "SELECT username,password,name
           FROM   Editor_Candidates
           WHERE
           password = '$password'
           AND
           username='$username'";
$_SESSION['name'] = $row->name;
echo "<div id='welcome'><h3>Welcome! You are now logged in " . $_SESSION['name'] . "</h3>";

 

I am then trying to take that info and submit the name variable into another table in MySQL when a form is submitted, but it isn't working. Field is blank in MySQL.

 

in the form submit code I have:

 

$sql="INSERT INTO Responses (name,Answer1,Answer2,Answer3,Answer4,Answer5,Answer6,Answer7,Answer8,Answer9) VALUES ('$name','$A1','$A2','$A3','$A4','$A5','$A6','$A7','$A8','$A9')"; /*form_data is the name of the MySQL table

 

I am probably missing a step or two, so need some assistance.

KevinM1 Advanced Member

KevinM1

Posted
Posted

I am doing everything I posted so maybe that is a no. Please post an example of what you are referring to.

 

Well, you have a variable named $name that you attempt to use in your query.  I'm assuming the value stored in it is supposed to be what you stored in $_SESSION['name'].  If this is the case, and you want to use $name, you need to essentially unpack the session variable like so:

 

$name = $_SESSION['name'];

 

Also, be sure to have session_start(); as the first line of every page you want to be able to use sessions on.  It won't work otherwise.

 

If this doesn't fix it, post more code so we can better diagnose the problem.

webguync Advanced Member

webguync

Posted
  • Author
Posted

yea, I tried again and the name still didn't display.

 

Here is all of my submit code

 

<?php
session_start();
$_SESSION['name'] = $row->name;
$con = mysql_connect("localhost","username","pw") or die('Could not connect: ' . mysql_error());
mysql_select_db("DBName") or die(mysql_error());
$name=mysql_real_escape_string($_POST['name']); //This value has to be the same as in the HTML form file
$A1=mysql_real_escape_string($_POST['Answer1']); //This value has to be the same as in the HTML form file
$A2=mysql_real_escape_string($_POST['Answer2']); //This value has to be the same as in the HTML form file
$A3=mysql_real_escape_string($_POST['Answer3']); //This value has to be the same as in the HTML form file
$A4=mysql_real_escape_string($_POST['Answer4']); //This value has to be the same as in the HTML form file
$A5=mysql_real_escape_string($_POST['Answer5']); //This value has to be the same as in the HTML form file
$A6=mysql_real_escape_string($_POST['Answer6']); //This value has to be the same as in the HTML form file
$A7=mysql_real_escape_string($_POST['Answer7']); //This value has to be the same as in the HTML form file
$A8=mysql_real_escape_string($_POST['Answer8']); //This value has to be the same as in the HTML form file
$A9=mysql_real_escape_string($_POST['Answer9']); //This value has to be the same as in the HTML form file
$sql="INSERT INTO Responses (name,Answer1,Answer2,Answer3,Answer4,Answer5,Answer6,Answer7,Answer8,Answer9) VALUES ('$name','$A1','$A2','$A3','$A4','$A5','$A6','$A7','$A8','$A9')"; /*form_data is the name of the MySQL table where the form data will be saved.
name and email are the respective table fields*/
if (!mysql_query($sql,$con)) {
die('Error: ' . mysql_error());
}
echo "The answer was submitted successfully";
mysql_close($con);
?>

 

and the code where the $name is originally assigned


<?php
ini_set("display_errors","1");
ERROR_REPORTING(E_ALL);
session_start();
$con = mysql_connect("localhost","username","password") or die('Could not connect: ' . mysql_error());

mysql_select_db("DBName") or die(mysql_error());


// Same checking stuff all over again.
if(isset($_POST['submit'])) {
   if(empty($_POST['username']) || empty($_POST['password']) ) {
    echo "<h2 style='color:#0080b2;font-weight:bold;font-family:arial, helvetica, sans-serif;font-size:'14px';>Please fill in both your username and password to access your exam results.</h2>";
  echo "<meta http-equiv='refresh' content='5; url=ExamLogin.php'>";
                exit;
   }
   // Create the variables again.
   
   $username = mysql_real_escape_string($_POST['username']);
   $password = $_POST['password'];

   // Encrypt the password again with the md5 hash. 
   // This way the password is now the same as the password inside the database.
   //$pwid = md5($pwid);

   // Store the SQL query inside a variable. 
   // ONLY the username you have filled in is retrieved from the database.
   $query = "SELECT username,password,name
           FROM   Editor_Candidates
           WHERE
           password = '$password'
           AND
           username='$username'";

   $result = mysql_query($query) or die(mysql_error());
   if(mysql_num_rows($result) == 0) { 
      // Gives an error if the username/pw given does not exist.
      // or if something else is wrong.
     echo "<h2 style='color:#0080b2;font-weight:bold;font-family:arial, helvetica, sans-serif;font-size:'14px';>You have entered a username or password that does not match our database records. please try again. You will be redirected back to the login screen in 5 seconds.</h2> " . mysql_error();
echo "<meta http-equiv='refresh' content='5; url=EditorLogin.php'>";
exit();
/*
this would benefit from a redirect to a page giving better information to
the user and maybe logging some errors.
*/
   } else {
      // Now create an object from the data you've retrieved.
      $row = mysql_fetch_object($result);
      // You've now created an object containing the data.
      // You can call data by using -> after $row.
      // For example now the password is checked if they're equal.

      // By storing data inside the $_SESSION superglobal,
      // you stay logged in until you close your browser.

   $_SESSION['name'] = $row->name;
     $_SESSION['username'] = $username;
      $_SESSION['sid'] = session_id(); 
      // Make it more secure by storing the user's IP address.
      $_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
      // Now give the success message.
      // $_SESSION['username'] should print out your username.

//move this to after your redirect further below..
//Update record with current time IF the account has never logged in before
$query = "UPDATE `Editor_Candidates`
          SET `login_timestamp` = NOW()
          WHERE `username` = '$username'
            AND `password` = '$password'
            AND login_timestamp = '';"; 

$result = mysql_query($query);

//Check if query ran succesfully
      
   }
}

// Start a session. If not logged in will be redirected back to login screen.

if(!isset($_SESSION['username'])){
header("Location:EditorLogin.php");
exit;
}
echo "<div id='welcome'><h3>Welcome! You are now logged in " . $_SESSION['name'] . "</h3>";


?>

webguync Advanced Member

webguync

Posted
  • Author
Posted

the flow is like this. Starts out with a login form (code below)

<form enctype="multipart/form-data" method="post" action="test.php">

<label for="username">Username (email address): </label><br />
<input type="text" name="username" id="username"><br />
<label for="password">Password<br /> (you should have been given this): </label><br />
<input type="password" name="password" id="password"><br />
   
<input class="submit" type="submit" name="submit" value="Log In" />
</form>

 

the username and password is stored in the database and when submitted the code in test.php goes into action which contains the SQL to authenticate against the DB username and password and also SQL to pull out the name which is also in the database. In test.php I am also storing the name variable

 

$_SESSION['name'] = $row->name;

 

test.php also has forms when submitting activates the submit code I posted which is where I was trying to get the $name information submitted into the database.

 

<form action ="TestSubmit.php" method="post">
<!--question1-->
<label for="Question1">
<img src="Questions/Q1.png" alt="Question 1" width="650" height="69" />
</label><br /><br />

<textarea name="Answer1" id="Answer1" rows="15" cols="80">
</textarea>
<br /><br />
<input type="submit" value="submit" name="submit" class="submit" /><br />
<input type="reset" value="reset" name="reset" class="submit"/>
</form>

webguync Advanced Member

webguync

Posted
  • Author
Posted

just a quick update. I tried printing out the name variable on the submit page after the form is submitting, and it does not. So apparently the value of the name SESSION variable is is not holding through to this page.

 

<?php
session_start();
$_SESSION['name'] = $row->name;
$con = mysql_connect("localhost","username","password") or die('Could not connect: ' . mysql_error());
mysql_select_db("ETSI_Internal") or die(mysql_error());
$name = $_SESSION['name'];
$name=mysql_real_escape_string($_POST['name']); //This value has to be the same as in the HTML form file
$A1=mysql_real_escape_string($_POST['Answer1']); //This value has to be the same as in the HTML form file
$A2=mysql_real_escape_string($_POST['Answer2']); //This value has to be the same as in the HTML form file
$A3=mysql_real_escape_string($_POST['Answer3']); //This value has to be the same as in the HTML form file
$A4=mysql_real_escape_string($_POST['Answer4']); //This value has to be the same as in the HTML form file
$A5=mysql_real_escape_string($_POST['Answer5']); //This value has to be the same as in the HTML form file
$A6=mysql_real_escape_string($_POST['Answer6']); //This value has to be the same as in the HTML form file
$A7=mysql_real_escape_string($_POST['Answer7']); //This value has to be the same as in the HTML form file
$A8=mysql_real_escape_string($_POST['Answer8']); //This value has to be the same as in the HTML form file
$A9=mysql_real_escape_string($_POST['Answer9']); //This value has to be the same as in the HTML form file
$sql="INSERT INTO Responses (name,Answer1,Answer2,Answer3,Answer4,Answer5,Answer6,Answer7,Answer8,Answer9) VALUES ('$name','$A1','$A2','$A3','$A4','$A5','$A6','$A7','$A8','$A9')"; /*form_data is the name of the MySQL table where the form data will be saved.
name and email are the respective table fields*/
if (!mysql_query($sql,$con)) {
die('Error: ' . mysql_error());
}
echo "The answer was submitted successfully" . $_SESSION['name'] . "";
mysql_close($con);
?>

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.