TheEddy Posted July 31, 2010 Share Posted July 31, 2010 Well, I have been able to create a registration and login page. Now I am trying to make an "Edit Profile" page but I can't seem to be able to pull up their primary key field which is called "userID" and I need help doing this. How would I get it from the MySQL database? Link to comment https://forums.phpfreaks.com/topic/209462-help-with-getting-info-from-database-from-a-session/ Share on other sites More sharing options...
Pikachu2000 Posted July 31, 2010 Share Posted July 31, 2010 What information are you storing in the $_SESSION array that is associated with the user? Link to comment https://forums.phpfreaks.com/topic/209462-help-with-getting-info-from-database-from-a-session/#findComment-1093673 Share on other sites More sharing options...
TheEddy Posted July 31, 2010 Author Share Posted July 31, 2010 Quote What information are you storing in the $_SESSION array that is associated with the user? That's what I want to know lol. $_SESSION['userID'] = "1"; That's currently what I have for testing purposes. But I want it to have a variable that will equal the userID of whoever is logged in. Link to comment https://forums.phpfreaks.com/topic/209462-help-with-getting-info-from-database-from-a-session/#findComment-1093674 Share on other sites More sharing options...
Pikachu2000 Posted July 31, 2010 Share Posted July 31, 2010 Oh, well you should store that information in the $_SESSION array when the user logs in successfully, then it will be available for use during the time they are on the site. Link to comment https://forums.phpfreaks.com/topic/209462-help-with-getting-info-from-database-from-a-session/#findComment-1093675 Share on other sites More sharing options...
TheEddy Posted July 31, 2010 Author Share Posted July 31, 2010 Quote Oh, well you should store that information in the $_SESSION array when the user logs in successfully, then it will be available for use during the time they are on the site. Is that how scripts such as forums normally do it? Link to comment https://forums.phpfreaks.com/topic/209462-help-with-getting-info-from-database-from-a-session/#findComment-1093678 Share on other sites More sharing options...
Pikachu2000 Posted July 31, 2010 Share Posted July 31, 2010 Yes. Link to comment https://forums.phpfreaks.com/topic/209462-help-with-getting-info-from-database-from-a-session/#findComment-1093681 Share on other sites More sharing options...
Joshua4550 Posted July 31, 2010 Share Posted July 31, 2010 Quote Quote Oh, well you should store that information in the $_SESSION array when the user logs in successfully, then it will be available for use during the time they are on the site. Is that how scripts such as forums normally do it? Yes. When they log in, it stores username/user id in a session (Eg: $_SESSION['mysite_logid']) and then providing you start sessions for the relative page, you can use that session to tell your next script the logged in user's username/ID. Link to comment https://forums.phpfreaks.com/topic/209462-help-with-getting-info-from-database-from-a-session/#findComment-1093682 Share on other sites More sharing options...
TheEddy Posted July 31, 2010 Author Share Posted July 31, 2010 <?php session_start(); require_once ("dbconn.php"); $select_user = mysql_query("SELECT * FROM `users` WHERE `userName` = '".mysql_real_escape_string($_POST['username'])."' AND `password` = '".mysql_real_escape_string(md5($_POST['password']))."'"); if (mysql_num_rows($select_user) != 0) { $_SESSION['authorized'] = true; $_SESSION['userID'] = $row["userID"]; header("Location: editprofile.php"); exit; } else { header("Location: login.php"); exit; } ?> That's what I have set up for the login form. Do I have "userID" part right? Link to comment https://forums.phpfreaks.com/topic/209462-help-with-getting-info-from-database-from-a-session/#findComment-1093685 Share on other sites More sharing options...
TheEddy Posted July 31, 2010 Author Share Posted July 31, 2010 Oh, and this is what I have for my editprofile.php so far. Nothing much in the content part, just trying to get it to work. <?php if(!isset($_SESSION)) { session_start(); } $_SESSION['userID'] = $row["userID"]; ?> <?php if ($_SESSION['authorized'] != true) { header("Location: login.php"); exit; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html lang="EN" dir="ltr" xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="content-type" content="text/xml; charset=utf-8" /> <title>Edit Profile</title> <style type = "text/css"> table { margin: 0 auto; </style> </head> <body> <?php require_once ("dbconn.php"); ?> <?php if(isset($_SESSION['userID'])){ $result = mysql_query("SELECT * FROM `users` WHERE `userID` = '".mysql_real_escape_string($_SESSION['userID'])."' LIMIT 1") or die(mysql_error()); while ($row = mysql_fetch_array($result)) { $userName = $_SESSION['userID']; print ("Testing. Your ID is $userID <br /><a href=\"http://localhost/mgnml/logout.php\">Log Out</a>"); } } ?> </body> </html> Link to comment https://forums.phpfreaks.com/topic/209462-help-with-getting-info-from-database-from-a-session/#findComment-1093686 Share on other sites More sharing options...
Pikachu2000 Posted July 31, 2010 Share Posted July 31, 2010 Yes, it appears to be just fine. I have a couple suggestions though, if you're interested. If you don't actually need the data from all the fields in a database, don't use a wildcard SELECT * FROM `table` query. Specify the fields you need: SELECT `userID` FROM `users` WHERE . . . You should separate your query strings from the query execution. Store the string in a variable, $query = "SELECT whatever FROM some_table":, then use the variable in the query execution. $result = mysql_query( $query );. This gives you the ability to echo the query separately, or send it to the PHP error log when debugging is needed, and sooner or later it will be. When you're checking the mysql_num_rows result, since you're expecting exactly one record to be returned, you should check that one, and only one record is returned. Less than one is no matching record, but more than one match is ambiguous, and can be an indication of data corruption, SQL injection, etc. So if( mysql_num_rows($select_user) == 1 ) would be a better option. Link to comment https://forums.phpfreaks.com/topic/209462-help-with-getting-info-from-database-from-a-session/#findComment-1093690 Share on other sites More sharing options...
TheEddy Posted July 31, 2010 Author Share Posted July 31, 2010 Quote Yes, it appears to be just fine. I have a couple suggestions though, if you're interested. If you don't actually need the data from all the fields in a database, don't use a wildcard SELECT * FROM `table` query. Specify the fields you need: SELECT `userID` FROM `users` WHERE . . . You should separate your query strings from the query execution. Store the string in a variable, $query = "SELECT whatever FROM some_table":, then use the variable in the query execution. $result = mysql_query( $query );. This gives you the ability to echo the query separately, or send it to the PHP error log when debugging is needed, and sooner or later it will be. When you're checking the mysql_num_rows result, since you're expecting exactly one record to be returned, you should check that one, and only one record is returned. Less than one is no matching record, but more than one match is ambiguous, and can be an indication of data corruption, SQL injection, etc. So if( mysql_num_rows($select_user) == 1 ) would be a better option. The code I have set up doesn't work. If I change the edit profile code from: $_SESSION['userID'] = $row['userID']; to: $_SESSION['userID'] = 1; It works for the user with the userID of 1. I think that there is nothing in $row['userID'] or $_SESSION['userID'] is not working correctly. Edit: Yup, the problem is with $row['userID'] Link to comment https://forums.phpfreaks.com/topic/209462-help-with-getting-info-from-database-from-a-session/#findComment-1093697 Share on other sites More sharing options...
Pikachu2000 Posted July 31, 2010 Share Posted July 31, 2010 You posted some more while I was writing, I guess. In the editprofile.php script, the session_start() needs to be before any attempt to use a $_SESSION var. You should also check specifically for the $_SESSION array element you need to be set. This is untested, but it should work as written. Let me know if it doesn't . . . <?php session_start(); // UNCOMMENT NEXT LINE TO PRINT THE $_SESSION ARRAY TO THE SCREEN . . . // echo '<pre>'; print_r($_SESSION); echo '</PRE>'; if(empty($_SESSION['userID']) || $_SESSION['authorized'] != true ) { header("Location: login.php"); exit; } else { ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html lang="EN" dir="ltr" xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="content-type" content="text/xml; charset=utf-8" /> <title>Edit Profile</title> <style type = "text/css"> table { margin: 0 auto; </style> </head> <body> <?php require_once ("dbconn.php"); $result = mysql_query("SELECT * FROM `users` WHERE `userID` = '{$_SESSION['userID']}' LIMIT 1") or die(mysql_error()); $row = mysql_fetch_array($result); $userName = $_SESSION['userID']; print ("Testing. Your ID is $userID<br /><a href=\"http://localhost/mgnml/logout.php\">Log Out</a></body></html>"); } ?> Link to comment https://forums.phpfreaks.com/topic/209462-help-with-getting-info-from-database-from-a-session/#findComment-1093707 Share on other sites More sharing options...
TheEddy Posted July 31, 2010 Author Share Posted July 31, 2010 Quote You posted some more while I was writing, I guess. In the editprofile.php script, the session_start() needs to be before any attempt to use a $_SESSION var. You should also check specifically for the $_SESSION array element you need to be set. This is untested, but it should work as written. Let me know if it doesn't . . . <?php session_start(); // UNCOMMENT NEXT LINE TO PRINT THE $_SESSION ARRAY TO THE SCREEN . . . // echo '<pre>'; print_r($_SESSION); echo '</PRE>'; if(empty($_SESSION['userID']) || $_SESSION['authorized'] != true ) { header("Location: login.php"); exit; } else { ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html lang="EN" dir="ltr" xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="content-type" content="text/xml; charset=utf-8" /> <title>Edit Profile</title> <style type = "text/css"> table { margin: 0 auto; </style> </head> <body> <?php require_once ("dbconn.php"); $result = mysql_query("SELECT * FROM `users` WHERE `userID` = '{$_SESSION['userID']}' LIMIT 1") or die(mysql_error()); $row = mysql_fetch_array($result); $userName = $_SESSION['userID']; print ("Testing. Your ID is $userID<br /><a href=\"http://localhost/mgnml/logout.php\">Log Out</a></body></html>"); } ?> Had to also make some changes to the other code. Now it works. Thanks for the help! Link to comment https://forums.phpfreaks.com/topic/209462-help-with-getting-info-from-database-from-a-session/#findComment-1093713 Share on other sites More sharing options...
Pikachu2000 Posted July 31, 2010 Share Posted July 31, 2010 Glad I could help. Please mark the topic as solved (if it is) with the 'Mark Solved' button at the lower left of the page . . . Link to comment https://forums.phpfreaks.com/topic/209462-help-with-getting-info-from-database-from-a-session/#findComment-1093716 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.