PHP Mysql Login script & pull data from db and fill into a form

[randydg]

This code works on the login part of the script with no problem. its after im logged in. Its not displaying the results into the form.

 

Index.php login first page

<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="checklogin.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong>Member Login </strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="username" type="text" id="username"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="password" type="text" id="password"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>

 

Login script verify user & password the db info is from a connect.php file

<?php
ob_start();
include 'connect.php';

// Connect to server and select databse.
mysql_connect("$host", "$dbusername", "$dbpassword")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword 
$username=$_POST['username']; 
$password=$_POST['password']; 

// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);

$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("username");
session_register("password"); 
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}

ob_end_flush();
?>

 

Everything to this point is working. Its this next part that doesnt.

The Next script gets the session info from the last script above.

This script is called login_success it is called from above when you successfuly logged in

 

<? 
session_start();
if(!session_is_registered(username)){
header("location:index.php");
}
include 'connect.php';
//$_SESSION['username'] = $_GET;
$username = $_GET['username'];
$query="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";
$result=mysql_query($query);
?>

<html>
<body>
<p>Login Successful</p>
<form name="form" method="POST" action="<?=$PHP_SELF;?>">
  Name: <input type="text" name="name" value="<?php echo $result[name]?>"/> <br> 
  Username: <input type="text" name="username" value="<?php echo $result[username]?>"/> <br> 
<input type="submit"  value="submit"> 
</form> 

 

 

 

[Pikachu2000]

$result holds a query result resource, not an array of values. You need to do something with the resource to get the values out of by using mysql_fetch_assoc, mysql_fetch_row, etc.

 

It's also obvious that code came from phpeasystep.com. Their examples are obsolete and make use of several deprecated functions such as session_is_registered(), and session_register(). They also unconditionally apply stripslashes() to form data without first checking to see if magic_quotes_gpc() is on or not. Overall, I'd not recommend that site as a good source from which to learn.

[randydg]

**DELETED***