simcoweb Posted October 30, 2006 Share Posted October 30, 2006 I'm still struggling with this mystery. I have a login form. Simple stuff:[code]<form action="<?php print $PHP_SELF ?>" id="Form1" style="WIDTH: 100%" method="post" > <table id="Table1" cellspacing="0" cols="2" cellpadding="0" align="center" border="0"> <tbody> <tr><td>User name: </td><td><input type='text' size='21' name="username" ></td> </tr> <tr> <td>Password:</td><td><input type="password" size="21" name="password"></td> </tr> <tr> <td></td> <td align="right"><br><input type="submit" value="Login"></td> </tr> </tbody> </table> </form>[/code]There's other code but this is the focus. No errors in the other code as it just validates then if no errors forwards the logged in user to a page 'members.php' where it should display their profile and picture based upon their username. Problem is it won't display it as for some reason the 'username' field is not being passed. Here's the 'members.php' code:[code]<?php$username = $_POST['username'];$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die(mysql_error());mysql_select_db($dbname) or die(mysql_error());//new sql query$sql = "SELECT * FROM plateau_pros WHERE username='$username'";$result = mysql_query($sql, $conn) or die(mysql_error());?>[/code]Now, this is SUPPOSED to pull the array of data based upon the posted username. It's not. The page is blank. We've echoed the query to see what's up using this bit of code:[code]<?phpecho "query = ". $sql. "<br/>";if(!$username){echo "Heres your problem";}?>[/code]Which produces the echo display. In other words, NO username is being passed. Therefore, no data being pulled.Now, if I change the $username variable in the query to an actual username then all their data shows properly. This is the mystery. WHY won't the username variable pass via POST to the members.php page and populate the WHERE username='$username' clause in the query?I've even tried this with different login forms thinking there's something goofy I can't see. Still the same issue. I've tried posting the data to an external script instead of <?php print $PHP_SELF ?> and that didn't work. I need some help with this one. Thanks! :) Quote Link to comment https://forums.phpfreaks.com/topic/25615-cant-get-username-field-to-pass-to-query-where-parameter/ Share on other sites More sharing options...
genericnumber1 Posted October 30, 2006 Share Posted October 30, 2006 as far as I'm aware $PHP_SELF isn't a predefined variable... $_SERVER['PHP_SELF'] is..also your mysql error messages are a tiny bit off. instead of[code]mysql_query($sql, $conn) or die(mysql_error());[/code]it would be better as...[code]@mysql_query($sql, $conn) or die(mysql_error());[/code]and if you're saying something like...[code]<form action="<? $_SERVER['PHP_SELF'] ?>" method="post"><input type="text" name="test" value="test"><input type="submit"></form><?phpif(isset($_POST['test'])){ echo "post worked!";}?>[/code]doesn't work then you might wanna look into a server error... (maybe browser error? so very doubtful) Quote Link to comment https://forums.phpfreaks.com/topic/25615-cant-get-username-field-to-pass-to-query-where-parameter/#findComment-116968 Share on other sites More sharing options...
alpine Posted October 30, 2006 Share Posted October 30, 2006 [quote author=genericnumber1 link=topic=113261.msg460201#msg460201 date=1162243875]also your mysql error messages are a tiny bit off. instead of[code]mysql_query($sql, $conn) or die(mysql_error());[/code]it would be better as...[code]@mysql_query($sql, $conn) or die(mysql_error());[/code][/quote]You should normally NOT surpress errors by using @ - the original from simcoweb is just fine.The post declaration looks fine, have you tried to echo $username ?$username = $_POST['username'];echo " --> ".$username; Quote Link to comment https://forums.phpfreaks.com/topic/25615-cant-get-username-field-to-pass-to-query-where-parameter/#findComment-116971 Share on other sites More sharing options...
simcoweb Posted October 30, 2006 Author Share Posted October 30, 2006 First, thanks for the posts. Both of you.I have not echoed the $username variable. Just the query itself to see if it pulls the data. It's blank when I echo that. But, if I manually enter the username in the WHERE clause then it echoes the results of that particular profile.I'll try echoing the $username and post back here the results. Quote Link to comment https://forums.phpfreaks.com/topic/25615-cant-get-username-field-to-pass-to-query-where-parameter/#findComment-117013 Share on other sites More sharing options...
simcoweb Posted October 30, 2006 Author Share Posted October 30, 2006 Heh...all that echoes is the --> :-[ Quote Link to comment https://forums.phpfreaks.com/topic/25615-cant-get-username-field-to-pass-to-query-where-parameter/#findComment-117022 Share on other sites More sharing options...
simcoweb Posted October 31, 2006 Author Share Posted October 31, 2006 Ok, just for fun I took the basic form elements and the 'test' snippet and ran it. Here's what I did:[code]<form action="<? $_SERVER['PHP_SELF'] ?>" id="Form1" style="WIDTH: 100%" name="Form1" method="post" > <table id="Table1" cellspacing="0" cols="2" cellpadding="0" align="center" border="0"> <tbody> <tr><td>User name: </td><td><input type='text' size='21' name="username" ></td> </tr> <tr> <td>Password:</td><td><input type="password" size="21" name="password"></td> </tr> <tr> <td></td> <td align="right"><br><input type="submit" value="Login"></td> </tr> </tbody> </table></form><?phpif(isset($_POST['username'])){ echo "post worked!";}echo $username;echo $password;?>[/code]When I test this I get these results:[quote]post worked!terrellowens[/quote]Which means the form works. Now, WHY is the form then breaking down and not sending the 'username' and 'password' fields to the members.php page. Quote Link to comment https://forums.phpfreaks.com/topic/25615-cant-get-username-field-to-pass-to-query-where-parameter/#findComment-117044 Share on other sites More sharing options...
HuggieBear Posted October 31, 2006 Share Posted October 31, 2006 OK, I think a simple question has been overlooked here. In your first post, you pasted the following form code:[code]<form action="<?php print $_SERVER['PHP_SELF'] ?>" id="Form1" style="WIDTH: 100%" method="post" > <table id="Table1" cellspacing="0" cols="2" cellpadding="0" align="center" border="0"> <tbody> <tr><td>User name: </td><td><input type='text' size='21' name="username" ></td> </tr> <tr> <td>Password:</td><td><input type="password" size="21" name="password"></td> </tr> <tr> <td></td> <td align="right"><br><input type="submit" value="Login"></td> </tr> </tbody> </table> </form>[/code]Then directly under it you posted code for members.php. Is the above code not part of members.php?RegardsHuggie Quote Link to comment https://forums.phpfreaks.com/topic/25615-cant-get-username-field-to-pass-to-query-where-parameter/#findComment-117187 Share on other sites More sharing options...
simcoweb Posted October 31, 2006 Author Share Posted October 31, 2006 That form code is NOT part of members.php. That is part of login.php which also contains form field validation and a match of username/password against the database. If successful then the user is transferred to members.php via a header call:[code]<?phpheader("Location: members.php");exit;?>[/code]The whole bit of code in the login.php form:[code]<?phpsession_start();include 'header.php';$loginError = ""; // declare this so it is always available // Turn on magic quotes to prevent SQL injection attacksif(!get_magic_quotes_gpc()) set_magic_quotes_runtime(1);// Validate users inputif(!empty($_POST)){ // Check username has a value if(empty($_POST['username'])) $loginError .= "Please enter a user name!"; // Check password has a value if(empty($_POST['password'])) $loginError.= "Please enter a password!"; // Check if any errors were returned and run relevant code if(empty($loginError)) { $username = $_POST['username']; $password = $_POST['password'];include 'dbconfig.php';// Connect to database$con = mysql_connect($dbhost, $dbuser, $dbpass) or die(mysql_error());mysql_select_db($dbname, $con) or die(mysql_error());// Get Record Set$sql = ("SELECT * FROM plateau_pros WHERE username = '$username' AND password = '$password'");// mysql_query($sql) or die(mysql_error());$results = mysql_query($sql, $con) or die(mysql_error());$num_rows = mysql_num_rows($results) or die(mysql_error()); if ($num_rows == 1) { // Enable sessions //if (isset($_SESSION['loggedin'])) //{ $_SESSION['username'] = $_POST['username']; $_SESSION['memberid'] = $_POST['memberid']; header("Location: members.php"); exit; } else { if ($num_rows == 0){ $loginError = "Your user name and password do not match any in our database! Please try again."; header("Location: login.php"); exit; } } }}?>[/code]The members.php page is as follows:[code]<?php// Enable sessionssession_start();$_SESSION['loggedin'] = $_POST['username'];$username = $_POST['username'];// Turn on magic quotes to prevent SQL injection attacksif(!get_magic_quotes_gpc()) set_magic_quotes_runtime(1); include 'dbconfig.php';include 'header.php';// Connect to database$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die(mysql_error());mysql_select_db($dbname) or die(mysql_error());//new sql query$sql = "SELECT * FROM plateau_pros WHERE username='$username'";$result = mysql_query($sql, $conn) or die(mysql_error());while ($row = mysql_fetch_array($result)) {echo "<div align='center'> <table style='BORDER-COLLAPSE: collapse' bordercolor='#666666' cellpadding='4' width='530' border='0'> <tbody> <tr><td> <p> <font class='bodytext'>Welcome<b>" . $row['username'] ." " .$row['lastname'] . "</b></font> </p> <p> <img src='images/photo/$photo' width='150' height='175'> </p> <p> <strong><font class='bodytext'>Member Actions</font> </strong> </p> <font class='bodytext'> <ul> <li>Edit Profile</li> <li><a class='body' href='getrefs.php?memberid=$memberid'>View Referrals</a></li> <li><a class='body' href='http://www.plateauprofessionals.com/cal/calendar.php' target='_blank'>View Calendar</a></li> </ul> <p> <h3>Plateau Professionals Code of Ethics</h3><p><font class='bodytext'><b>As a member of Plateau Professionals I agree to abide by the following Code of Ethics:</b><br><ul><li>I will provide the quality of service and price quoted to all referrals.</li><li>I will treat my business like any other prestigious enterprise and will fulfill commitments I make to members and referrals.</li><li>I will conduct myself with integrity and responsibility</li><li>I will be a positive member of Plateau Professionals and support the enthusiastic atmosphere by my active participation at every meeting.</li><li>I will uphold the Code of Ethics within my profession.</li></ul></p><p></p><p></p></font></td></tr></tbody></table></div>";}include 'footer.php';?><?// Tidy up used objects// Close recordsetif(isset($result)) @mysql_free_result($result);// Close database connectionif(isset($conn)) @mysql_close($conn);?>[/code] Quote Link to comment https://forums.phpfreaks.com/topic/25615-cant-get-username-field-to-pass-to-query-where-parameter/#findComment-117298 Share on other sites More sharing options...
trq Posted October 31, 2006 Share Posted October 31, 2006 If your redirecting the user from login.php to member.php then there are no $_POST variables available in members.php. Quote Link to comment https://forums.phpfreaks.com/topic/25615-cant-get-username-field-to-pass-to-query-where-parameter/#findComment-117306 Share on other sites More sharing options...
HuggieBear Posted October 31, 2006 Share Posted October 31, 2006 As I thought...In that case change this in members.php[code=php:0]$username = $_POST['username'];[/code] to this [code=php:0]$username = $_SESSION['username'];[/code]RegardsHuggie Quote Link to comment https://forums.phpfreaks.com/topic/25615-cant-get-username-field-to-pass-to-query-where-parameter/#findComment-117311 Share on other sites More sharing options...
simcoweb Posted October 31, 2006 Author Share Posted October 31, 2006 Ok, that worked. Thanks, Hug. I knew it was close ..but wasn't puffin on the cigar yet.Now...another quick little issue. In this part:[code]<?php$results = mysql_query($sql, $con) or die(mysql_error());$num_rows = mysql_num_rows($results) or die(mysql_error()); if ($num_rows == 1) { // Enable sessions //if (isset($_SESSION['loggedin'])) //{ $_SESSION['username'] = $_POST['username']; $_SESSION['memberid'] = $_POST['memberid']; header("Location: members.php"); exit; } else { if ($num_rows == 0){ // display bad username and password error $loginError = "Your user name and password do not match any in our database! Please try again. <a class='body' href='login.php'>Return to login page.<br>\n"; }?.[/code]If they type in a correct user/pass then it works fine. If it's incorrect then i get a blank page. Not sure why. It should display the header/footer and contain the error message....but it's not. Quote Link to comment https://forums.phpfreaks.com/topic/25615-cant-get-username-field-to-pass-to-query-where-parameter/#findComment-117343 Share on other sites More sharing options...
HuggieBear Posted October 31, 2006 Share Posted October 31, 2006 You're not actually echoing anything.I'd change this:[code]<?phpif ($num_rows == 1) { // Enable sessions //if (isset($_SESSION['loggedin'])) //{ $_SESSION['username'] = $_POST['username']; $_SESSION['memberid'] = $_POST['memberid']; header("Location: members.php"); exit;}else { if ($num_rows == 0){ // display bad username and password error $loginError = "Your user name and password do not match any in our database! Please try again. <a class='body' href='login.php'>Return to login page.<br>\n";}[/code]To this:[code]<?phpif ($num_rows == 1) { $_SESSION['username'] = $_POST['username']; $_SESSION['memberid'] = $_POST['memberid']; header("Location: members.php"); exit;}else { // display bad username and password error $loginError = "Your user name and password do not match any in our database! Please try again. <a class='body' href='login.php'>Return to login page.<br>\n"; echo $loginError;}[/code]RegardsHuggie Quote Link to comment https://forums.phpfreaks.com/topic/25615-cant-get-username-field-to-pass-to-query-where-parameter/#findComment-117356 Share on other sites More sharing options...
simcoweb Posted October 31, 2006 Author Share Posted October 31, 2006 Hmmm...that didn't work either. I even changed it to this:[code]<?phpif ($num_rows == 1) { // Enable sessions $_SESSION['username'] = $_POST['username']; $_SESSION['memberid'] = $_POST['memberid']; header("Location: members.php"); exit; } else { //if ($num_rows == 0){ // display bad username and password error echo "Your user name and password do not match any in our database! Please try again. <a class='body' href='login.php'>Return to login page.<br>\n"; //} }?>[/code]and the page just pulls blank. Here's the page. Type any user/pass combo and see:[url=http://www.plateauprofessionals.com/login.php]www.plateauprofessionals.com/login.php[/url] Quote Link to comment https://forums.phpfreaks.com/topic/25615-cant-get-username-field-to-pass-to-query-where-parameter/#findComment-117390 Share on other sites More sharing options...
alpine Posted October 31, 2006 Share Posted October 31, 2006 try[code]<?phpif (mysql_num_rows($results) == "1"){$_SESSION['username'] = $_POST['username'];$_SESSION['memberid'] = $_POST['memberid'];header("Location: members.php");exit;}else{echo "Your user name and password do not match any in our database! Please try again. <a class='body' href='login.php'>Return to login page.<br>\n";}?>[/code]If not, post the full current code Quote Link to comment https://forums.phpfreaks.com/topic/25615-cant-get-username-field-to-pass-to-query-where-parameter/#findComment-117404 Share on other sites More sharing options...
simcoweb Posted October 31, 2006 Author Share Posted October 31, 2006 Produces a blank page. Here's the entire code but without the query output.[code]<?phpsession_start();$loginError = ""; // declare this so it is always available // Turn on magic quotes to prevent SQL injection attacksif(!get_magic_quotes_gpc()) set_magic_quotes_runtime(1);// Validate users inputif(!empty($_POST)){ // Check username has a value if(empty($_POST['username'])) $loginError['username'] = "Please enter a user name!"; // Check password has a value if(empty($_POST['password'])) $loginError['password'] = "Please enter a password!"; // Check if any errors were returned and run relevant code if(empty($loginError)) { $username = $_POST['username']; $password = $_POST['password'];include 'dbconfig.php';// Connect to database$con = mysql_connect($dbhost, $dbuser, $dbpass) or die(mysql_error());mysql_select_db($dbname, $con) or die(mysql_error());// Get Record Set$sql = ("SELECT * FROM plateau_pros WHERE username = '$username' AND password = '$password'");// mysql_query($sql) or die(mysql_error());$results = mysql_query($sql, $con) or die(mysql_error());$num_rows = mysql_num_rows($results) or die(mysql_error()); if (mysql_num_rows($results) == "1"){$_SESSION['username'] = $_POST['username'];$_SESSION['memberid'] = $_POST['memberid'];header("Location: members.php");exit;}else{echo "Your user name and password do not match any in our database! Please try again. <a class='body' href='login.php'>Return to login page.<br>\n";} }}include 'header.php';?>[/code] Quote Link to comment https://forums.phpfreaks.com/topic/25615-cant-get-username-field-to-pass-to-query-where-parameter/#findComment-117448 Share on other sites More sharing options...
alpine Posted October 31, 2006 Share Posted October 31, 2006 what does this one tell you then?[code]<?phpsession_start();if(!get_magic_quotes_gpc()) set_magic_quotes_runtime(1);if(empty($_POST['username'])) die("empty username"); else $username = $_POST['username'];if(empty($_POST['password'])) die("empty password"); else $password = $_POST['password'];include 'dbconfig.php';$con = mysql_connect($dbhost, $dbuser, $dbpass) or die(mysql_error());mysql_select_db($dbname, $con) or die(mysql_error());$sql = mysql_query("SELECT * FROM plateau_pros WHERE username = '$username' AND password = '$password'") or die(mysql_error());if (mysql_num_rows($sql) == "1"){$_SESSION['username'] = $username;$_SESSION['memberid'] = $password;header("Location: members.php");exit;}else{echo "Your user name and password do not match any in our database! Please try again. <a class='body' href='login.php'>Return to login page.<br>\n";}include 'header.php';?>[/code] Quote Link to comment https://forums.phpfreaks.com/topic/25615-cant-get-username-field-to-pass-to-query-where-parameter/#findComment-117497 Share on other sites More sharing options...
simcoweb Posted October 31, 2006 Author Share Posted October 31, 2006 I assume that means you want to see the entire code?[code]<?phpsession_start();$loginError = ""; // declare this so it is always available // Turn on magic quotes to prevent SQL injection attacksif(!get_magic_quotes_gpc()) set_magic_quotes_runtime(1);// Validate users inputif(!empty($_POST)){ // Check username has a value if(empty($_POST['username'])) $loginError['username'] = "Please enter a user name!"; // Check password has a value if(empty($_POST['password'])) $loginError['password'] = "Please enter a password!"; // Check if any errors were returned and run relevant code if(empty($loginError)) { $username = $_POST['username']; $password = $_POST['password'];include 'dbconfig.php';// Connect to database$con = mysql_connect($dbhost, $dbuser, $dbpass) or die(mysql_error());mysql_select_db($dbname, $con) or die(mysql_error());// Get Record Set$sql = ("SELECT * FROM plateau_pros WHERE username = '$username' AND password = '$password'");// mysql_query($sql) or die(mysql_error());$results = mysql_query($sql, $con) or die(mysql_error());$num_rows = mysql_num_rows($results) or die(mysql_error()); if (mysql_num_rows($results) == "1"){$_SESSION['username'] = $_POST['username'];$_SESSION['memberid'] = $_POST['memberid'];header("Location: members.php");exit;}else{echo "Your user name and password do not match any in our database! Please try again. <a class='body' href='login.php'>Return to login page.<br>\n";} }}include 'header.php';?><div align="center"> <table style="BORDER-COLLAPSE: collapse" bordercolor="#666666" cellpadding="4" width="530" border="0"> <tbody> <tr> <td> <h2 align="center">Login page</h2> <font color="red"><div align="center"><? // Loop through all errorsif(!empty($loginError)){?><ul><?foreach($loginError as $eg_message){?><li id="validationError"><?= @$eg_message ?></li><?}?></ul><?}?></font></div> <form action="<? $_SERVER['PHP_SELF'] ?>" name="login" method="post" > <table cellspacing="0" cols="2" cellpadding="0" align="center" border="0"> <tbody> <tr><td>User name: </td><td><input type='text' size='21' name="username" ></td> </tr> <tr> <td>Password:</td><td><input type="password" size="21" name="password"></td> </tr> <tr> <td></td> <td align="right"><br><input type="submit" value="Login"></td> </tr> </tbody> </table> </form> </td></tr> </tbody> </table> </div><p><hr width="80%" height="1"> <form action="forgot.php" method="POST" name="forgot"> <table width="450" border="0" align="center"> <tr><td><h2>Forgot Your Password?</h2><br> <font class='bodytext'>If you have forgotten your password complete the form below to have your information sent to you.</font><p> <tr><td><font class="bodytext">Enter your username: <br><input type="text" size="20" name="username" id="username"></td></tr> <tr><td><input type="submit" name="submit" value="Submit"></td></tr> </table> </form><?include 'footer.php';?>[/code] Quote Link to comment https://forums.phpfreaks.com/topic/25615-cant-get-username-field-to-pass-to-query-where-parameter/#findComment-117505 Share on other sites More sharing options...
alpine Posted October 31, 2006 Share Posted October 31, 2006 No - i ment that you could try my alternative.AMOT, you should change$sql = ("SELECT * FROM plateau_pros WHERE username = '$username' AND password = '$password'");to$sql = "SELECT * FROM plateau_pros WHERE username = '$username' AND password = '$password'"; Quote Link to comment https://forums.phpfreaks.com/topic/25615-cant-get-username-field-to-pass-to-query-where-parameter/#findComment-117538 Share on other sites More sharing options...
simcoweb Posted October 31, 2006 Author Share Posted October 31, 2006 Oh...heh :)Ok, that one produces this error:[quote]Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home2/wwwplat/public_html/login-mod.php:2) in /home2/xxxxxxxx/public_html/login-mod.php on line 4empty username[/quote] Quote Link to comment https://forums.phpfreaks.com/topic/25615-cant-get-username-field-to-pass-to-query-where-parameter/#findComment-117566 Share on other sites More sharing options...
simcoweb Posted October 31, 2006 Author Share Posted October 31, 2006 Hang on a sec.. there was an empty line at line #1 causing the headers error. I took it out and all that shows now is:[quote]empty username[/quote] Quote Link to comment https://forums.phpfreaks.com/topic/25615-cant-get-username-field-to-pass-to-query-where-parameter/#findComment-117575 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.