Retrieving data from table using sessions

[Teng]

OK so i'm fairly new to php so bare with me.

I've created a Login page that asks for a username and password. It then searches for the username and password in the table and confirms it. It then matches the username and password with the userid and assigns the userid to $_SESSION['userid'] = $row["Userid"];

 

Now User id is in both my Authentication table which consists of

Authentication Table:

Userid                [PK]

Username

Password

 

then there is a User table

 

Userid                [PK]

Firstname

Lastname

Address

Phone

Nationality

 

So from Login.php it goes to Userdetails.php using the $_SESSION['userid'] to store the information about that user. How do i now pull information such as firstname lastname etc on this page.

 

Ive got so far...

 

<?php

session_start();

//check session variable

 

if (isset($_SESSION['Userid']))

{

echo '<p>You are logged in as '.$_SESSION['username'].'</p>';

 

}

else

{

echo '<p>You are not logged in.</p>';

echo '<p>Only logged in members may see this page.</p>';

}

 

echo '<a href="login.php">Back to main page</a>';

?>

 

 

Do i start a <html>...<body>..etc and then pull the details into there in a table like

 

<table>

<tr><td>Firstname</td><td>***Enter code to pull firstname details here***</td></tr>

 

Anyhelp or a point in the right direction would be great thanks.

[recklessgeneral]

Hi Teng,

 

First, all code to display the table will have to be in the scope of the validated session check, i.e.

if (isset($_SESSION['Userid']))
{
   // Insert table code here.
}

 

so as not to display the info to non-logged in users.

 

You don't need to explicitly add the <html> or <body> tags as PHP will sort that out for you. If you want to add them, they'd need to be placed before you echo anything to the screen.

 

The basic steps are to select the user details from the User table based on the UserId passed in the session variable. I'm assuming the Userid keys are the same in both tables. Incidentally, the usual way of tying related tables together is with a foreign key relationship, so your authentication table would have another column, say user_fk, that would contain the value of the userid in the user table that it refers to. Does that make sense?

 

Anyway, the query would look like the following, based on your existing table structure:

$sql = "SELECT * FROM user WHERE userid = '" . $_SESSION['Userid'] ."'";
$result = mysql_query ($sql);

 

You then probably want to verify that you got 1 row back (and only 1) using the call to mysql_num_rows.

 

You can then get the first (and only) row from the result set and craft your table from that.

$row = mysql_fetch_array($result);
?>
<table>
<tr>
<td>Firstname: </td>
<td><?php echo $row[0]['Firstname']; ?></td>
</tr>
... rest of data
</table>

 

Hope this give you a few pointers.

Darren.

[Teng]

OK thanks for your help Darren you've made alot of things clearer to me as a novice developer. A few things that i want to point out.

 

So starting from the top... i used ..$row = mysql_fetch_array($result); but

had to use $row = $result->fetch_assoc();      as i kept gettin error messages.. and explanation why would be helpful as well.

 

Here's some of my code from my login script.

 

$result = $db_conn->query($query);

$num_results = $result->num_rows;

if($num_results > 0 )

    {

$row = $result->fetch_assoc();

 

$_SESSION['userid'] = $row["UserID"];

$_SESSION['username'] = $row["Username"];

}

    $db_conn->close();

}

?>

 

 

Your      $sql = "SELECT * FROM user WHERE userid = '" . $_SESSION['Userid'] ."'";

 

I have used the format of....

 

$query = 'select * from authentication '

."where Username='$Username' "

." and Password=('$Password')";

 

Is this the same thing? Would I use

 

$query = 'select * from authentication WHERE userid = '" . $_SESSION['Userid'] ."'";

 

Now would this $query statement be included in....

 

if (isset($_SESSION['Userid']))

{

  // Insert table code here.

}

 

Or above it.

 

I also used

 

$result = $db_conn->query($query);    ***INSTEAD OF $result = mysql_query ($sql);****

 

PLEASE LET ME KNOW if i am going in the right direction here.

 

 

 

 

 

[recklessgeneral]

Hi Teng,

 

The mysql_* calls I was making is just the way that I'm used to developing - it looks like you're using a database abstraction layer or something that I'm not familiar with. The concepts are the same but the syntax is slightly different, you'll just have to translate my approach into yours.

 

To clarify the queries a bit, let's first take login.php. I'm assuming this is processing form values posted to it. It'll perform a query on your authentication table finding all rows that match the username and password specified. You then store the userid from the query's result into the session. This query can use the one you already have:

$query = 'select * from authentication '
          ."where Username='$Username' "
          ." and Password=('$Password')";

 

At some point, the user clicks through to userdetails.php. It will extract the Userid from the session and use that to find the details associated with the user. That's where my query comes in.

$query = "SELECT * FROM user WHERE userid = '" . $_SESSION['Userid'] ."'";

 

When this query is executed, we'll get all the personal details about that user based on their user id. This query should only be executed if the user has been authenticated, i.e. the session contains a valid userid:

if (isset($_SESSION['Userid']))
{
   $query = "SELECT * FROM user WHERE userid = '" . $_SESSION['Userid'] ."'";
   $result = $db_conn->query($query);

   $row = $result->fetch_assoc();
?>
<table>
   <tr>
      <td>First Name:</td>
      <td><?php echo $row['Firstname']; ?></td>
   </tr>
   ... other rows go here ...
</table>
<?php 
}
else
{
   echo "You have not logged in!";
}
?>

 

Is this any clearer?

Regards,

Darren.

[Teng]

Thanks heaps Darren that was very clear and easily understood. Cheers for your help.