[SOLVED] Autofill form after login

[taz321]

Hi

 

I am trying to do 2 things here, im trying to autofill a client form.

 

1) A person would login to a system by using their username and password.

2) The next page they enter is a form which they must fill in.

3) I want different bits of the form already filled with details of the user that has logged in such as the persons name & teamname.

 

This is the code for the user log-in.

 

<?php

session_start();

require "connect.php";

$username = $_GET['username'];

$password = $_GET['password'];

$query = "select * from client where username='".$username."' AND password='".$password."'";

 

$result = mysql_query($query, $connection) or die ("Unable to perform query<br>$query");

 

$row=mysql_fetch_array($result);

 

if($row != null)

{

$_SESSION['username'] = $row['username'];

header("Location: ClientForm.php");

exit();

}

else

{

$message = "Invalid UserName or Password, Please Try Again";

header("Location: ClientLogin.php?message=$message");

exit();

}

?>

 

 

This is the code for the form, where it would add to the database once the form has been submitted.

I want the foriegn keys in this also be filled in with the same details of the person.

 

<?php

require "connect.php";

$issuetitle = $_GET['issuetitle'];

$datesubmitted = $_GET['datesubmitted'];

$systemaffected = $_GET['systemaffected'];

$prioritylevel = $_GET['prioritylevel'];

$issuedetails = $_GET['issuedetails'];

$supportcomments = $_GET['supportcomments'];

$clientFname = $_GET['clientname'];

$clientSurname = $_GET['clientSurname'];

$teamname = $_GET['teamname'];

$empName = $_GET['empName'];

$clientID = $_GET['clientID'];

$employeeID = $_GET['employeeID'];

 

$query = "insert into ClientForm values ('','".$issuetitle."','".$datesubmitted."','".$systemaffected."','".$prioritylevel."','".$issuedetails."', '".$supportcomments."', '".$clientFname."', '".$clientSurname."','".$teamname."', '".$empName."', '".$clientID."', '".$employeeID."'  )";

$result = mysql_query($query, $connection) or die ("Unable to perform query<br>$query");

header("Location: ClientForm.php");

exit();

?>

 

Any ideas how ?

 

Thanks

 

 

[adam291086]

just a quick note. WHY are you passing the username and password through the url. That is not secure at all

 

As for the inserting into the database you have got you INSERT statement really wrong. I suggest you look <ahref = http://w3schools.com/php/php_mysql_insert.asp>here</a>

[taz321]

lol, this is the only way i know how to login

[taz321]

In regards to adding the data, this peice of code seems to work for the rest of my system.

[adam291086]

well the commands should be in capital, for example:

 

INSERT INTO

 

 

Can you explain your problem a little bit more. Your foregin key should be the key from another table. What are you exactly wanting to do?

[taz321]

Cheers thanks for that..

 

Yeh basically when a client logs in, i want on the form his name, teamname already filled in.

And also at the same time for the foreign keys to also be filled in the database (obviously the user shouldnt be able to see this on the system).

 

I know you have to use sessions to do this, but how to use them, im not so sure about.

 

I hope that helps.

[adam291086]

Whats the foregin key for? Whats you database structure

[taz321]

This is the form Table

 

issuetitle

datesubmitted

systemaffected

prioritylevel

issuedetails

supportcomments

clientFname

clientSurname

teamname

empName

clientID

employeeID

 

At the bottom are foreign keys which relate to the client table and employee table

i want to populate the form table with data including the foreign keys but my problem is trying to get the data for the client whose logged in into the form table.

im wanting an autofill for the clientFname, clientSurname, clientID, employeeID of the details of the person whose logged in.

 

Any clearer ?

[adam291086]

Well when the user logs in you appear to be creating a session call Username

 

  $_SESSION['username'] = $row['username'];

 

What you will need to do is, find out that users employeeID and client ID by searching your database, you should beable to search for these deatils using $SESSION['username']. This means your username should be unique for every user. You can do this before your update script. Then set the clientID and employeeID to a variable and just update those feiled in your update script.

[taz321]

im understanding the concept of what your saying, but can i get an quick examplw code so i can get a clearer pic

 

Thanks

[adam291086]

You already know how to search a database, The will search the database on your session.

 

$query = "select * from table_name where username=$SESSION['username']

  $result = mysql_query($query, $connection) or die ("Unable to perform query
$query".mysql_error());

while($row = mysql_fetch_array($result))
{
$clientid=$row['ClientID']//this is the name of the column holding the clientid
$employeeid=$row['EmployeeID']//this is the name of the column holding the employeeid
}

[taz321]

so if i wanted the same for clientFname, clientSurname, teamname, would i do the same, so it would like this.

 

<?php

session_start();

require "connect.php";

$username = $_GET['username'];

$password = $_GET['password'];

$query = "select * from client where username='".$username."' AND password='".$password."'";

 

$result = mysql_query($query, $connection) or die ("Unable to perform query<br>$query");

 

$row=mysql_fetch_array($result);

{

$clientid=$row['clientID']

$clientFname=$row['clientFname']

$clientSurname=$row['clientSurname']

$teamname=$row['teamname']

}

 

[adam291086]

Yeah that will get the information and store it in a variable. The in your form you will have something like this

 

<form>
First name: 
<input type="text" name="firstname" value = <?php echo $clientFname;?>>
<br>
Last name: 
<input type="text" name="lastname" value = <?php echo $clientSurname;?>>>
</form>

[taz321]

This is my code

 

<?php

session_start();

require "connect.php";

$username = $_GET['username'];

$password = $_GET['password'];

$query = "select * from client where username='".$username."' AND password='".$password."'";

 

$result = mysql_query($query, $connection) or die ("Unable to perform query<br>$query");

 

$row=mysql_fetch_array($result);

{

$clientid=$row['clientID']

$clientFname=$row['clientFname']

    $clientSurname=$row['clientSurname']

    $teamname=$row['teamname']

}

 

if($row != null)

{

$_SESSION['username'] = $row['username'];

header("Location: ClientForm.php");

exit();

}

else

{

$message = "Invalid UserName or Password, Please Try Again";

header("Location: ClientLogin.php?message=$message");

exit();

}

?>

 

 

And this is the error message, cant work out wots wrong

 

 

Parse error: syntax error, unexpected T_VARIABLE in C:\wamp\www\HelpDesk\ClientLoginCheck.php on line 13

 

 

Any ideas ?

[adam291086]

should be

 

<?php
   session_start();
   require "connect.php";
   $username = $_GET['username'];
   $password = $_GET['password'];
   $query = "select * from client where username='".$username."' AND password='".$password."'";

   $result = mysql_query($query, $connection) or die ("Unable to perform query
$query");

   $row=mysql_fetch_array($result);
   {
   $clientid=$row['clientID'];
   $clientFname=$row['clientFname'];
    $clientSurname=$row['clientSurname'];
    $teamname=$row['teamname'];
   }

   if($row != null)
   {
      $_SESSION['username'] = $row['username'];
      header("Location: ClientForm.php");
      exit();
   }
   else 
   {
      $message = "Invalid UserName or Password, Please Try Again";
      header("Location: ClientLogin.php?message=$message");
      exit();
   }
?>

[taz321]

Hi excellent i have got it working now, thanks for all ur help

[adam291086]

You should be using POST thought. It works in the same way as GET. All you need to do is change the following.

 

Where you have the form for logging in change action to = post.

 

Then isstead of using $_GET['password'] use $_POST['password']

 

Its more secure

[taz321]

Thanks this has all worked now.

 

Cheers for ur help