User Login Specific Page 1

[redzonne]

I have implemented PHP Sessions successfully on my login page. Now, I would like to have a user control panel(members only page) were user specific info from the database would be displayed, based on the active USER specific session.

On the login page session variable is:

$HTTP_SESSION_VARS ['valid_user'] = $login;
?>

login is also a column fire in the database.

Here is a simplified version of the panel(members only page)

<?
session_start();

$db = mysql_connect ( 'localhost', 'FAKE_LOGIN', 'FAKE_PASSWORD' );
mysql_select_db ( 'realest1_proppost', $db);
$result = mysql_query("SELECT * FROM customerindex WHERE login='$login'",$db);
$myrow = mysql_fetch_array($result);
echo "First Name: ".$myrow["cfirstname"];
echo "<br />";
echo "Last Name: ".$myrow["clastname"];
echo "<br />";
echo "Email Address: ".$myrow["cemail"];
echo "<br />";
echo "Login: ".$myrow["login"];
?>

The page is not showing the user specific info only:
First Name:
Last Name:
Email Address:
Login:

Any suggestions?

The Journey of a Thousand Miles Begins with the First Step...

 

[spookie]

Are you getting value of login variable ?
try the following

<?
session_start();

$db = mysql_connect ( 'localhost', 'FAKE_LOGIN', 'FAKE_PASSWORD' );
mysql_select_db ( 'realest1_proppost', $db);
$sql = "SELECT * FROM customerindex WHERE login='$login'" ;
echo $sql ;
/*
$result = mysql_query($sql,$db);
$myrow = mysql_fetch_array($result);
echo "First Name: ".$myrow["cfirstname"];
echo "<br />";
echo "Last Name: ".$myrow["clastname"];
echo "<br />";
echo "Email Address: ".$myrow["cemail"];
echo "<br />";
echo "Login: ".$myrow["login"];
*/
?>

What does it show you on browser ?


--------------------------------------------------------------------------
I never set a goal because u never know whats going to happen tommorow.

 

[redzonne]

I figured it out!

$db = mysql_connect ( 'localhost', 'FAKE_USER', 'FAKE_PASSWORD' );
mysql_select_db ( 'realest1_proppost', $db);
$result = mysql_query("SELECT * FROM customerindex WHERE login='$login'",$db);
$myrow = mysql_fetch_array($result);

<? echo $myrow["cfirstname"] ?>

<? echo $myrow["cmidinitial"] ?>

<? echo $myrow["clastname"] ?>

The Journey of a Thousand Miles Begins with the First Step...

 

[Olavxxx]

First of all, go to

http://www.php.net

and look up mysql_real_escape_string()

It's located here:

http://www.php.net/mysql_real_escape_string

After you have implemented that, you might also consider:
* Select only the fields you need to retrieve information from (You dont need to select those you wish to run the WHERE clause on)
* Why are you doing this: <? echo $myrow["cmidinitial"] ?>

There are several ways to echo out the variables:
<?=$myrow["cmidinitial"]?>
<?php
echo $myrow["cmidinitial"];
?>

<?
print $myrow["cmidinitial"];
?>

etc.

If you echo the values out, just below your query, you dont need to close the php-tag to echo a variable like this: <?=$foo?>, as then you can simply do: echo $foo;

If you want to echo out something inbetween the html-tags, you can do it in different ways!

echo "<img src=\"\{$foo}">";

etc. etc.
Also, remember to secure your variables with strip_tags(), trim(), etc. Especially for user-input that are stored in the db!

Olav Alexander Mjelde

http://www.volvo-power.net

Admin & Webmaster