Fetching Database Table Details After PHP Login

PseudZ

Expert Member
Joined
May 28, 2008
Messages
1,217
Hi all,

I am a bit confused with this and wondered if someone could help.

I have a page that people can login to and then based on their login(username) it shows data in a table relevant to them.

I have found a script that is handling most of the hard work, I am just having trouble getting the data to display based on their login details.

I am assuming the login details would be stored in the SESSION so if I use:

PHP:
$sql = "SELECT * FROM $tbl_name WHERE username = '" . $_SESSION['username'] . "'";
should it work? Or am I missing something?

Unless the login isn't storing in SESSION? Is there another way to perform a login?
Do I need to declare something else?

Thanks for any help!
 

cbrunsdonza

Honorary Master
Joined
Jun 21, 2008
Messages
13,383
Lets ignore security here but that looks right. Are you using session_start()
 

guest2013-1

guest
Joined
Aug 22, 2003
Messages
19,808
echo $_SESSION['username']; and make sure you actually have the username stored in session.

It's hard to debug anything that "handles most of the hard work" because it's the script that will either use a session or a cookie or whatever to do the actual login. It might not even store the username but the userid as in the database (assuming there's a userid.

However, everything does look fine.

I'd do another echo on $sql just to make sure that $tbl_name in that sql is looking at the correct table and make sure that table has a column in there called username and/or if the username is actually in that table to begin with.
 

PseudZ

Expert Member
Joined
May 28, 2008
Messages
1,217
Security isn't a major issue at the moment.

I am using session_start() with username. If I remove the WHERE clause it displays all the data correctly but as soon as the WHERE clause is added in it won't.

EDIT: Just saw your post AcidRaZor, will try echo the username now.
 
Last edited:

PseudZ

Expert Member
Joined
May 28, 2008
Messages
1,217
I am not getting any error message, the results are just not showing up.

I tried
PHP:
echo $_SESSION['username'];
but nothing displayed however
PHP:
echo $_SESSION['name_of_user'];
displays.
Inserting that into the WHERE clause doesn't show anything up though.

In the database there is name and username. username is used as the login, name just displays to welcome them.

I am not sure if this function helps anything:

PHP:
function CheckLoginInDB($username,$password)
    {
        if(!$this->DBLogin())
        {
            $this->HandleError("Database login failed!");
            return false;
        }          
        $username = $this->SanitizeForSQL($username);
        $pwdmd5 = md5($password);
        $qry = "Select name, email from $this->tablename where username='$username' and password='$pwdmd5' and confirmcode='y'";
        
        $result = mysql_query($qry,$this->connection);
        
        if(!$result || mysql_num_rows($result) <= 0)
        {
            $this->HandleError("Error logging in.");
            return false;
        }
        
        $row = mysql_fetch_assoc($result);
        
        
        $_SESSION['name_of_user']  = $row['name'];
        $_SESSION['email_of_user'] = $row['email'];
        
        return true;
    }
 

rward

Senior Member
Joined
Oct 26, 2007
Messages
858
try prefixing the table name with the database name.

Could be your running the query without selecting the db ..
select * from db.table where col1 = 'xxx';
 

Nod

Executive Member
Joined
Jul 22, 2005
Messages
8,780
Maybe a stupid question, but if you do the query directly in the database, do you actually get anything back for the username used?
 

cbrunsdonza

Honorary Master
Joined
Jun 21, 2008
Messages
13,383
I always do to see what is being passed.

PHP:
session_start();
var_dump($_SESSION);
die();
 

PseudZ

Expert Member
Joined
May 28, 2008
Messages
1,217
Okay it is working now.

PHP:
$sql = "SELECT * FROM $tbl_name WHERE username = '" . $membersite->UserFullName() . "'";
The session was set in the function, so calling the function seems to work. I didn't realise that :eek:

Thank you to all for the help, much appreciated!
 
Top