So basically, I have a login system and I want to retrieve the password of the currently logged in person. When I do the Select query, it doesn't select anything. And assume you are connected to MySQL with the correct database selected. [COLOR="Red"] [FONT="Courier New"] <?php session_start(); // Get current logged in user's id! // Assume I am connected to mysql. $usr = $_SESSION["usrid"]; $query = "SELECT * FROM users WHERE ID='usrid'"; $res = mysql_query($query); $tab = mysql_fetch_array($res, MYSQL_ASSOC); ?> [/FONT] [/COLOR] Code (markup): Once I query the query, it returns nothing for the $res variable. How I'm inserting values into the table is [COLOR="Red"][FONT="Courier New"] <?php // Assume I'm connected to mysql $query = "INSERT INTO users ('', '$usrid', '$usrname', '$usrpass')"; mysql_query($query); ?> [/FONT] [/COLOR] Code (markup): This works fine. Just I can't retreive the values.
Check to make sure that you dont need to md5( the password. Also try adding or die(mysql_error()); to each sql statement. It's hard to say what is wrong unless there is an error. I think that this is the problem: $query = "SELECT * FROM users WHERE ID='usrid'"; //Change to $query = "SELECT * FROM users WHERE ID=$usr"; PHP:
I already tried that and it gives me the error. If i throw in the or die (mysql_error()); I get the message You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 This is really annoying. The retrieving works fine if I get the $usrid variable from a $_GET thing. But the $_SESSION seems to screw it. Anyone know what the difference is there? Maybe how to convert string into integer? =(
Are you certain that the $_SESSION['userid'] is set? Try echoing the $_SESSION['userid'] and see what the output is. If there is a $_SESSION['userid'] set try this and see if it works (This isn't a safe script so don't use it permanently): $query = "SELECT * FROM users WHERE ID= ".$_SESSION['userid'].""; $res = mysql_query($query); PHP:
<?php session_start(); // Get current logged in user's id! // Assume I am connected to mysql. $usr = $_SESSION["usrid"]; $query = "SELECT * FROM users WHERE ID='usrid'"; $res = mysql_query($query); $tab = mysql_fetch_array($res, MYSQL_ASSOC); ?> PHP: The syntax is incorrect : $query = "SELECT * FROM users WHERE ID='usrid'"; shud b : $query = "SELECT * FROM users WHERE ID='$usr'"; also, remember to limit the query to one record, and only select the data you're using dont use * if you can help it .... as it's only one record, mysql_fetch_assoc( mysql_query( "SELECT * FROM `users` WHERE ID = '$usr' LIMIT 1" ) ) will work also .....
U R A GENIUS XD Thank you all. but how is the script unstable? I think the problem was, I couldn't convert the $usrid into an integer... Anyone know how to convert $usrid into an integer? i tried the intval function but it didn't work. But anyways, it works!!
Do something like: $userid = (int)$_SESSION['userid']; PHP: It's not anything major to be worried about, but I've always been taught never trust any data that comes from a visitor.
that's good advice, although, on most systems userid would be set by another sql statement when you login, if you think about it, it's probably not worth it, so long as the username / pass comination are formatted properly then the id shouldn't need any extra attention.