PHP and MySQL question

I'm trying to make a login-required page, and I want to know if its possible to read a whole row of a mySQL table with only one field.

Like, I have the username saved in a cookie, but I want to read the other fields too, like how many credits the said person has in his account. Is this possible to do with PHP? If it isn't, what other methods could I use to do the same thing?

Thanks!

 

Yes, it's possible. Basically, the query statement would look like this:

$sql = 'select * from `users` where `username`=\'' .  mysql_real_escape_string($_COOKIE['username']) . '\'';

PHP:

This would return a single row with all the user's information.

Not sure of your cookie field name, your db table name, etc. but you can replace those in the above code.

If you need more info, let me know.

 

Thanks Sea Otter, rep added.

I'll try that out tommorow and if it doesn't work, I'll post here. I'm sure it'll work though, since your ideas usually are right

 

Thanks I'll be around.

 

Okay, here is the code I have right now, and here is the error I'm getting.

<?
include 'check.php';
include 'config.php';
echo 'Welcome, $username';
mysql_connect($server, $db_user, $db_pass)or die ("Could not connect to mysql because ".mysql_error());
mysql_select_db($database)or die ("Could not select database because ".mysql_error());
$balance = mysql_query("select 'balance' from `users` where `username`=\'' mysql_real_escape_string($username) . '\''")or die("Could not insert data because ".mysql_error());
echo 'You currently have a balance of $balance';
?>

Code (markup):

Error message is:

Welcome, $usernameCould not insert data because You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' mysql_real_escape_string($HTTP_COOKIE_VARS["whybank_username"]) . '\''' at line 1

Code (markup):

 

Variables between single quotes won't be parsed. Used double quotes instead.

 

uh-oh

why store the username on a cookie?

IMO, how bout a unique identifier for that row?

<?php
$qry = mysql_query("SELECT balance FROM some_table WHERE some_unique_id = '".$_COOKIE['some_oreo']."' LIMIT 1")
?>

PHP:

* or better use session instead of cookie to store the username

 

I would use sessions but I can't seem to figure out how to use it.

If someone could help.

 

Sessions are easy

In the file where you actually set the username (where right now you set the cookie value), put this:

<?php
session_start();

// get the username somehow...
$username = 'whatever';

$_SESSION['username'] = $username;

?>

PHP:

Make sure session_start() is at the top of the file, and that it is declared before you output any html or echo() anything from within php.

Also, don't forget to remove the code where you set $_COOKIE['username'];

Next, in the file where you want to retrieve the user information, put this:

<?php
session_start();
include 'check.php';
include 'config.php';

// session variable not set?  die!
if (!isset($_SESSION['username'])) die ('No username specified!');

// get on with the show
$username = $_SESSION['username'];

echo "Welcome, $username";

mysql_connect($server, $db_user, $db_pass) or die ("Could not connect to mysql because ".mysql_error());
mysql_select_db($database) or die ("Could not select database because ".mysql_error());

$result = mysql_query('select balance from `users` where `username`=\''  . mysql_real_escape_string($username) . '\'');
if ($result === false) 
      die("mysql_query failed with:  ".mysql_error());

$column = mysql_fetch_array($result);
if ($column === false)
   die("User $username not found in the database!");

echo "You currently have a balance of {$column[0]}";
?>

PHP:

I'm not sure what you do in check.php or config.php. Do either of them set or use $_COOKIE['username'] ? If so, we'll need to modify the above code somewhat, along with the relevant code in those files.

 

Ok.

Sweet.

I'll try this out tommorow morning and get back to you. As far as my php knowledge goes, it looks like it should.

 

Just a short note: Avoid using parsing methods when you can, it's server time consuming.
use:

echo 'Welcome, '.$username;

PHP:

instead.

 

i do not use quotes....and work to me

 

^^ Liar!

Unless you use heredoc strings or single words. (note that single words would be considered constants and it would log an error for each cause it'd most likely be undefined)

 

Okay. Well this isn't a coding problem, but I still can't get it to work.

The script where I verify that all fields are filled correctly in login is an if (this) or else (that).

The if checks if the user name and password are valid and displays an error if they aren't, and the else displays the info to be seen if the password is valid. Well, as you obviously know, I need to place the session info in the else, so only people who are valid can get in.

But alas, I can't place the session info in the else, because then the session_start() isn't at the top of the page. So what I thought I could, was to redirect to a page where it sets the session info. But then I realized that I couldn't do that either, since the $_POST['username'] is in the login.php file.

Anyway I can do this?

 

Actually, it's quite simple, and you don't need to do any redirects.

The key is that only session_start() needs to be at the top of the page, but then you can access the $_SESSION variable anywhere you want -- before, during and after other code/output on the page.

something roughly like

<?php
session_start();

// user trying to login, so verify credentials
if (isset($_POST['username']))
{
   // invalid credentials!
   if (validate_credentials($_POST['username'],$_POST['password']) == false)
   {
       echo 'Sorry, invalid username/password pair';
       exit;
   }
   else // /valid credentials
   {
      // if we got here, everything's ok, so set the session variable and do whatever
     $_SESSION['username']=$_POST['username']; // make sure you SANITIZE the post variable

     // more code... etc...
  }
}
else // no post variable, so show the login form
{
    // show the login form
}
?>

PHP:

 

Thanks for your help..

Will try them out tomorrow morning.

 

solved the problem?

 

Ooops, minor logic problem with my last post. I was too focused on what you were saying about if/else statements and included an extraneous else clause.

Corrected code below:

<?php
session_start();

// user trying to login, so verify credentials
if (isset($_POST['username']))
{
   // invalid credentials!
   if (validate_credentials($_POST['username'],$_POST['password']) == false)
   {
       echo 'Sorry, invalid username/password pair';
       exit;
   }
   // if we got here, everything's ok, so set the session variable and do whatever
   $_SESSION['username']=$_POST['username']; // make sure you SANITIZE the post variable

     // more code... etc...
}
else // no post variable, so show the login form
{
    // show the login form
}
?>

PHP:

 

So you don't have to end the second 'if' statement?

 

The code isn't working. Its something wrong with $balance.

<?
session_start();
//Check to make sure they're logged in.
include 'check.php';
//Include the config panel into the page.
include 'config.php';
//Get on with the page
echo 'Welcome, .$username';
mysql_connect($server, $db_user, $db_pass)or die ($theError);
mysql_select_db($database)or die ($theError);
$balance = mysql_query("select 'balance' from `users` where `username`=\'' mysql_real_escape_string($username) . '\''")or die($theError);


echo 'You currently have a balance of $balance';
?>

Code (markup):