hii all . i've 4 forms, in which the first form validates a particluar user and if matched with DB, he will be shown a second form where he wil be asked to enter more details like firstname, lastname, mobile county. if he enters the correct information he then will be shown a success message. my problem is sessions are not being carried and i'm using hidden field.. i'm pasting my php forms here.. [PHP]<?php session_start(); //Connect to mysql server $link=mysql_connect("localhost","root",""); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } //Select database $db=mysql_select_db("blackerdread"); if(!$db) { die("Unable to select database"); } if(!get_magic_quotes_gpc()) { $Login = stripslashes($_POST['Login']); }else{ $Login = $_POST['Login']; } $query="SELECT Login, customerID FROM ss_customers WHERE Login='" . mysql_real_escape_string($Login) . "'"; $result=mysql_query($query); if(mysql_num_rows($result)>0) { //UserID found session_register ("Login"); session_register ("customerID"); $customerID = $customerID['customerID']; $customerID=$_SESSION['customerID']; $Login=$_SESSION['Login']; header("location: formfields.php"); } else { //UserID Not Found.. Show forgot password page session_destroy(); echo "No records found!"; //header("location: forgotpass.php"); exit(); } ?>[/PHP] Code (markup): heres my second form. [HTML]<?php session_start(); $customerID=$_POST['customerID']; ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML> <HEAD> <TITLE> New Document </TITLE> <META NAME="Generator" CONTENT="EditPlus"> <META NAME="Author" CONTENT=""> <META NAME="Keywords" CONTENT=""> <META NAME="Description" CONTENT=""> </HEAD> <BODY> <FORM METHOD=POST ACTION="emailform.php"> <label for="first_name">First Name:</label> <input type="text" name="first_name" size="20" maxlength="12" accesskey="u" /><BR> <label for="last_name">Last Name:</label> <input type="text" name="last_name" size="20" maxlength="12" accesskey="u" /><BR> <label for="state">County:</label> <input type="text" name="state" size="20" maxlength="12" accesskey="u" /><BR> <label for="zip">Post Code:</label> <input type="text" name="zip" size="20" maxlength="12" accesskey="u" /><BR> <input id="submit" value="Get Password" tabindex="3" type="submit"> <input type="hidden" name="customerID" value="<?php echo $customerID; ?>"> </form> </BODY> </HTML>[/HTML] Code (markup): php action page: [PHP]<?php session_start(); //Connect to mysql server $link=mysql_connect("localhost","root",""); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } //Select database $db=mysql_select_db("blackerdread"); if(!$db) { die("Unable to select database"); } if(!get_magic_quotes_gpc()) { $first_name = stripslashes($_POST['first_name']); $last_name = stripslashes($_POST['last_name']); $state = stripslashes($_POST['state']); $zip = stripslashes($_POST['zip']); $customerID = stripslashes($_POST['customerID']); }else{ $first_name = $_POST['first_name']; $last_name = $_POST['last_name']; $state = $_POST['state']; $zip = $_POST['zip']; $customerID = $_POST['customerID']; } $query="SELECT first_name, last_name, zip, state, customerID FROM ss_customer_addresses WHERE first_name='" . mysql_real_escape_string($first_name) . "' and last_name='" . mysql_real_escape_string($last_name) . "' and state='" . mysql_real_escape_string($state) . "' and zip='" . mysql_real_escape_string($zip) . "' and customerID='$customerID'"; echo $query; exit(); $result=mysql_query($query); if(mysql_num_rows($result)>0) { //UserID found echo "records found!"; //header("Location: formfields.php"); } else { //UserID Not Found.. Show forgot password page session_destroy(); echo "No records found!"; //header("location: forgotpass.php"); exit(); } ?>[/PHP] Code (markup): any ideas please.. i need to validate only one user's details against the DB, presently when i enter details of other user's details already existing in the DB i'm getting sucess page..
Hard to read indeed. PHP and HTML tag alone is enough, you don't have to put CODE tag around it. Your current post is (CODE)(PHP)(/PHP)(/CODE) make it (PHP)(/PHP) and of course in square brackets. - ads2help
hii.. sorry for that.. i'm trying to implement ebay.in site like reset password functionality.. for that i designed 4 forms which will validate user and then sends him aa dynamic link encoded with userID to his email. my 4 forms are : 1 form : will take userID as input and validates it with the DB records and if user exists then takes him to the second form. 2 form : will ask more details about the same user and validates them with the DB and if entered correctly then sends him a link to reset his lost [password. my problem is, there are 2 tables in my DB which deals with the customers. 1. customers table : customerID, Login, customer pass, firstname, lastname, email. 2. customer_addresses : customerID, addressID, firstname, lastname, mobile, phone, county, postcode, country. suppose user A has entered his userID in the first form, then after validation he will be shown the second form, there if he enters deliberately say user B's details which were already in the DB, then after submitting the form he can see the success page isntead of error page. i think there is an error in mysql query.. please check out my forms once.. form 1 : <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML> <HEAD> <TITLE> New Document </TITLE> <META NAME="Generator" CONTENT="EditPlus"> <META NAME="Author" CONTENT=""> <META NAME="Keywords" CONTENT=""> <META NAME="Description" CONTENT=""> </HEAD> <BODY> <FORM METHOD=POST ACTION="showform.php"> <label for="username">Ente LoginID:</label> <input type="text" name="Login" size="20" maxlength="12" accesskey="u" /> <input id="submit" value="Get Password" tabindex="3" type="submit"> <!-- <input type="hidden" name="Login" value='' /> --> </FORM> </BODY> </HTML> PHP: 1 form action : <?php session_start(); //Connect to mysql server $link=mysql_connect("localhost","root",""); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } //Select database $db=mysql_select_db("blackerdread"); if(!$db) { die("Unable to select database"); } if(!get_magic_quotes_gpc()) { $Login = stripslashes($_POST['Login']); $customerID = stripslashes($_POST['customerID']); }else{ $Login = $_POST['Login']; $customerID = $_POST['customerID']; } $query="SELECT Login, customerID FROM ss_customers WHERE Login='" . mysql_real_escape_string($Login) . "'"; $result=mysql_query($query); $row = mysql_fetch_array($result); if(mysql_num_rows($result)>0) { //UserID found include("formfields.php"); $customerID = $row['customerID']; session_register('customerID'); $customerID=$_SESSION['customerID']; } else { //UserID Not Found.. Show forgot password page session_destroy(); echo "No records found!"; //header("location: forgotpass.php"); exit(); } ?> PHP: second form : <?php session_start(); $customerID = $row['customerID']; ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML> <HEAD> <TITLE> New Document </TITLE> <META NAME="Generator" CONTENT="EditPlus"> <META NAME="Author" CONTENT=""> <META NAME="Keywords" CONTENT=""> <META NAME="Description" CONTENT=""> </HEAD> <BODY> <FORM METHOD=POST ACTION="emailform.php"> <label for="first_name">First Name:</label> <input type="text" name="first_name" size="20" maxlength="12" accesskey="u" /><BR> <label for="last_name">Last Name:</label> <input type="text" name="last_name" size="20" maxlength="12" accesskey="u" /><BR> <label for="state">County:</label> <input type="text" name="state" size="20" maxlength="12" accesskey="u" /><BR> <label for="zip">Post Code:</label> <input type="text" name="zip" size="20" maxlength="12" accesskey="u" /><BR> <input id="submit" value="Get Password" tabindex="3" type="submit"> <input type="hidden" name="customerID" value="<?php echo $row['customerID']; ?>"> </form> </BODY> </HTML> PHP: seconmd forms's action : <?php session_start(); $customerID = $row['customerID']; echo $row['customerID']; //Connect to mysql server $link=mysql_connect("localhost","root",""); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } //Select database $db=mysql_select_db("blackerdread"); if(!$db) { die("Unable to select database"); } if(!get_magic_quotes_gpc()) { $first_name = stripslashes($_POST['first_name']); $last_name = stripslashes($_POST['last_name']); $state = stripslashes($_POST['state']); $zip = stripslashes($_POST['zip']); $customerID = stripslashes($_POST[$row['customerID']]); }else{ $first_name = $_POST['first_name']; $last_name = $_POST['last_name']; $state = $_POST['state']; $zip = $_POST['zip']; $customerID = $_POST[$row['customerID']]; } $query="SELECT first_name, last_name, zip, state, customerID FROM ss_customer_addresses WHERE first_name='" . mysql_real_escape_string($first_name) . "' and last_name='" . mysql_real_escape_string($last_name) . "' and state='" . mysql_real_escape_string($state) . "' and zip='" . mysql_real_escape_string($zip) . "' and customerID='".$row[customerID]."'"; $result=mysql_query($query); if(mysql_num_rows($result)>0) { //UserID found echo "records found!"; //header("Location: formfields.php"); } else { //UserID Not Found.. Show forgot password page session_destroy(); echo "No records found!"; //header("location: forgotpass.php"); exit(); } ?> PHP: if user A has entered into the second form, there the firstname, lastname ect fields validated should be against usr A only not uothers. please let me know.. many thanks for the comeback..