Ok I have this login script Im working on everything worked well up until I added a query to the script/page that the user is redirected to after successfully logging in. The query is supposed to take the user_id stored in $_SESSION and based on that retrieve all the data stored about the user because the script is supposed to show what information we got for the user and if he wants to to update their information. This is the part from the login.php script that stores the data into the $_SESSION super global // If the user isn't logged in, try to log them in if (!isset($_SESSION['AcctNr'])) { if (isset($_POST['submit'])) { // Connect to the database $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); // Grab the user-entered log-in data $user_username = mysqli_real_escape_string($dbc, trim($_POST['username'])); $user_password = mysqli_real_escape_string($dbc, trim($_POST['password'])); if (!empty($user_username) && !empty($user_password)) { // Look up the username and password in the database $query = "SELECT AcctNr, username, UserNr FROM account " . "WHERE username = '$user_username' AND password = SHA('$user_password')"; $data = mysqli_query($dbc, $query); if (mysqli_num_rows($data) == 1) { // The log-in is OK so set the user ID and username session vars (and cookies), and redirect to the home page $row = mysqli_fetch_array($data); $_SESSION['AcctNr'] = $row['AcctNr']; $_SESSION['Username'] = $row['Username']; $_SESSION['UserNr'] = $row['UserNr']; setcookie('AcctNr', $row['AcctNr'], time() + (60 * 60 * 24 * 30)); // expires in 30 days setcookie('Username', $row['Username'], time() + (60 * 60 * 24 * 30)); // expires in 30 days setcookie('UserNr', $row['UserNr'], time() + (60 * 60 * 24 * 30)); // expires in 30 days $home_url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . 'client/my_details.php'; header('Location: ' . $home_url); } PHP: And this is the client_details.php script where a user is redirected after successfully logging in with the right credentials: <?php require_once('startsession.php'); session_start(); //retrieves data from the database and stores them in variables require_once('connectvars.php'); $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME) or die ('Error connecting to MYQSQL server.'); $query = "SELECT FirstName, LastName, Email, PostalAddress, PostalCode, Phone, Cellphone" . "FROM user WHERE UserNr = '" . $_SESSION['UserNr'] . "'"; $data = mysqli_query($dbc, $query) or die ('error querying database for data'); if (mysqli_num_rows($data) == 1) { PHP: The error it says is querying the database. The $data = mysqli_query($dbc, $query) PHP: part is giving the error message instead. Any help is really appreciated.
$query = "SELECT FirstName, LastName, Email, PostalAddress, PostalCode, Phone, Cellphone" . "FROM user WHERE UserNr = '" . $_SESSION['UserNr'] . "'"; PHP: So there's no space between the append: what you are actually producing is: So as you can see that's not going to work. Add in the space and backticks around the table that you are searching and give it another go.
Thanks a lot everyone for your help, Im going to try and change this ^ and see. It worked now I see where the problem is and will probably never repeat this mistake again, thanks for your time much appreciated.