If and while statements includes all

I am testing my welcome page and when I complete the form it welcomes everyone of my tested names in the database. How can I narrow it down to only welcome the one name that filled out the form. Here is my coding.

<?php
session_start();
	
ini_set ("display_errors", "1");
error_reporting(E_ALL);
?>		
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Welcome</title>
<style type="text/css">
.background {color: #B56AFF;
}
</style>
</head>

<body>
<p>

<?php
/* Program: login.php
 * Desc:	Displays the new member welcome page. Greets
 *			member by name and gives a choice to enter
 *			restricted section or go back to main page.
 */ 
if (isset($_SESSION['id'])) {	            
// Set the users session ID
  
include("Connections/connect_to_mysql.php");

//Formulate Query
//This is the best way to perform an SQL query
$query = "SELECT id, firstname FROM `Members` WHERE id={$_SESSION['id']}";
$result = mysql_query($query);
$numrows = mysql_num_rows($result);

//Check result
//This shows the actual query sent to MySQL and the error. Useful for debugging.

if(!$result){
	  $message = 'Invalid query:' . mysql_error() . "\
";
	  $message .= 'Whole query:' . $query;
	    die($message);}
//Use result
//Attempting to print $result won't allow access to information in the resource
//One of the mysql result functions must be used
//See also mysql_result(), mysql_fetch_array(), mysql_fetch_row(), etc.
if($numrows!=0){

while($row=mysql_fetch_assoc($result)){
	  echo "Welcome, {$row['firstname']}";
	  }
	  //Free the resources associated with the result set
	  mysql_free_result($result);
}
}
?>
</p>
<p>  </p>
<p>Your new Member accounts lets you enter the members only section
  of our web site. You'll find special discounts, a profile of matches,
live advise from experts, and much more.</p>
<p>Your new Member ID and password were emailed to you. Store them
carefully for future use.</p>
<div style="text-align: center">
<p style="margin-top: .5in; font-weight: bold">
Glad you could join us!</p>
<form action="profile.php" method="post">
	<input type="submit"
		value="Enter the Members Only Section">
		</form>
<form action="index.php" method="post">
	<input type="submit" value="Go to Main Page">
	</form>		
		</div>
</body>
</html>

$query = "SELECT id, firstname FROM `Members` WHERE id={$_SESSION['id']}"; 

SB

$query = "SELECT id, firstname FROM `Members` WHERE id=". $_SESSION['id'];

The above is true given that your id is indeed a number, a positive integer.

If it is a string you will have to do this:

$query = "SELECT id, firstname FROM `Members` WHERE id='" . $_SESSION['id'] . "'";

Take great care with the quotes.

The reason it did not work for you before is that PHP does not expand arrays inside quotes, neither single nor double. Its an easy mistake to make and we’ve all done it (or continue to do it).

Also, you have a lot of unnecessary code there, something like this would do fine, and be easier to read and follow.

Its untested but you should get the drift:

$query = "SELECT id, firstname FROM `Members` WHERE id=" . $_SESSION['id'] ; 
$result = mysql_query($query); 

if($result){ // or do it the way you have if you prefer "(!$result)"
      $row=mysql_fetch_assoc($result); 
      echo "Welcome, {$row['firstname']}"; 
}else{
     $message  = 'Invalid query:' . mysql_error() . "\
"; 
     $message .= 'Whole query:' . $query; 
      die($message);} 
}

Just to say that you are giving out far too much information in case your system goes wrong - so change it before you go live with this. (error reporting, displaying sql errors and so on).

Good luck with it.

Thanks I must be getting closer as this is my new codes I copied from you.

$query = "SELECT id, firstname FROM `Members` WHERE id='" . $_SESSION['id'] . "'";
$result = mysql_query($query);
 if($result){
	  // or do it the way you have if you prefer "(!$result)"
	        $row=mysql_fetch_assoc($result);
			       echo "Welcome, {$row['firstname']}";
				    }else{
						     $message  = 'Invalid query:' . mysql_error() . "\
";
							       $message .= 'Whole query:' . $query;
								          die($message);
										  }
										   }  
	  //Free the resources associated with the result set
	  mysql_free_result($result);

And this is my results when I tried it so it is showing one welcome able to use the private pages but just does not produce who is actually logged in.

last update on live test.

Welcome,

Your new Member accounts lets you enter the members only section of our web site. You’ll find special discounts, a profile of matches, live advise from experts, and much more.

Your new Member ID and password were emailed to you. Store them carefully for future use.

I am feeling lucky.

try this

 echo 'Welcome, ' . $row['firstname'];

but you should check if the key exists…

I put the $firstname=‘’;

included your coding.

It echos out the Welcome,

I seems to be adding to the db and making the pages available but it is still not singling out the one inputting into the form.

I’m sorry, I did say it was untested, so instead of this;

$query = "SELECT id, firstname FROM `Members` WHERE id='" . $_SESSION['id'] . "'"; 
$result = mysql_query($query); 
 if($result){ 
      // or do it the way you have if you prefer "(!$result)" 
            $row=mysql_fetch_assoc($result);

try this: (extra comments to explain my points)

$query = "SELECT id, firstname FROM `Members` WHERE id='" . $_SESSION['id'] . "'"; 

// comment this line out later, then remove it before going live
echo $query;
// take a good look at the query, does it look valid?
// copy the echoed output, paste it into whatever
// you manage mysql with, does it return data?

$result = mysql_query($query); 

// again, a line of debug
var_dump( $result );

 if($result){ 
      // or do it the way you have if you prefer "(!$result)" 
            $row=mysql_fetch_assoc($result);

// again, a line of debug
var_dump( $row );

And yes, as jgetner pointed out, you were trying to access an array inside quotes.

Hopefully these simple methods will help you to debug your own code and chase down exactly where you are going wrong. Get used to doing this.

It returned this errors.

SELECT id, firstname FROM Members WHERE id='id’resource(4) of type (mysql result) bool(false) Welcome,

Your new Member accounts lets you enter the members only section of our web site. You’ll find special

I advised you to copy the result of that statement and paste it into Mysql, did you do that? What did you get?

So, do you really have an id in your database table which contains the value ‘id’, or let me guess - is it integers like 2?

Tell me what the PHP line containing $query is at the moment.

I advised you to have this:

$query = "SELECT id, firstname FROM `Members` WHERE id=". $_SESSION['id'];  

IF you have then just what is in the session?

var_dump( $_SESSION );

When I tested the login for a return live below message appears I then pasted it into MySQL which starts with #1064. Is that what you meant.

SELECT id, firstname FROM Members WHERE id='id’resource(4) of type (mysql result) bool(false)

#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘resource(4) of type (mysql result) bool(false) LIMIT 0, 30’ at line 1
SELECT id, firstname
FROM Members
WHERE id = 'id’resource( 4 ) of
TYPE (
mysql result
)bool( false )
LIMIT 0 , 30

I also pasted into MySQL the follow script you mentioned. This is the results.

#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘$query = “SELECT id, firstname FROM Members WHERE id=”. $_SESSION[‘id’]’ at line 1

$query = "SELECT id, firstname FROM `Members` WHERE id=".$_SESSION[ 'id'];

No, paste the debug text that is echoed onto your page from that statement.

If you are having a problem identifying the text change your debug echo statement from

echo $query;

to

echo "<hr>PASTE THIS BELOW INTO MYSQL:<br />$query<hr>";

Okay this is the results from that info I pasted into MySQL

MySQL returned an empty result set (i.e. zero rows). ( Query took 0.0003 sec )

SELECT id, firstname
FROM Members
WHERE id = ‘id’
LIMIT 0 , 30

for some reason it is losing connection with the db. I have the same connection that I use with the form which is inputting the data. But the codes are losing connection.

So where is the ‘id’ in " where id = ‘id’ " coming from then? Is that what you were expecting to see?

I will leave you to work that out, I’ve already told you in post #8 how to check what is in the session.

I’m off to watch the match. If anyone else wants to join in please wade in…

Good luck with this, don’t worry you will soon work it out, we have all had to do it.

I tested the select query in the SQL and it produced all users. Is there a way to fix the while statement to only select the one user logging on.

Post the code you have.

This was the only select that would produce a true statement but it included all names in the db

SELECT id,firstname FROM Members WHERE id='$id'

Post all the code you have for that page.

this is all the codes

<?php
session_start();
	
ini_set ("display_errors", "1");
error_reporting(E_ALL);
?>		
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Welcome</title>
<style type="text/css">
.background {color: #B56AFF;
}
</style>
</head>

<body>
<p>

<?php
/* Program: login.php
 * Desc:	Displays the new member welcome page. Greets
 *			member by name and gives a choice to enter
 *			restricted section or go back to main page.
 */ 
if (isset($_SESSION['id'])) {
	    // Set the users session ID    	
		
include_once ("Connections/connect_to_mysql.php");
	$id=$_SESSION['id'];
		//Formulate Query
		//This is the best way to perform an SQL query	
		$query = "SELECT * FROM `Members` WHERE id='$id'";
		$result = mysql_query($query);
		$numrows = mysql_num_rows($result);
		//Check result
		//This shows the actual query sent to MySQL and the error. Useful for debugging.
			if(!$result){
					$message = 'Invalid query:' . mysql_error() . "\
";
					$message .= 'Whole query:' . $query;
							die($message);
						}
							/// Since the script die()'s if the query fails, you don't need an else statement.
							/// We can assume from here on out that the query passed and the SESSION id was set.
					$row = mysql_fetch_assoc($result);
						mysql_free_result($result);
				                echo "<p>Welcome, " . $row['firstname'] . "</p>";}?>
</p>
<p>  </p>
<p>Your new Member accounts lets you enter the members only section
  of our web site. You'll find special discounts, a profile of matches,
live advise from experts, and much more.</p>
<p>Your new Member ID and password were emailed to you. Store them
carefully for future use.</p>
<div style="text-align: center">
<p style="margin-top: .5in; font-weight: bold">
Glad you could join us!</p>
<form action="profile.php" method="post">
	<input type="submit"
		value="Enter the Members Only Section">
		</form>
<form action="index.php" method="post">
	<input type="submit" value="Go to Main Page">
	</form>		
		</div>
</body>
</html>

select * from members where id=1;

Paste that previous line into your database directly, what does it return?