I am testing my welcome page and when I complete the form it welcomes everyone of my tested names in the database. How can I narrow it down to only welcome the one name that filled out the form. Here is my coding.
<?php
session_start();
ini_set ("display_errors", "1");
error_reporting(E_ALL);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Welcome</title>
<style type="text/css">
.background {color: #B56AFF;
}
</style>
</head>
<body>
<p>
<?php
/* Program: login.php
* Desc: Displays the new member welcome page. Greets
* member by name and gives a choice to enter
* restricted section or go back to main page.
*/
if (isset($_SESSION['id'])) {
// Set the users session ID
include("Connections/connect_to_mysql.php");
//Formulate Query
//This is the best way to perform an SQL query
$query = "SELECT id, firstname FROM `Members` WHERE id={$_SESSION['id']}";
$result = mysql_query($query);
$numrows = mysql_num_rows($result);
//Check result
//This shows the actual query sent to MySQL and the error. Useful for debugging.
if(!$result){
$message = 'Invalid query:' . mysql_error() . "\
";
$message .= 'Whole query:' . $query;
die($message);}
//Use result
//Attempting to print $result won't allow access to information in the resource
//One of the mysql result functions must be used
//See also mysql_result(), mysql_fetch_array(), mysql_fetch_row(), etc.
if($numrows!=0){
while($row=mysql_fetch_assoc($result)){
echo "Welcome, {$row['firstname']}";
}
//Free the resources associated with the result set
mysql_free_result($result);
}
}
?>
</p>
<p> </p>
<p>Your new Member accounts lets you enter the members only section
of our web site. You'll find special discounts, a profile of matches,
live advise from experts, and much more.</p>
<p>Your new Member ID and password were emailed to you. Store them
carefully for future use.</p>
<div style="text-align: center">
<p style="margin-top: .5in; font-weight: bold">
Glad you could join us!</p>
<form action="profile.php" method="post">
<input type="submit"
value="Enter the Members Only Section">
</form>
<form action="index.php" method="post">
<input type="submit" value="Go to Main Page">
</form>
</div>
</body>
</html>
$query = "SELECT id, firstname FROM `Members` WHERE id={$_SESSION['id']}";
SB
$query = "SELECT id, firstname FROM `Members` WHERE id=". $_SESSION['id'];
The above is true given that your id is indeed a number, a positive integer.
If it is a string you will have to do this:
$query = "SELECT id, firstname FROM `Members` WHERE id='" . $_SESSION['id'] . "'";
Take great care with the quotes.
The reason it did not work for you before is that PHP does not expand arrays inside quotes, neither single nor double. Its an easy mistake to make and we’ve all done it (or continue to do it).
Also, you have a lot of unnecessary code there, something like this would do fine, and be easier to read and follow.
Its untested but you should get the drift:
$query = "SELECT id, firstname FROM `Members` WHERE id=" . $_SESSION['id'] ;
$result = mysql_query($query);
if($result){ // or do it the way you have if you prefer "(!$result)"
$row=mysql_fetch_assoc($result);
echo "Welcome, {$row['firstname']}";
}else{
$message = 'Invalid query:' . mysql_error() . "\
";
$message .= 'Whole query:' . $query;
die($message);}
}
Just to say that you are giving out far too much information in case your system goes wrong - so change it before you go live with this. (error reporting, displaying sql errors and so on).
Thanks I must be getting closer as this is my new codes I copied from you.
$query = "SELECT id, firstname FROM `Members` WHERE id='" . $_SESSION['id'] . "'";
$result = mysql_query($query);
if($result){
// or do it the way you have if you prefer "(!$result)"
$row=mysql_fetch_assoc($result);
echo "Welcome, {$row['firstname']}";
}else{
$message = 'Invalid query:' . mysql_error() . "\
";
$message .= 'Whole query:' . $query;
die($message);
}
}
//Free the resources associated with the result set
mysql_free_result($result);
And this is my results when I tried it so it is showing one welcome able to use the private pages but just does not produce who is actually logged in.
last update on live test.
Welcome,
Your new Member accounts lets you enter the members only section of our web site. You’ll find special discounts, a profile of matches, live advise from experts, and much more.
Your new Member ID and password were emailed to you. Store them carefully for future use.
I’m sorry, I did say it was untested, so instead of this;
$query = "SELECT id, firstname FROM `Members` WHERE id='" . $_SESSION['id'] . "'";
$result = mysql_query($query);
if($result){
// or do it the way you have if you prefer "(!$result)"
$row=mysql_fetch_assoc($result);
try this: (extra comments to explain my points)
$query = "SELECT id, firstname FROM `Members` WHERE id='" . $_SESSION['id'] . "'";
// comment this line out later, then remove it before going live
echo $query;
// take a good look at the query, does it look valid?
// copy the echoed output, paste it into whatever
// you manage mysql with, does it return data?
$result = mysql_query($query);
// again, a line of debug
var_dump( $result );
if($result){
// or do it the way you have if you prefer "(!$result)"
$row=mysql_fetch_assoc($result);
// again, a line of debug
var_dump( $row );
And yes, as jgetner pointed out, you were trying to access an array inside quotes.
Hopefully these simple methods will help you to debug your own code and chase down exactly where you are going wrong. Get used to doing this.
When I tested the login for a return live below message appears I then pasted it into MySQL which starts with #1064. Is that what you meant.
SELECT id, firstname FROM Members WHERE id='id’resource(4) of type (mysql result) bool(false)
#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘resource(4) of type (mysql result) bool(false) LIMIT 0, 30’ at line 1
SELECT id, firstname
FROM Members
WHERE id = 'id’resource( 4 ) of
TYPE (
mysql result
)bool( false )
LIMIT 0 , 30
I also pasted into MySQL the follow script you mentioned. This is the results.
#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘$query = “SELECT id, firstname FROM Members WHERE id=”. $_SESSION[‘id’]’ at line 1
$query = "SELECT id, firstname FROM `Members` WHERE id=".$_SESSION[ 'id'];
for some reason it is losing connection with the db. I have the same connection that I use with the form which is inputting the data. But the codes are losing connection.
<?php
session_start();
ini_set ("display_errors", "1");
error_reporting(E_ALL);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Welcome</title>
<style type="text/css">
.background {color: #B56AFF;
}
</style>
</head>
<body>
<p>
<?php
/* Program: login.php
* Desc: Displays the new member welcome page. Greets
* member by name and gives a choice to enter
* restricted section or go back to main page.
*/
if (isset($_SESSION['id'])) {
// Set the users session ID
include_once ("Connections/connect_to_mysql.php");
$id=$_SESSION['id'];
//Formulate Query
//This is the best way to perform an SQL query
$query = "SELECT * FROM `Members` WHERE id='$id'";
$result = mysql_query($query);
$numrows = mysql_num_rows($result);
//Check result
//This shows the actual query sent to MySQL and the error. Useful for debugging.
if(!$result){
$message = 'Invalid query:' . mysql_error() . "\
";
$message .= 'Whole query:' . $query;
die($message);
}
/// Since the script die()'s if the query fails, you don't need an else statement.
/// We can assume from here on out that the query passed and the SESSION id was set.
$row = mysql_fetch_assoc($result);
mysql_free_result($result);
echo "<p>Welcome, " . $row['firstname'] . "</p>";}?>
</p>
<p> </p>
<p>Your new Member accounts lets you enter the members only section
of our web site. You'll find special discounts, a profile of matches,
live advise from experts, and much more.</p>
<p>Your new Member ID and password were emailed to you. Store them
carefully for future use.</p>
<div style="text-align: center">
<p style="margin-top: .5in; font-weight: bold">
Glad you could join us!</p>
<form action="profile.php" method="post">
<input type="submit"
value="Enter the Members Only Section">
</form>
<form action="index.php" method="post">
<input type="submit" value="Go to Main Page">
</form>
</div>
</body>
</html>