user account display data
Posted: Sat Mar 08, 2014 10:22 am
Hi want to display some data once an user logged into their account, but right now my it displays all the records from one of my database table and some of them doesn't belong to the user. e.g logged in as user1 in the user1 account page you can find its own data and user2's and user3's as well. I don't want this I just want user1 account display its own data.
Please help I am a beginner. Thanks
Also this is my login page I am not sure if has anything to do with this page:
Please help I am a beginner. Thanks
Code: Select all
<?php
session_start();
session_regenerate_id();
if($_SESSION['account_id'] == '')
{
header('location: registration.php');
exit;
}
?>
<html>
<body>
<table border="1">
<?php
//include database connection
$con=mysqli_connect("localhost","","","");//database connection
$query = "select account_id, goalName, goal_id, gdescription, progress from goal where account_id =".$_SESSION['account_id'];
//execute the query
$result= mysqli_query($con,$query);
while($row = mysqli_fetch_assoc($result)){
?>
<tr>
<td><?php echo $row['goalName'] ; ?></td>
<td><?php echo $row['gdescription'] ; ?></td>
<td><?php echo $row['progress'] ; ?></td>
<td><a href="deletegoal.php<?php echo '?goal_id='.$row['goal_id']; ?>">delete</a></td>
<td><a href="editGoal.php<?php echo '?goal_id='.$row['goal_id']; ?>">Edit</a></td>
<?php
}
?>
</tr>
</table>
</fieldset>
</body>
</html>Code: Select all
<?php
session_start();
$con=mysqli_connect("localhost","","","") or die();
if(isset($_POST['submit']))
{
$username = trim($_POST['username']);
$password = trim($_POST['password']);
$permission = trim($_POST['permission']);
$query ="SELECT * FROM useraccount WHERE username='$_POST[username]'and password='$_POST[password]' and permission='$_POST[permission]'";
$result= mysqli_query($con,$query) or die(mysqli_error());
//$num_row = mysqli_num_rows($result);
while($row = mysqli_fetch_array($result)){
if($_SESSION['account_id']=$row['username'] && $_POST['password']=="$password" && $_POST['permission']=="Student")
{
header("Location:studentAccount.php");
exit;
}
else if($_SESSION['account_id']=$row['username']&& $_POST['password']=="$password" && $_POST['permission']=="Staff")
{
header("Location:staffAccount.php");
exit;
}
else
{
echo "You got credentials wrong";
}
}
}
?>