i think it is not wrong
if it is then sorry
tables in mysql
teachers(id,fname,email)
lec_table(id,lecture,question)
i have login page for teachers
it links to viewteachers<?php
if (isset($_POST['submit']))
require_once ('../mysql_connect.php');
if (empty($_POST['username'])) {
$u = FALSE;
echo '<p><font color="red" size="+1">You forgot to enter your username!</font></p>';
}
else {
$u = escape_data($_POST['username']);}
if (empty($_POST['password'])) {
$p = FALSE;
echo '<p><font color="red" size="+1">You forgot to enter your password!</font></p>';
} else {
$p = escape_data($_POST['password']); }
if ($u && $p) {
$query = "SELECT user_id, first_name FROM students WHERE username='$u' AND password=PASSWORD('$p')";
$result = @mysql_query ($query);
$row = mysql_fetch_array ($result, MYSQL_NUM);
if ($row) {
$_SESSION['first_name'] = $row[1];
$_SESSION['user_id'] = $row[0];
ob_end_clean();
header ("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/viewuser.php ?
uid=$row['user_id]}""); exit();
} else {
echo '<p><font color="red" size="+1">The username and password entered do not match those on
file.</font></p>'; } mysql_close();
} else {
echo '<p><font color="red" size="+1">Please try again.</font></p>'; } } <h1>Login</h1>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<fieldset>
<p><b>User Name:</b> <input type="text"
name="username" size="10" maxlength="20" value="<?php if (isset($_POST['username'])) echo $_POST['username']; ?>" /></p>
<p><b>Password:</b> <input type="password" name="password" size="20" maxlength="20" /></p>
<div align="center"><input
type="submit" name="submit" value="Login" /></div>
</form><!-- End of Form -->
?>
is the program correct please help<?php
require_once('../mysql_connect.php');
if (!isset($_SESSION[first_name']))
{
header("location:http//".$_SERVER['HTTP_HOST']. dirname(PHP_SELF]).login.php");
ob_end-clean();
exit();
}
else
if (isset($_GET['uid']))
{
$query="select fname,subjects from teachers where user_id={$GET['uid']}
$results=@mysql_query($query);
if (mysql_affected_row()==1)
{
echo'{name $row['fname']}'<br>
echo'{subject $row['subject']}'<br>
}
// i have not joined table for simplicity now
$query1="select lecture,question from lec_table where user_id={$GET['uid']}
$results=@mysql_query($query1);
if (mysql_affected_row()==1)
{
echo'{name $row['lecture']}'<br>
echo'{subject $row['question']}'<br>
}
else
{
echo'no such no lectures';
}
else
{
echo' no such teacher';
echo '<a href=/"results.php ? uid={$row ['id'}}\">results</a>'
echo '<a href=/"notes.php ? uid={$row ['id'}}\">notes</a>'
mysql_close();
else
{
echo'system error';
exit
}
?>
thanks
rami
[/quote]