hi coding help geting a row form sql then printing

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
reecec
Forum Contributor
Posts: 218
Joined: Sun Apr 02, 2006 7:12 am

hi coding help geting a row form sql then printing

Post by reecec »

hi

where it says get user id i need it to get the value of priv from my table from the same row as the user like the get user id that finds form username to get the row the problem is wher i have writen in caps down below i want the value of priv to be the url it goes to (in priv i have the urls set up for each user)

Code: Select all

// get users id
$getid = "SELECT * FROM $dbtable WHERE username='".$user."' LIMIT 1";
$getidexec = mysql_query($getid);
while($r=mysql_fetch_array($getidexec)){
$userid = $r[userid];
}

// set a cookie
setcookie("userid", "$userid", time()+3600, "/", "", 0 );
echo "You have successfuly loged in! Welcome, $user .<br><br><a href=\"(THIS SHOULD LINK TO A URL THE URL IS IN THE DATABASE on a row called priv i want it to find that and then it would be put here si it would go to it \">Continue...</a>";
sorry if i have worded this badly it was hard to explain

thanks in advance

reece :D
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

where it says get user id i need it to get the value of priv from my table from the same row as the user like the get user id that finds form username to get the row the problem is wher i have writen in caps down below i want the value of priv to be the url it goes to (in priv i have the urls set up for each user)
sorry if i have worded this badly it was hard to explain
You betcha. Let's see:

* where it says get user id = so the code change is happening there?
* i need it (the script) to get the value of priv (a column name I suppose) from my table from the same row as the user like the get user id that finds form username to get the row = I need to get the value of `priv` for a certain user id/username
* the problem is = you should have put a period before this! ;-)
* where i have written in caps down below = much easier way to state this is I would like to link to the url described in `priv`
* your authentication system seems fairly weak

This seems fairly easy to do. Priv is stored in $r['priv'].

A few notes: quote your indices, so $r[userid] becomes $r['userid']. Also, make sure you used mysql_real_escape_string on $user so that you can't get an sql injection. Finally, since you expect only one row to be returned, the while loop is unnecessary. Don't interpolate ("$userid") where it's unnecesary either. New code should look like (untested):

Code: Select all

// get information on user
$mysql_user = mysql_real_escape_string($user)
$query= "SELECT `user`, `priv` FROM `$dbtable` WHERE username='$mysql_user' LIMIT 1";
$rs = mysql_query($query);
$result = mysql_fetch_array($rs);
$userid = $result['userid'];
$priv = $result['priv'];

$html_user = htmlentities($user);
setcookie('userid', $userid, time() + 3600, '/', '', 0);
echo "You have successfuly loged in! Welcome, $html_user .<br><br><a href=\"$priv\">Continue...</a>";
reecec
Forum Contributor
Posts: 218
Joined: Sun Apr 02, 2006 7:12 am

hi

Post by reecec »

hi thanks for helping you seem to know what your doing lol

Parse error: parse error, unexpected T_VARIABLE in /home/www/reece.awardspace.co.uk/login.php on line 47

thanks alot

sorry i dont think i gave you full code as the error is higher up i have put line 47 in caps


Code: Select all

// search database to check for user
$request = "SELECT * FROM $dbtable WHERE password='".$pass."' AND username='".$user."'";

// hand over the request
$results = mysql_query($request);
ERROR HERE THIS IS LINE 47
// if mysql returns any number of rows great than 0 then there is a succesful login
if(mysql_num_rows($results))
{
// get information on user
$mysql_user = mysql_real_escape_string($user)
$query= "SELECT `user`, `priv` FROM `$dbtable` WHERE username='$mysql_user' LIMIT 1";
$rs = mysql_query($query);
$result = mysql_fetch_array($rs);
$userid = $result['userid'];
$priv = $result['priv'];

$html_user = htmlentities($user);
setcookie('userid', $userid, time() + 3600, '/', '', 0);
echo "You have successfuly loged in! Welcome, $html_user .<br><br><a href=\"$priv\">Continue...</a>"; 
}

thanks for your time
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

$mysql_user = mysql_real_escape_string($user);

you forgot that semicolon :wink:
reecec
Forum Contributor
Posts: 218
Joined: Sun Apr 02, 2006 7:12 am

Post by reecec »

thanks that sorted that error moved further down the page now to a line 47 to 49 and 54 errors sorry to be a pain
here is the error



Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/www/reece.awardspace.co.uk/login.php on line 49

Warning: Cannot modify header information - headers already sent by (output started at /home/www/reece.awardspace.co.uk/login.php:1) in /home/www/reece.awardspace.co.uk/login.php on line 54
You have successfuly loged in! Welcome, reece .

Continue...


Code: Select all

// search database to check for user
$request = "SELECT * FROM $dbtable WHERE password='".$pass."' AND username='".$user."'";

// hand over the request
$results = mysql_query($request);

// if mysql returns any number of rows great than 0 then there is a succesful login
if(mysql_num_rows($results))
{
// get information on user
$mysql_user = mysql_real_escape_string($user);
$query= "SELECT `user`, `priv` FROM `$dbtable` WHERE username='$mysql_user' LIMIT 1";
$rs = mysql_query($query);
$result = mysql_fetch_array($rs);
$userid = $result['userid'];
$priv = $result['priv'];

$html_user = htmlentities($user);
setcookie('userid', $userid, time() + 3600, '/', '', 0);
echo "You have successfuly loged in! Welcome, $html_user .<br><br><a href=\"$priv\">Continue...</a>"; 
}

thanks very much to all that help
Post Reply