Page 1 of 1

hi coding help geting a row form sql then printing

Posted: Mon Apr 03, 2006 12:45 pm
by reecec
hi

where it says get user id i need it to get the value of priv from my table from the same row as the user like the get user id that finds form username to get the row the problem is wher i have writen in caps down below i want the value of priv to be the url it goes to (in priv i have the urls set up for each user)

Code: Select all

// get users id
$getid = "SELECT * FROM $dbtable WHERE username='".$user."' LIMIT 1";
$getidexec = mysql_query($getid);
while($r=mysql_fetch_array($getidexec)){
$userid = $r[userid];
}

// set a cookie
setcookie("userid", "$userid", time()+3600, "/", "", 0 );
echo "You have successfuly loged in! Welcome, $user .<br><br><a href=\"(THIS SHOULD LINK TO A URL THE URL IS IN THE DATABASE on a row called priv i want it to find that and then it would be put here si it would go to it \">Continue...</a>";
sorry if i have worded this badly it was hard to explain

thanks in advance

reece :D

Posted: Mon Apr 03, 2006 9:28 pm
by Ambush Commander
where it says get user id i need it to get the value of priv from my table from the same row as the user like the get user id that finds form username to get the row the problem is wher i have writen in caps down below i want the value of priv to be the url it goes to (in priv i have the urls set up for each user)
sorry if i have worded this badly it was hard to explain
You betcha. Let's see:

* where it says get user id = so the code change is happening there?
* i need it (the script) to get the value of priv (a column name I suppose) from my table from the same row as the user like the get user id that finds form username to get the row = I need to get the value of `priv` for a certain user id/username
* the problem is = you should have put a period before this! ;-)
* where i have written in caps down below = much easier way to state this is I would like to link to the url described in `priv`
* your authentication system seems fairly weak

This seems fairly easy to do. Priv is stored in $r['priv'].

A few notes: quote your indices, so $r[userid] becomes $r['userid']. Also, make sure you used mysql_real_escape_string on $user so that you can't get an sql injection. Finally, since you expect only one row to be returned, the while loop is unnecessary. Don't interpolate ("$userid") where it's unnecesary either. New code should look like (untested):

Code: Select all

// get information on user
$mysql_user = mysql_real_escape_string($user)
$query= "SELECT `user`, `priv` FROM `$dbtable` WHERE username='$mysql_user' LIMIT 1";
$rs = mysql_query($query);
$result = mysql_fetch_array($rs);
$userid = $result['userid'];
$priv = $result['priv'];

$html_user = htmlentities($user);
setcookie('userid', $userid, time() + 3600, '/', '', 0);
echo "You have successfuly loged in! Welcome, $html_user .<br><br><a href=\"$priv\">Continue...</a>";

hi

Posted: Tue Apr 04, 2006 1:03 pm
by reecec
hi thanks for helping you seem to know what your doing lol

Parse error: parse error, unexpected T_VARIABLE in /home/www/reece.awardspace.co.uk/login.php on line 47

thanks alot

sorry i dont think i gave you full code as the error is higher up i have put line 47 in caps


Code: Select all

// search database to check for user
$request = "SELECT * FROM $dbtable WHERE password='".$pass."' AND username='".$user."'";

// hand over the request
$results = mysql_query($request);
ERROR HERE THIS IS LINE 47
// if mysql returns any number of rows great than 0 then there is a succesful login
if(mysql_num_rows($results))
{
// get information on user
$mysql_user = mysql_real_escape_string($user)
$query= "SELECT `user`, `priv` FROM `$dbtable` WHERE username='$mysql_user' LIMIT 1";
$rs = mysql_query($query);
$result = mysql_fetch_array($rs);
$userid = $result['userid'];
$priv = $result['priv'];

$html_user = htmlentities($user);
setcookie('userid', $userid, time() + 3600, '/', '', 0);
echo "You have successfuly loged in! Welcome, $html_user .<br><br><a href=\"$priv\">Continue...</a>"; 
}

thanks for your time

Posted: Tue Apr 04, 2006 1:28 pm
by John Cartwright
$mysql_user = mysql_real_escape_string($user);

you forgot that semicolon :wink:

Posted: Tue Apr 04, 2006 4:04 pm
by reecec
thanks that sorted that error moved further down the page now to a line 47 to 49 and 54 errors sorry to be a pain
here is the error



Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/www/reece.awardspace.co.uk/login.php on line 49

Warning: Cannot modify header information - headers already sent by (output started at /home/www/reece.awardspace.co.uk/login.php:1) in /home/www/reece.awardspace.co.uk/login.php on line 54
You have successfuly loged in! Welcome, reece .

Continue...


Code: Select all

// search database to check for user
$request = "SELECT * FROM $dbtable WHERE password='".$pass."' AND username='".$user."'";

// hand over the request
$results = mysql_query($request);

// if mysql returns any number of rows great than 0 then there is a succesful login
if(mysql_num_rows($results))
{
// get information on user
$mysql_user = mysql_real_escape_string($user);
$query= "SELECT `user`, `priv` FROM `$dbtable` WHERE username='$mysql_user' LIMIT 1";
$rs = mysql_query($query);
$result = mysql_fetch_array($rs);
$userid = $result['userid'];
$priv = $result['priv'];

$html_user = htmlentities($user);
setcookie('userid', $userid, time() + 3600, '/', '', 0);
echo "You have successfuly loged in! Welcome, $html_user .<br><br><a href=\"$priv\">Continue...</a>"; 
}

thanks very much to all that help