noob needs help -- getting value from db to make cookie...

Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.

Moderator: General Moderators

Post Reply
Sinemacula
Forum Contributor
Posts: 110
Joined: Sat Feb 08, 2003 2:36 am
Location: San Jose, CA

noob needs help -- getting value from db to make cookie...

Post by Sinemacula »

I've searched the forums, but wasn't really sure what search terms to use... so I found some things to try, but haven't been able to solve my problem:

I am using an authentication system that uses php and mysql... it works fine as is, but I want to customize it a bit to add some additional functionality... currenlty, when a user logs in, cookies are created from what they enter (username and password), which I use to populate fields later when the user is filling out a series of forms... so far so good.

I want to add another cookie, using a value pulled from the authuser table, so that I can have that value available to populate a field in the later forms as well (so that the users don't have to keep inputting it with every form).

Here's what I've got (everything after //GET TEAM NAME is the code I've added to the script... ):

Code: Select all

// DB SETTINGS
$dbhost = "localhost";	// Change this to the proper DB Host name
$dbusername = "xxxx"; 	// Change this to the proper DB User
$dbpass = "xxxxxxxx";	// Change this to the proper DB User password
$dbname	= "testing"; 	// Change this to the proper DB Name
	

	// Use Sessions
	// NOTE: This will store the username and password entered by the user to the cookie
	// variables USERNAME and PASSWORD respectively even if the combination is correct or
	// not. Be sure to authenticate every page that you want to be secured and pass as 
	// parameters the variables USERNAME and PASSWORD.
	setcookie ("USERNAME", $_POSTї'username']);
	setcookie ("PASSWORD", $_POSTї'password']);
	
	$username = $_POSTї'username'];
	
	// GET TEAM NAME
	// this is where we get the team or usertype name for the user in order to create the cookie
	
	$db = mysql_pconnect($dbhost, $dbusername, $dbpass);
	if (!$db) { 
echo( "<p>Unable to connect to the " . 
"database server at this time.</p>" ); 
exit(); 
&#125;
	mysql_select_db($dbname, $db) or die( "Unable to select database");
	$sql = "SELECT team FROM authuser WHERE uname = ".$username."";
	$result = mysql_query ($sql, $db) or die(mysql_error());
	$row = mysql_fetch_array($result);
	setcookie ("USERTYPE", $row);
?>
The username and password cookies are set fine... but the usertype cookie that I'm trying to set with the value for the field "team" for the logged in user.

When I log in, this script is called (there's a lot more to it, that isn't relevant to this part of my problem)... and I'm getting the error:
Unknown column 'Tester1' in 'where clause'
Tester1 is the username I input in the login page.

The other thought I had was to add the query to get the value for "team" at the top of each form, and pass it to the form and it's db table that way, rather than by cookie... but I'm guessing I'll have the same problem.

I've been messing around with this for a couple of hours, and it's clear I don't know enough to fix this on my own... any suggestions?

Thanks,
Scott
Sinemacula
Forum Contributor
Posts: 110
Joined: Sat Feb 08, 2003 2:36 am
Location: San Jose, CA

That part's fixed...

Post by Sinemacula »

A little more messing around, and I managed to fix that problem, by adding the right kind of quotes... so now I've got:

Code: Select all

// DB SETTINGS
$dbhost = "localhost";	// Change this to the proper DB Host name
$dbusername = "root"; 	// Change this to the proper DB User
$dbpass = "mysqlharley";	// Change this to the proper DB User password
$dbname	= "testing"; 	// Change this to the proper DB Name

	// Use Sessions
	// NOTE: This will store the username and password entered by the user to the cookie
	// variables USERNAME and PASSWORD respectively even if the combination is correct or
	// not. Be sure to authenticate every page that you want to be secured and pass as 
	// parameters the variables USERNAME and PASSWORD.
	setcookie ("USERNAME", $_POST&#1111;'username']);
	setcookie ("PASSWORD", $_POST&#1111;'password']);
 
 
 $username = $_POST&#1111;'username'];
	
	// GET TEAM NAME
	// this is where we get the team or usertype name for the user in order to create the cookie
	
	$db = mysql_pconnect($dbhost, $dbusername, $dbpass);
	if (!$db) &#123; 
echo( "<p>Unable to connect to the " . 
"database server at this time.</p>" ); 
exit(); 
&#125;
	mysql_select_db($dbname, $db) or die( "Unable to select database");
	$result = mysql_query("SELECT `team` FROM `authuser` WHERE `uname` = '$username'")
	or die(mysql_error());
	$row = mysql_fetch_array($result);
	setcookie ("USERTYPE", $row&#1111;'team']); 
	
 
 //end set cookie for usertype
...and it's doing just what I wanted.

Now I have two more questions... one directly related, one not;

1. Would it be better to have the code that gets the value from the field "team" at the top of each form? Or is it fine as a cookie (especially since users have to have cookies enabled anyway to login)?

2. After the user fills in the form, it calls another script via POST - data.php - which inserts the data into the mysql database... so far so good... but I don't know how to put in an automatic redirect! I want the user to be automatically taken back to the page they are taken to immediately after login, which has the list of forms available, after hitting "submit" (ideally, I'd also like to figure out how to add sentence to that page like "Thank you for submitting Form X... you may choose another form or logout" -- such that it would only show when returning from completing a form, and not on initial login, and would change the Form name each time to be consistent with which form was completed). For now, I'd be happy with the redirect.

Thanks,
Scott
Post Reply