skip to Main Content

I am new in PHP so I’m still learning by trying codes available from the web. I created a login and its working . The problem is on the next page the login user should view his/her image, IDnumber and lastname,firstname, middlename but then it displays all the data in mysql: IDNumber and lastname,firstname, middlename of every column. —–It should only show the user who logged in

Onlineenrollment.php

CREATE TABLE IF NOT EXISTS `student` (
  `IDNumber` int(7) NOT NULL,
  `password` varchar(15) NOT NULL,
  `lastname` varchar(15) NOT NULL,
`firstname` varchar(20) NOT NULL,
`middlename` varchar(15) NOT NULL,
`course` varchar(7) NOT NULL,
`year` enum('1','2','3','4') NOT NULL,
`gender` enum('Male','Female') NOT NULL,
`address` varchar(45) NOT NULL,
`birthdate` varchar(45) NOT NULL,
`contactNumber` varchar(45) DEFAULT NULL,
`email` varchar(45) DEFAULT NULL,
`guardian` varchar(45) NOT NULL,
`image` blob NOT NULL,
PRIMARY KEY (`IDNumber`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

INSERT INTO `student` (`IDNumber`, `password`, `lastname`, `firstname`, `middlename`, `course`, `year`, `gender`, `address`, `birthdate`, `contactNumber`, `email`, `guardian`, `image`) VALUES
(2114567, 'pamisabel', 'Agpalo', 'Gianna', 'Casabar', 'BSIT', '1', 'Female', 'T. Alonzo St.', '12/20/93', '99999999', '[email protected]', 'you', '');

INSERT INTO `student` (`IDNumber`, `password`, `lastname`, `firstname`, `middlename`, `course`, `year`, `gender`, `address`, `birthdate`, `contactNumber`, `email`, `guardian`, `image`) VALUES
(2116782, 'jak', 'Batoon', 'Kai', 'Seo', 'BSIT', '1', 'Female', 'Alonzo St.', '12/20/93', '99999999', '[email protected]', 'you', '');

login.php

<?php
//Start session
session_start();    
//Unset the variables stored in session
unset($_SESSION['SESS_MEMBER_ID']);
unset($_SESSION['SESS_FIRST_NAME']);
unset($_SESSION['SESS_LAST_NAME']);?>
<html>
            <form name="loginform" action="login_exec.php" method="post">
<tr>
<td colspan="2">
        <!--the code bellow is used to display the message of the input validation-->
     <?php
        if( isset($_SESSION['ERRMSG_ARR']) && is_array($_SESSION['ERRMSG_ARR']) && count($_SESSION['ERRMSG_ARR']) >0 ) {
        echo '<ul class="err">';
        foreach($_SESSION['ERRMSG_ARR'] as $msg) {
            echo '<li>',$msg,'</li>'; 
            }
        echo '</ul>';
        unset($_SESSION['ERRMSG_ARR']);
        }
    ?>
    </td>
     </tr>
        <aside class="sidebar big-sidebar right-sidebar">

                <ul>    
                    <h4>SIGN IN</h4>
                        <fieldset>
                            <form action="#" method="get">
                <td width="116"><div align="left">ID Number</div></td>
<td width="177"><input name="IDNumber" type="text" placeholder="ID Number"/>   </td>
<br>
</tr>
<tr>
<br>
        <td><div align="left">Password</div></td>
<td><input name="password" type="password" placeholder="Password" /></td>
</tr>
<tr>
<td><div align="left"></div></td>
<br>
<td><input name="" style="margin-left: 150px;" type="submit" value="login" class="formbutton"/></td>
 </tr>
</table>
 </html>

connection.php

<?php
$mysql_hostname = "localhost";
$mysql_user = "root";
$mysql_password = "";
$mysql_database = "onlineenrollment";
$bd = mysql_connect($mysql_hostname, $mysql_user, $mysql_password,$mysql_database ) or die("Could not connect database");
mysql_select_db($mysql_database, $bd) or die("Could not select database");?>

home.php – how will i make it get the login user only

    <?php 
    @mysql_connect('localhost','root','') or die(mysql_error());
    mysql_select_db('onlineenrollment')  or die(mysql_error());
    $strSQL = "SELECT * FROM student";

   // Execute the query (the recordset $rs contains the result)
$rs = mysql_query($strSQL);

// Loop the recordset $rs
// Each row will be made into an array ($row) using mysql_fetch_array
while($row = mysql_fetch_array($rs)) {

   // Write the value of the column FirstName (which is now in the array $row)
   echo $row['lastname'] ;
   echo $row['middlename'] ;
  echo $row['firstname'] . "<br />";
  echo $row['IDNumber'] . "<br />";
  }

// Close the database connection
mysql_close();
?>

3

Answers


  1. $strSQL = “SELECT * FROM student”;

    Instead of this use where condition Example.

    $strSQL = “SELECT * FROM student where IDNumber=2114567”;

    Then those particular details will be coming …in place of IDNumber=2114567(assign your textbox value here)

    Login or Signup to reply.
  2. The problem is there in your home.php file.

    You are querying the entire table named students. What you need to do is, just query the database for just one row corresponding to the loggined users unique ID number or any unique value ( Emails are a good way, but still using integers are more fast – as long as you have a unique ID field/Primary Key for the table ).

    I will direct you to the solution.Here are the steps.

    You should have access to the session variables in your home.php. For that, add session_start() at the first line ( after < ?php ).

    Now, assuming that as per your login.php, $_SESSION[‘SESS_MEMBER_ID’] is the variable which holds the loggined user’s ID. So let us assign it to a variable. $uid = $_SESSION[‘SESS_MEMBER_ID’]; .

    Let us just rewrite your query in home.php.

    $strSQL = “SELECT * FROM student”; should become $strSQL = “SELECT * FROM student WHERE IDNumber=”.$uid;
    [ I made a mistake in the above line. Forgot about the =. Edited as per the comments ]
    This query goes to your database and query for that single row, which contains your logged in user’s IDNumber as the value of IDNumber field in the table.

    On a serious note, DONT USE THIS CODE IN PRODUCTION PLEASE.

    Login or Signup to reply.
  3. You must set a WHERE clause in this query, you can use the information you created in the session variables.

    $strSQL = "SELECT * FROM student WHERE IDNumber = 'your_session_value'"; 
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search