[RESOLVED] Cant' remember!!

trehy2006

Its been a while since i've used a mysql database with php

im using this page::

<?php include('includes/header.php'); 

//Retrieves account details and sets them as variables
$username=mysql_query("SELECT username FROM accounts WHERE uid='$userID'") or die('MySQL error - ' . mysql_error());
$email=mysql_query("SELECT email FROM accounts WHERE uid='$userID'") or die('MySQL error - ' . mysql_error());
?>

<img src="images/logo.gif" height="150" />
<?php include('includes/menu.php'); ?>

<div id="middle">
<dt id="welcometag">Welcome to MPanel: Account</dt>

<p>Edit your account settings below</p>
<form method="post" action="account.php" name="submit">
<?php echo"User ID:
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;
  <input name=\"userid\" maxlength=\"5\" readonly value=\"$userID\">
  <br />
User Name: &nbsp; &nbsp;&nbsp;&nbsp;
  <input name=\"username\" maxlength=\"255\" value=\"$username\">
  <br />
E-Mail Address:  <input maxlength=\"255\" size=\"50\" name=\"email\" value=\"$email\"><br /><br />
New Password: <input name=\"newpass1\" type=\"password\"><br>
Confirm it:&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;&nbsp;<input name=\"newpass2\" type=\"password\"><br />
  <br />
<input name=\"oldpass\" type=\"password\"><br /><font size=\"1\">To save any changes enter old password above</font><br /><br />
  <input name=\"submit\" value=\"Save\" type=\"submit\"><br />
  </form>";

if ($_POST['submit'] == "Save") {
print $_POST['userid'];
print $_POST['email'];
} ?>


</div>

</body>
</html>

where header.php connects to my database, and the $userID is set to 1

the table accounts has this info:

uid 	username 	password 	    email 	     account_type 
1       admin            password      admin@email.com          1

When i run the page i get username showing: Resource id #7
and email showing: Resource id #8

please help me! what am i doing wrong??

TIA
Rob

leatherback

something like:

if($result)
{
while($row = mysql_fetch_array($result))
  {
  echo $row[0];
  }
}

trehy2006

im sorry!?! what?!

Where is $result set? etc...
where would i put this code??

leatherback

I assumed that you had experience with php-mysql (As you point out, it has been a while..).

in short: the query you send to the database results in a reference to the records, stored in the $result variable. To actually show the individual values, you need to loop through this array. The structure I showed you does this.

bradgrafelman

Also, I would change this:

$username=mysql_query("SELECT username FROM accounts WHERE uid='$userID'") or die('MySQL error - ' . mysql_error()); 
$email=mysql_query("SELECT email FROM accounts WHERE uid='$userID'") or die('MySQL error - ' . mysql_error());

to this:

$query=mysql_query("SELECT username, email FROM accounts WHERE uid=$userID LIMIT 1") or die('MySQL error - ' . mysql_error());
$data = mysql_fetch_assoc($query);
echo "Your username is: " . $data['username'];

Why? Few reasons:

Why query the database twice when you can query it once? Takes less time and resources.
If 'uid' is a numeric column (which it sounds like it should be... probably should be a primary key, too) then you shouldn't enclose its values in quotes. As you can see, in my query I've removed the quotes.
I hope you're sanitizing $userID (where is that even defined?) e.g. using [man]intval/man or at the very least [man]mysql_real_escape_string/man/[man]addslashes/man... else you're vulnerable to SQL injection attacks.
There's only 1 unique row for every 'uid' right? In other words, you don't expect to retrieve multiple users that have the same 'uid' value. As such, I added a "LIMIT 1" onto the end of your query, since MySQL doesn't need to worry about finding more than 1 row in the table.

trehy2006

bradgrafelman wrote:
Also, I would change this:
$username=mysql_query("SELECT username FROM accounts WHERE uid='$userID'") or die('MySQL error - ' . mysql_error()); 
$email=mysql_query("SELECT email FROM accounts WHERE uid='$userID'") or die('MySQL error - ' . mysql_error()); 
to this:
$query=mysql_query("SELECT username, email FROM accounts WHERE uid=$userID LIMIT 1") or die('MySQL error - ' . mysql_error());
$data = mysql_fetch_assoc($query);
echo "Your username is: " . $data['username'];
Why? Few reasons:

Why query the database twice when you can query it once? Takes less time and resources.

If 'uid' is a numeric column (which it sounds like it should be... probably should be a primary key, too) then you shouldn't enclose its values in quotes. As you can see, in my query I've removed the quotes.

I hope you're sanitizing $userID (where is that even defined?) e.g. using [man]intval/man or at the very least [man]mysql_real_escape_string/man/[man]addslashes/man... else you're vulnerable to SQL injection attacks.

There's only 1 unique row for every 'uid' right? In other words, you don't expect to retrieve multiple users that have the same 'uid' value. As such, I added a "LIMIT 1" onto the end of your query, since MySQL doesn't need to worry about finding more than 1 row in the table.

Thank you, yes why query twice?!
As i'm still building the script locally $userID is just set in the config.php file temorarily, as the login etc. hasn't been compiled yet.

anyway thanks to both of you as i now have this working.