[RESOLVED] username = username

jerrylouise

$sql = mysql_query("SELECT * FROM users WHERE $session->username = username");

Trying to compare two values that are text to load my results. Basically it will compare the session username with the username in the database and output the data form the table if they match. Problem is it dosnt seem to be getting the results and are erroring out

ERROR:

Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/fhlinux168/d/dev.cossycomforts.com/user/htdocs/includes-blocks/profile.php on line 9

TimmacJa_k

Hi if you disocovered how to resolve your problem would you mind sharing. As I have a similiar one.

I know basics, but cannot seem to get this to work. Basically I have a session started. Where a user log's in with a username and password. So these are stored as a $_Session. So I am able to use this stored session data to display the current user's 'username'.

But I am unable to select and display data that exists in the database, based upon the logged in username.

Here is an example I've tried. The session is started in the header. There are no error's....It just print's nothing but the '-'.

<?php 
		  mysql_connect("localhost", "", "") or die(mysql_error());
		  mysql_select_db("mydatabase") or die(mysql_error());
		  $myusername = $_SESSION['username'];
		  $result =mysql_query("SELECT * FROM `mytable` WHERE `username` LIKE '$myusername'");

	  $row = mysql_fetch_array( $result);
	  print $row['surname']." - ".$row['Title'];

?>

Appreciate any comment's
Tim

big_nerd

TimmacJa(k:

You should start a new thread for a new question as it is odd that someone will come in to help.

Here is a suggestion none the less:

<?php
error_reporting(E_ALL);
ini_set("display_errors",1);

      mysql_connect("localhost", "", "") or die(mysql_error()); 
      mysql_select_db("mydatabase") or die(mysql_error()); 
      if (empty($_SESSION['username']) {
		echo "Not Logged in Or cant Find you in session data";
      } else {
		$uname = $_SESSION['username'];
		$result = mysql_query("SELECT DISTINCT * FROM `mytable` WHERE `username` = '$uname' ";
		if (mysql_num_rows($result) > 0) {
			$array_data = mysql_fetch_assoc($result);
			echo $array_data['surname']."-".$array_data['title'];
		} else {
			echo "Could Not Find Username $uname";
		} // end if num rows
      } // end if empty session

?>

You shouldn't use the "LIKE" clause when checking for usernames. If they were logged in and verified, then the username would be identical to the one found in the database otherwise they would not be logged in to begin with.

Also, when attempting to diagnose an issue, put in some error handling. This way you can see exactly what is going on.

You can take out the lines:
error_reporting(E_ALL);
ini_set("display_errors",1);

Once you have figured out what the issue is, that will display ALL errors and notices.

You can also do stuff like:

$result =mysql_query("SELECT * FROM `mytable` WHERE `username` LIKE '$myusername'") or die (mysql_error());

TimmacJa_k

Hi Big.Nerd,
Thankyou so much for your response. I've tried implementing and adjusting (to suite) your code, but I just get a parse error everytime on the line...

if (empty($_SESSION['myusername']) {

Im wondering if this has something to do with my setting up of the $SESSIONS, but like I said I'm able to echo out $SESSION['myusername'] on all pages where I...

<? require_once("Include/sessions.php"); ?>

I can't seem to get rid of the parse error.

This is the included file that initially sets up the sessions and is required on each page...if that helps

<?php 
$host="localhost"; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name="mydatabase"; // Database name
$tbl_name="mytable"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from signup form
$myusername=htmlentities($_POST['myusername']);
$mypassword=htmlentities($_POST['mypassword']);

$encrypted_mypassword=md5($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$encrypted_mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

$Welcome = "";
$Logout = ""; 
$LogoutIndex = ""; 
$Login = "";
$LoginIndex = "";
$WrongUser = "";
$email = "";

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"

session_start();


$_SESSION['myusername'] = " $myusername";
$_SESSION['Welcome'] = "$Welcome";
$_SESSION['Logout'] = "$Logout";
$_SESSION['LogoutIndex'] = "$LogoutIndex";
$_SESSION['SESSION'] = true;
$_SESSION['surname'] = $row['surname'];
$_SESSION['firstname'] = $row['firstname'];
$_SESSION['Title'] = $row['Title'];


header("");
}
else {
$incorrect = 'Incorrect Login, please try re-entering your username and password';
header( "" );

}

?>

Puzzled

Tim

bradgrafelman

The error in that if() statement would be a missing ')'.

Also:

Don't use [man]htmlentities/man on data you put in a SQL query, but rather use [man]mysql_real_escape_string/man. Otherwise, you're leaving yourself vulnerable to SQL injection attacks.
$row is never defined (ex. by calling [man]mysql_fetch_assoc/man).
You could add a "LIMIT 1" onto the end of your SQL for optimization purposes (since you only want a maximum of 1 row).
You would select only the surname, firstname, and Title columns instead of doing a "SELECT *" (again, optimization).

TimmacJa_k

I forgot to mention that I had already made this adjustment, but thanks for picking it up.

Any more ideas...
Thanks too for other advice.

tim