$Name data not making into database

webguync

<?php
ini_set("display_errors","1");
ERROR_REPORTING(E_ALL);
session_start();
$con = mysql_connect("localhost","username","pw") or die('Could not connect: ' . mysql_error());

mysql_select_db("DBName") or die(mysql_error());


// Same checking stuff all over again.
if(isset($_POST['submit'])) {
   if(empty($_POST['username']) || empty($_POST['password']) ) {
    echo "<h2 style='color:#0080b2;font-weight:bold;font-family:arial, helvetica, sans-serif;font-size:'14px';>Please fill in both your username and password to access your exam results.</h2>";
      echo "<meta http-equiv='refresh' content='5; url=ExamLogin.php'>";
                exit;
   }
   // Create the variables again.

   $username = mysql_real_escape_string($_POST['username']);
   $password = $_POST['password'];

   // Encrypt the password again with the md5 hash. 
   // This way the password is now the same as the password inside the database.
   //$pwid = md5($pwid);

   // Store the SQL query inside a variable. 
   // ONLY the username you have filled in is retrieved from the database.
   $query = "SELECT username,password,name
           FROM   Editor_Candidates
           WHERE
           password = '$password'
           AND
           username='$username'";

   $result = mysql_query($query) or die(mysql_error());
   if(mysql_num_rows($result) == 0) { 
      // Gives an error if the username/pw given does not exist.
      // or if something else is wrong.
     echo "<h2 style='color:#0080b2;font-weight:bold;font-family:arial, helvetica, sans-serif;font-size:'14px';>You have entered a username or password that does not match our database records. please try again. You will be redirected back to the login screen in 5 seconds.</h2> " . mysql_error();
echo "<meta http-equiv='refresh' content='5; url=EditorLogin.php'>";
exit();
/*
this would benefit from a redirect to a page giving better information to
the user and maybe logging some errors.
*/
   } else {
      // Now create an object from the data you've retrieved.
      $row = mysql_fetch_object($result);
      // You've now created an object containing the data.
      // You can call data by using -> after $row.
      // For example now the password is checked if they're equal.

  // By storing data inside the $_SESSION superglobal,
  // you stay logged in until you close your browser.

   $_SESSION['name'] = $row->name;
     $_SESSION['username'] = $username;
      $_SESSION['sid'] = session_id(); 
      // Make it more secure by storing the user's IP address.
      $_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
      // Now give the success message.
      // $_SESSION['username'] should print out your username.

//move this to after your redirect further below..
//Update record with current time IF the account has never logged in before
echo "
$query = "UPDATE `Editor_Candidates`
          SET `login_timestamp` = NOW()
          WHERE `username` = '$username'
            AND `password` = '$password'
            AND login_timestamp = '';"; 
";
$result = mysql_query($query) or die(mysql_error()); 

//Check if query ran succesfully

   }
}

// Start a session. If not logged in will be redirected back to login screen.

if(!isset($_SESSION['username'])){
header("Location:EditorLogin.php");
exit;
}
echo "<div id='welcome'><h3>Welcome! You are now logged in " . $_SESSION['name'] . "</h3>";


?>

this works well enough, and also on this page (test.php), I have another form where the user submits information into a MySQL database. Their is a field set up for $name, but this info isn't carrying over into the database. The submit code is:

<?php
session_start();
 $_SESSION['name'] = $row->name;
$con = mysql_connect("localhost","username","pw") or die('Could not connect: ' . mysql_error());
mysql_select_db("ETSI_Internal") or die(mysql_error());
$name = $_SESSION['name'];
$name=mysql_real_escape_string($_POST['name']); //This value has to be the same as in the HTML form file
$A1=mysql_real_escape_string($_POST['Answer1']); //This value has to be the same as in the HTML form file
$A2=mysql_real_escape_string($_POST['Answer2']); //This value has to be the same as in the HTML form file
$A3=mysql_real_escape_string($_POST['Answer3']); //This value has to be the same as in the HTML form file
$A4=mysql_real_escape_string($_POST['Answer4']); //This value has to be the same as in the HTML form file
$A5=mysql_real_escape_string($_POST['Answer5']); //This value has to be the same as in the HTML form file
$A6=mysql_real_escape_string($_POST['Answer6']); //This value has to be the same as in the HTML form file
$A7=mysql_real_escape_string($_POST['Answer7']); //This value has to be the same as in the HTML form file
$A8=mysql_real_escape_string($_POST['Answer8']); //This value has to be the same as in the HTML form file
$A9=mysql_real_escape_string($_POST['Answer9']); //This value has to be the same as in the HTML form file
$sql="INSERT INTO Responses (name,Answer1,Answer2,Answer3,Answer4,Answer5,Answer6,Answer7,Answer8,Answer9) VALUES ('$name','$A1','$A2','$A3','$A4','$A5','$A6','$A7','$A8','$A9')"; /*form_data is the name of the MySQL table where the form data will be saved.
name and email are the respective table fields*/
if (!mysql_query($sql,$con)) {
 die('Error: ' . mysql_error());
}
echo "The answer was submitted successfully";
mysql_close($con);
?>

halojoy

I can only think you should
check your HTML post-form
is really sending an input field name="name"
And this would be what gets into actionpage as $_POST['name']

webguync

well that is the thing. There never is an input field for name just what is below. Name is retrieved from the SQL query in test.php. Do I need to add a hidden field for name?


<form enctype="multipart/form-data" method="post" action="test.php">

<label for="username">Username (email address): </label><br />
<input type="text" name="username" id="username"><br />
<label for="password">Password<br /> (you should have been given this): </label><br />
<input type="password" name="password" id="password"><br />

<input class="submit" type="submit" name="submit" value="Log In" />
</form>

webguync

just a quick update. I tried printing out the name variable on the submit page after the form is submitting, and it does not. So apparently the value of the name SESSION variable is is not holding through to this page.

<?php
session_start();
 $_SESSION['name'] = $row->name;
$con = mysql_connect("localhost","username","password") or die('Could not connect: ' . mysql_error());
mysql_select_db("ETSI_Internal") or die(mysql_error());
$name = $_SESSION['name'];
$name=mysql_real_escape_string($_POST['name']); //This value has to be the same as in the HTML form file
$A1=mysql_real_escape_string($_POST['Answer1']); //This value has to be the same as in the HTML form file
$A2=mysql_real_escape_string($_POST['Answer2']); //This value has to be the same as in the HTML form file
$A3=mysql_real_escape_string($_POST['Answer3']); //This value has to be the same as in the HTML form file
$A4=mysql_real_escape_string($_POST['Answer4']); //This value has to be the same as in the HTML form file
$A5=mysql_real_escape_string($_POST['Answer5']); //This value has to be the same as in the HTML form file
$A6=mysql_real_escape_string($_POST['Answer6']); //This value has to be the same as in the HTML form file
$A7=mysql_real_escape_string($_POST['Answer7']); //This value has to be the same as in the HTML form file
$A8=mysql_real_escape_string($_POST['Answer8']); //This value has to be the same as in the HTML form file
$A9=mysql_real_escape_string($_POST['Answer9']); //This value has to be the same as in the HTML form file
$sql="INSERT INTO Responses (name,Answer1,Answer2,Answer3,Answer4,Answer5,Answer6,Answer7,Answer8,Answer9) VALUES ('$name','$A1','$A2','$A3','$A4','$A5','$A6','$A7','$A8','$A9')"; /*form_data is the name of the MySQL table where the form data will be saved.
name and email are the respective table fields*/
if (!mysql_query($sql,$con)) {
 die('Error: ' . mysql_error());
}
echo "The answer was submitted successfully" . $_SESSION['name'] . "";
mysql_close($con);
?>