How can i use User and Password by $_session[] to search?

Question

I create images slider. It's must use user & password to run. Here is.

    <?
        include 'connect.php';
        $_session[user_login] = "zyxel";
        $_session[pass_login] = "12345";

    ?>
    <html>
    <head>
        <link rel="stylesheet" href="themes/default/default.css" type="text/css" media="screen" />
        <link rel="stylesheet" href="themes/light/light.css" type="text/css" media="screen" />
        <link rel="stylesheet" href="themes/dark/dark.css" type="text/css" media="screen" />
        <link rel="stylesheet" href="lib/nivo-slider.css" type="text/css" media="screen" />
        <link rel="stylesheet" href="lib/style.css" type="text/css" media="screen" />
    </head>
    <body>
     <div class="slider-wrapper theme-default">
                <div id="slider" class="nivoSlider">
        <?php
                    $sql1 = "SELECT gload1,gload2,gload3,gload4,gload5 FROM member WHERE $_session[user_login] AND $_session[pass_login]";
                    $result1 = mysql_query($sql1);
                    $arry1 = mysql_fetch_array($result1);
                    $a = 0;         
                    $b = 1;
                    $c = 2;
                    $d = 3;
                    $e = 4;
                    $f = 5;
                    $g = 6;
                    $h = 7;
                    $i = 8;
                    $j = 9;
            if(empty($arry1)){
                exit();
                }
            else {
                $index = array_search(max($arry1),$arry1);

            if($index == $a){
                            echo "<img src=images/01/01.jpg>";
                            echo "<img src=images/01/02.jpg>";
                            echo "<img src=images/01/03.jpg>";
                            echo "<img src=images/01/04.jpg>";
                        }else if($index == $b){
                                echo "<img src=images/02/01.jpg>";
                                echo "<img src=images/02/02.jpg>";
                                echo "<img src=images/03/03.jpg>";
                                echo "<img src=images/04/04.jpg>";
                                }else if($index == $c){
                                    echo "<img src=images/03/01.jpg>";
                                    echo "<img src=images/03/02.jpg>";
                                    echo "<img src=images/03/03.jpg>";
                                    echo "<img src=images/03/04.jpg>";
                                    }else if($index == $d){
                                        echo "<img src=images/04/01.jpg>";
                                        echo "<img src=images/04/02.jpg>";
                                        echo "<img src=images/04/03.jpg>";
                                        echo "<img src=images/04/04.jpg>";
                                        }else {exit();
}
?>
</body>
</html>

and error is : Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in line 21 [ $arry1 = mysql_fetch_array($result1);]

I known problem is in SQL !! Before this, i use [SELECT .... FROM member WHERE mid = '001';] and ,it's just show up. How can i fix that.

Thank for any answer.

Please **[format](http://meta.stackexchange.com/questions/22186/how-do-i-format-my-code-blocks) your question** with proper indentation. — Amal Murali, Sep 27 '13 at 17:56
why password in session anyway ? dont you have any ID after login? — zod, Sep 27 '13 at 17:58
There are so many things wrong with your code. First of all, `$_session` must be UPPERCASE to work, then `user_login` should be `'user_login'` (and you should be using `error_reporting = E_ALL` during development). Also... `$a`, ... `$j`? Holy FSM, why? — ThiefMaster, Sep 27 '13 at 17:59

Sumit Bijvani · Answer 1 · 2013-09-27T18:01:58.910

0

Problem in your SELECT query.. you didn't compare any values. like..

FROM member WHERE     $_session[user_login] AND     $_session[pass_login]
                  ^^^                           ^^^

Here you missing column name, also session variable must be in uppercase latters... try below query.

$sql1 = "SELECT gload1,gload2,gload3,gload4,gload5 FROM member WHERE mid = '".$_SESSION['user_login']."' AND password = '".$_SESSION['pass_login']."'";

Also at the top declaration of session variable is wrong, change it like

$_SESSION['user_login'] = "zyxel";
$_SESSION['pass_login'] = "12345";

edited Sep 27 '13 at 18:01

answered Sep 27 '13 at 17:56

Sumit Bijvani

8,154
17
50
82

Your welcome :) it will work – Sumit Bijvani Sep 27 '13 at 18:00
Yeah. awesome answer. Thank for wasting time. I'm just student. I hope someday i can help anyone like you. Thank a lot. – T2terBKK Sep 27 '13 at 18:03

score 0 · Accepted Answer · edited Jun 20 '20 at 09:12

There is a lot wrong here.

I would read the PHP Documentation before proceeding.

A few glaring issues are listed below:

Never store passwords in plain text. This is an assumption looking at the rest of your code.

$_SESSION; // a super global should always be capitalized.

Array keys:

$_SESSION['key'] = "value";

Escaping quotes

$foo['bar'] = "example";

echo "This is an " . $foo['bar'] . " of escaping quotes";

How can i use User and Password by $_session[] to search?

2 Answers2

I would read the PHP Documentation before proceeding.