How to access specific mySQL data rows and columns after logging in?

Question

This script below is what I'm using to check to see if the user name and password is in my database. This is fine, what I want is now to stay within the row that username and password is found in. In the same row under different columns is more information about the user. I would like to display some of this information in various divs. Not all of it. Examples of the columns other than Password and Email would be "FirstName" and "LastName"

There is also an "Id" column it would be great to be able to do something like "you are logged in, you are Id 10101 and then display FirstName and LastName from current Id.

<?
session_start();
//then do rest of the stuffs//
?>

<?php


if (!isset($_POST['submit'])){
?>


<!-- The HTML login form -->
<form action="<?=$_SERVER['PHP_SELF']?>" method="post">
    Email: <input type="text" name="Email" /><br />
    Password: <input type="password" name="Password" /><br />

    <input type="submit" name="submit" value="Login" />
  </form>
<?php


} else {

require_once("db_const.php");
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
# check connection
if ($mysqli->connect_errno) {
    echo "<p>MySQL error no {$mysqli->connect_errno} : {$mysqli->connect_error}</p>";
    exit();
}

$Email = $_POST['Email'];
$Password = $_POST['Password'];


$sql = "SELECT * from stores_db WHERE Email = '{$Email}' AND Password = '{$Password}'   LIMIT 1";
$result = $mysqli->query($sql);
if (!$result->num_rows == 1) 
{
echo "<p>Invalid Email or Password combination</p>";
} 
else
{

$recordset = mysqli_fetch_array($result);

$temp_firstname=$recordset['FirstName'];  


$temp_lasttname=$recordset['LastName'];

$temp_id=$recordset['Id'];

$_SESSION['user_id']=$temp_id;

header("location:homepage.php");     //  direct to your page to show

}

}
?>

Code on homepage.php

 <?php

 session_start(); echo $_SESSION['user_id']; //to display the id of the logged in user

 ?>

Also check your code, is vulnerable to [SQL Injection](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?lq=1) — mTorres, Aug 12 '14 at 09:35
Attempting to create sessions. Any help would be greatly appreciated. — user3889508, Aug 12 '14 at 09:37
Simply the code above logs a user into their specific row in my table. I want to be able to display information from the user's row back to them. Also I believe that this is not that secure any advice or changes to code in this line would be appreciated as well. — user3889508, Aug 12 '14 at 09:44
I updated the question with the most recent code. My issue is that the headers are being sent before the line "header("location:homepage.php");" — user3889508, Aug 12 '14 at 11:27

score 1 · Answer 1 · answered Aug 12 '14 at 09:41

1

$sql = "SELECT * from stores_db WHERE Email LIKE '{$Email}' AND Password LIKE '{$Password}'   LIMIT 1";
$result = $mysqli->query($sql);
if (!$result->num_rows == 1) 
{
echo "<p>Invalid username/password combination</p>";
} 
else
{
echo "<p>Logged in successfully</p>";


$recordset = mysqli_fetch_array($result);

$temp_firstname=$recordset['FirstName'];  
// storing firstname on a variable

$temp_lasttname=$recordset['LastName'];

$temp_id=$recordset['id'];

$_SESSION['user_id']=$temp_id;

header("location:homepage.php");     //  direct to your page to show


}

After Doing this,

write

session_start(); echo $_SESSION['user_id']; //to diplay the id of the logged in user

in the page to be foolowed

answered Aug 12 '14 at 09:41

Bhumin Vadalia

271
1
5

Sadly I keep getting this error. "Undefined index: user_id in /users/homepage.php on line 2" This line is "session_start(); echo $_SESSION['user_id'];" – user3889508 Aug 12 '14 at 10:03
This is because the session has not been initialized. Write session_start(); in the login page also..at the top.. – Bhumin Vadalia Aug 12 '14 at 10:09
I edited my question above to show the current code. I assed session)start(); However I keep getting warnings about "Cannot send session cache limiter - headers already sent" and Warning: Cannot modify header information - headers already sent" directing towards lines session_start(); and header("location:homepage.php"); – user3889508 Aug 12 '14 at 10:21
@user3889508 kindly put session_start() at the top of the page and check. – Riyaz Aug 12 '14 at 10:28
session_start() [function.session-start]: Cannot send session cache limiter - headers already sent...... This is the warning I'm getting then on the login page above the text fill boxes. This is current version is now the question with the start session at the top. – user3889508 Aug 12 '14 at 10:31

score 1 · Answer 2 · answered Aug 12 '14 at 10:36

1

"Headers already sent" means that your PHP script already sent the HTTP headers, and as such it can't make modifications to them now.Check that you don't send ANY content before calling session_start. Better yet, just make session_start the first thing you do in your PHP file (so put it at the absolute beginning, before all HTML etc).

<? session_start();//at the top most //then do rest of the stuffs// ?>

answered Aug 12 '14 at 10:36

Riyaz

139
11

Current question code is accurate to what I have. It says I've sent my headers somewhere before the line "header("location:homepage.php");" I cannot see where. – user3889508 Aug 12 '14 at 10:48
Actually it's not solved. I can't direct to the new page without the warning that headers are already sent – user3889508 Aug 12 '14 at 11:04

user3889508 · Accepted Answer · 2014-08-12T11:38:26.717

<?
session_start();


if (!isset($_POST['submit'])){
?>


<!-- The HTML login form -->
<form action="<?=$_SERVER['PHP_SELF']?>" method="post">
    Email: <input type="text" name="Email" /><br />
    Password: <input type="password" name="Password" /><br />

    <input type="submit" name="submit" value="Login" onclick="" />
</form>



<?php


} else {

require_once("db_const.php");
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
# check connection
if ($mysqli->connect_errno) {
    echo "<p>MySQL error no {$mysqli->connect_errno} : {$mysqli->connect_error} </p>";
    exit();
}

$Email = $_POST['Email'];
$Password = $_POST['Password'];


$sql = "SELECT * from stores_db WHERE Email = '{$Email}' AND Password = '{$Password}'   LIMIT 1";
$result = $mysqli->query($sql);
if (!$result->num_rows == 1) 
{
echo "<p>Invalid Email or Password combination</p>";
} 
else
{

$recordset = mysqli_fetch_array($result);

$temp_firstname=$recordset['FirstName'];  

$temp_lasttname=$recordset['LastName'];

$temp_id=$recordset['Id'];

$_SESSION['user_id']=$temp_id;
$_SESSION['lastname']=$temp_lasttname;
$_SESSION['firstname']=$temp_firstname;

header("location:homepage.php");     //  direct to your page to show


}


}
?>

Code on homepage.php

<?php

session_start(); echo $_SESSION['user_id']; //to display the id of the logged in user

 ?>

Don't even know.. This page will always redirect to homepage.php, no matter what — DarkBee, Aug 12 '14 at 10:57
Correct, I updated the question with the most recent code. My issue is that the headers are being sent before the line "header("location:homepage.php");" Can't find my error.. — user3889508, Aug 12 '14 at 11:31
put `ob_start();` behind session start and `echo ob_get_clean();` on the last — DarkBee, Aug 12 '14 at 11:35

How to access specific mySQL data rows and columns after logging in?

3 Answers3