1

I would like to ask how to display the information based username? I mean when I login, it will lead me to select data page. My select data page has username, name and date. The name is the name of item in spinner, i put these item in spinner. For example, username which is john select item 1 in spinner and it will send to database. Then when go status page, it will only display the item selected by John only in John account. Same as other account, in their account only will display their own item selected. Below is my select item php:

<?php 

if($_SERVER['REQUEST_METHOD']=='POST'){

    //Getting values
    $username = $_POST['username'];

    $name = $_POST['name'];
    $date = $_POST['date'];
    //Creating an sql query
    $sql = "INSERT INTO Selection (username, name, date) VALUES 
    ('$username','$name', '$date')";

    //Importing our db connection script
    require_once('dbConnect.php');

    //Executing query to database
    if(mysqli_query($con,$sql)){
        echo 'Selected Successfully';
    }else{
        echo 'Sorry, You Already Select this item';
    }

    //Closing the database 
    mysqli_close($con);
}
?>

View Status Php:

<?php 
//Importing Database Script 
require_once('dbConnect.php');

//Creating sql query
$sql = "SELECT * FROM Selection";

//getting result 
$r = mysqli_query($con,$sql);

//creating a blank array 
$result = array();

//looping through all the records fetched
while($row = mysqli_fetch_array($r)){

    //Pushing name and id in the blank array created 
    array_push($result,array(
                    "id"=>$row['id'],
                    "username"=>$row['username'],
                    "name"=>$row['name'],
                    "date"=>$row['date']
                    )   
            );
}

//Displaying the array in json format 
echo json_encode(array('result'=>$result));

mysqli_close($con); 
?>

I am using localhost and phpmyadmin.

Table structure for Selection is below:-

id - primary key Not Null
username NOT NULL,
name NOT NULL,
date NOT NULL,
ALTER TABLE `Selection` ADD UNIQUE `unique_index`(`username`, `name`);
RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
  • Please share your table structure too, if possible. – miiiii Aug 09 '17 at 08:49
  • 1
    have you worked with the session before ? – Jok3r Aug 09 '17 at 08:53
  • @ManojShukla I update my table structure already in my question,please check thanks. –  Aug 09 '17 at 08:55
  • @Jok3r I dont use session –  Aug 09 '17 at 08:55
  • from your question what i understood is you want specific items which is selected by the user from the database right ? – Jok3r Aug 09 '17 at 08:57
  • @Jok3r What I want is for example user A select the item in spinner, he can select all item in the spinner, but all item can selected only one time, and in the view status page only will display user A selection when user A view status page and the item is retrieved from database. Sorry for my bad english, hope can understand, for selected one time, i already done, now left display part only because in view status page it display all user's selection –  Aug 09 '17 at 09:01
  • @NgWeiLun yes we are getting your point, but you tell me first have you worked on `MySql` ever before?? – miiiii Aug 09 '17 at 09:03
  • @ManojShukla I suppose your "`mysql`" is a typo? – Carl Binalla Aug 09 '17 at 09:04
  • this application is my first time to use mysql to do, before that, i using firebase. –  Aug 09 '17 at 09:06
  • Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) – RiggsFolly Aug 09 '17 at 09:07

2 Answers2

0

As you haven't mention the Schema of Spinner and Selection table, assuming a simple case for you, the solution would be like instructed below..

  1. When user logs in, capture it's username (usually store it in session till he/she logs out).

  2. In your Status.php your query would be 

    Select * from Selection where username = '$YOUR_USER_NAME_FROM_SESSION_HERE';

That should be enough as per your requirement.

NOTE: Using variable directly in your query will result in exposure of SQL injection. To prevent Sql injection, refer this answer too.

miiiii
  • 1,580
  • 1
  • 16
  • 29
  • that mean need use session? –  Aug 09 '17 at 09:03
  • It depends on you... if you are not familiar with sessions, you can avoid them but that's a very bad practice. However, the way to do it without session is simple.. When user submits form to log into your application, copy its username in some other variable too, and use it in your query, but when you need to navigate thru your application, you will have to pass that variable from one page to another..which is quite tedious, but for single page or two page app its fine. – miiiii Aug 09 '17 at 09:06
0

when the user logged in set the session using $_SESSION["name"] = "$username"; right now session is set then you can access the session variable from anywhere in the view page you retrieve the session using $user= $_SESSION["name"].

now you fetch the items from the database like

$sql = "SELECT * FROM Selection where username='$user'";

try it

Jok3r
  • 454
  • 3
  • 9
  • $_SESSION["name"] = "$username"; put in select page only? –  Aug 09 '17 at 09:15
  • where is you login checking,in that page ? put there and store the username to name variable. can you paste your login code here – Jok3r Aug 09 '17 at 09:16
  • Because i am using facebook login –  Aug 09 '17 at 09:17
  • login successful , that condition you have in your code right ? – Jok3r Aug 09 '17 at 09:19
  • That one i write in android studio –  Aug 09 '17 at 09:20
  • for login check you will pass the username to one php file right ? – Jok3r Aug 09 '17 at 09:22
  • i dont have login check php file –  Aug 09 '17 at 09:24
  • ok then the username will be the username of facebook right ? then set that facebook username to session variable example $_SESSION["name"] = "$facebook_username". understood ? – Jok3r Aug 09 '17 at 09:26
  • one more thing.you are fetching the data in view status.php right ? – Jok3r Aug 09 '17 at 09:32
  • Yes, the data in view status page is retrieved from selection table –  Aug 09 '17 at 09:33
  • there you retrieve the username using session example $user= $_SESSION["name"]. now the username will be in $user, the apply the condition $sql = "SELECT * FROM Selection where username='$user'"; – Jok3r Aug 09 '17 at 09:33