-2

I'm relatively new to coding. I'm trying to display some of the data the user has saved (when registering) on the next few pages. I can display the username, but I want to display the names and email as well.

this is when the user is logging in.

    $query = "SELECT * FROM users 
                WHERE username='$username' 
                AND password='$password'";
    $results = mysqli_query($db, $query);
    if (mysqli_num_rows($results) == 1) {
        $_SESSION['username'] = $username;
        $_SESSION['success'] = "You are now logged in";
        header('location: indexclient.php');
    }else {
        array_push($errors, "Wrong username/password combination");
    }

    //new page
    //This is the top of the page where I want to display the name.

    session_start();

    if (!isset($_SESSION['username'])) {
        $_SESSION['msg'] = "You must log in first";
        header('location: loginclient.php');
    }

    if (isset($_GET['logout'])) {
        session_destroy();
        unset($_SESSION['username']);
        header("location: loginclient.php");
    }

    //This is where I want to display the name at the bottom of the page:

  <h2> <?php echo $_SESSION['username']; ?>'s Profile</h2>
  <?php echo $_SESSION['firstname']; ?>

  <?php  if (isset($_SESSION['username'])) {
   echo "Hello",  $_SESSION['firstname']  ;
  }
RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
Tiaan
  • 5
  • 3
  • 3
    **Never store plain text passwords!** Please use ***PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html)*** to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). ***It is not necessary to [escape passwords](http://stackoverflow.com/q/36628418/1011527)*** or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. – Jay Blanchard Apr 23 '19 at 13:32
  • 1
    You need to fetch details through DB Table. – Pupil Apr 23 '19 at 13:33
  • 2
    [Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)*** Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! – Jay Blanchard Apr 23 '19 at 13:33
  • Some sensible code indentation would be a good idea. It helps us read the code and more importantly it will help **you debug your code** [Take a quick look at a coding standard](http://www.php-fig.org/psr/psr-2/) for your own benefit. You may be asked to amend this code in a few weeks/months and you will thank me in the end. – RiggsFolly Apr 23 '19 at 13:35
  • ___but I want to display the names and email as well___ Well in that case you will have to either place those items in the SESSION along with `$_SESSION['username']` OR Go and read them from the database on each page using `$_SESSION['username']` as the key – RiggsFolly Apr 23 '19 at 13:38

2 Answers2

0

You need to fetch data from DB and store in variables so you can use them wherever you want.

$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$results = mysqli_query($db, $query);
while($data = mysqli_fetch_array($results)) {
  $name = $data['name_from_db']; //Here you put a name of column where you store name in DB
  $email = $data['email_from_db']; //Here you put a name of column where you store email in DB

 // You can put in session if you want to have it globaly
}

if (mysqli_num_rows($results) == 1) {
    $_SESSION['username'] = $username;
    $_SESSION['success'] = "You are now logged in";
    $_SESSION['name'] = $name ; //This is example where I put in SESSION variable
    $_SESSION['email'] = $email; //This is example where I put in SESSION variable
    header('location: indexclient.php');
} else {
    array_push($errors, "Wrong username/password combination");
}

Please note, you are not doing anything for security in this code and it's wide open for attacks. Please, read about parameterized queries and protection against SQL injection, also about password hashing. Sending passwords in plain text is not safe!

Budimir Skrtic
  • 419
  • 3
  • 12
0

On this section :

if (mysqli_num_rows($results) == 1) {
    $_SESSION['username'] = $username;
    //Add another entry in SESSION here
    $_SESSION['success'] = "You are now logged in";
    header('location: indexclient.php');
}

You can add a new entry like $_SESSION['email'] = $result[index_of_email_in_results]

JessGabriel
  • 1,062
  • 9
  • 18