echo table from database on site stays blank

Question

thank you for reading my message. I am working on a website, but whenever I want to display a number from a database field on the website, no errors, but nothing is shown.

(sorry for bad english)

auth

session_start();
if(!isset($_SESSION["username"])) {
    header("Location: login.php");
    exit();
}

login

  require('db.php');
session_start();
// When form submitted, check and create user session.
if (isset($_POST['username'])) {
    $username = stripslashes($_REQUEST['username']);    // removes backslashes
    $username = mysqli_real_escape_string($con, $username);
    $password = stripslashes($_REQUEST['password']);
    $password = mysqli_real_escape_string($con, $password);
    // Check user is exist in the database
    $query    = "SELECT * FROM `users` WHERE username='$username'
                 AND password='" . md5($password) . "'";
    $result = mysqli_query($con, $query) or die(mysql_error());
    $rows = mysqli_num_rows($result);
    if ($rows == 1) {
        $_SESSION['username'] = $username;
        $_SESSION['coins'] = $coins;
        // Redirect to user dashboard page
        header("Location: dashboard-2.php");
    } else {
        echo "<div class='form'>
              <h3>Je wachtwoord of gebruikersnaam is onjuist.</h3><br/>
              <p class='link'>Klik hier om <a href='login.php'>terug</a> te gaan.</p>
              </div>";
    }
} else {

coins need to be shown on the dashboard.

`mysql_error()` < that won't work with mysqli_. So, if you have mysql errors, it won't catch them. Plus, is error reporting enabled? — Funk Forty Niner, May 03 '20 at 20:47
Why are you using MD5 as opposed to `password_hash()`? You should also be using prepared statements instead. — Funk Forty Niner, May 03 '20 at 20:48
What is wrong with the code? Something is not shown up? What did you expect and what happened instead? — davidev, May 03 '20 at 20:48
Okay, it there a coins field in users table? You are using $coins? Where is it declared / initalized? — davidev, May 03 '20 at 20:52
Add this to the top of your php files `ini_set('display_errors', 1); ini_set('display_startup_errors', 1); error_reporting(E_ALL);` and use `mysqli_error($con)`. If any errors, let us know what they were. — Funk Forty Niner, May 03 '20 at 20:52
@davidev yes i made a field coins in the users table. i dont have declared or initalized it. don't know how. ;) — w 2, May 03 '20 at 20:54
Given the answers now; this appears to just be a typographical error. — Funk Forty Niner, May 03 '20 at 20:55
`if ($rows == 1)` < what do you think will happen if there are more than one row? — Funk Forty Niner, May 03 '20 at 20:57

score 1 · Answer 1 · answered May 03 '20 at 20:54

There are several things wrong here:

mysql_error() cannot be used with "mysqlixxx": they're two completely different libraries.
Use mysqli::error instead.
You should NEVER, EVER, NEVER EVER use raw user input in a SQL statement. Use prepared statements instead.
Finally, the reason you're not seeing "coins" ... is because you never read anything from the result set.

SUGGESTION: $coins = $rows[0]['coins'];

score 0 · Answer 2 · answered May 03 '20 at 20:54

You're setting $_SESSION['coins'] to an undefined variable ($coins). You have to fetch a row from the result set, e.g. mysqli_fetch_object

Try this:

    if ($rows == 1) {
        $row = mysqli_fetch_object($result);
        $_SESSION['username'] = $username;
        $_SESSION['coins'] = $row->coins; //Your column for coins in your table.
        // Redirect to user dashboard page
        header("Location: dashboard-2.php");
    } else {
        echo "<div class='form'>
              <h3>Je wachtwoord of gebruikersnaam is onjuist.</h3><br/>
              <p class='link'>Klik hier om <a href='login.php'>terug</a> te gaan.</p>
              </div>";
    }

echo table from database on site stays blank

2 Answers2