-1

I'm trying to display the data of the user who logged in from the database but it does not work. I also tried to look answer here in the stack to errors I faced but none of them helped since I can't relate to their Q&As and their questions are different.

So back to my problem, I am getting an error on how to display the data from the database.

Here is the PHP code

<?php
require('db.inc.php');
if(!isset($_SESSION['email'])){
  header('Location: home.php');
}

if(isset($_POST['index.php'])){
    $data = mysqli_query("SELECT * FROM tbl_account WHERE email = '$email'");
        if(mysqli_num_rows($data) > 0){
         $fetch = mysqli_fetch_assoc($data);
        }

}
?>

Next, here is the form where I want to display the data.

<h1 class="text-primary">Your Information</h1>                   
<br>
<h5>First Name</h5>
<h3><?php echo $_fetch['firstName'];?></h3><br>
<h5>Last Name</h5>
<h3><?php echo $_fetch['lastName'];?></h3><br>
<h5>Sex</h5>
<h3><?php echo $_fetch['sex'];?></h3><br>
<h5>Email Address</h5>
<h3><?php echo $_fetch['email'];?></h3><br>
</div>

May I request not to close my question? so I can get more insights and answers. I put the error in the comments.

Carl Ret02
  • 19
  • 4
  • `Undefined variable: firstName` , `Undefined variable: _fetch`, `Trying to access array offset on value of type nullTrying to access array offset on value of type null` – Carl Ret02 Aug 06 '22 at 16:21
  • **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/32391315) – Dharman Aug 06 '22 at 17:57
  • Sir @Dharman yes, I know the risk of my codes, but for the purpose of learning, I think this is a good start. Also, I study how to use hash for password. – Carl Ret02 Aug 07 '22 at 17:41
  • But why would you want to learn something you should never every learn? You are wasting time learning how to write invalid code. Learn how to write proper code from the start and you won't have to unlear bad practices later on. – Dharman Aug 07 '22 at 17:43

1 Answers1

-1

try this...

 <?php
 require_once "db.inc.php";
 if(isset($_POST['index.php'])){   
    $sql = "SELECT * FROM tbl_account WHERE email = '$email'";
    if($result = mysqli_query($connection, $sql))
      {
        if(mysqli_num_rows($result) > 0)
        {
          while($row = mysqli_fetch_array($result))
          {
            echo "<h5>First Name</h5>";
            echo "<h3>" .$row['firstName'] ."</h3><br>"
          }
        }
      }
   }
 ?>
Abhilash Sharma
  • 1
  • 1