-6

i need this so that a logged in user id is used and only that user can view his/her own data from a SQL query using PHP and not all data I can provide more info on request

(look for <<< )

<center>
<title>J~Net Balance Accounts</title>
 <?php 
 // Connects to your Database 
 mysql_connect("localhost", "root", "password") or die(mysql_error()); 
 mysql_select_db("messages") or die(mysql_error()); 
 $data = mysql_query("SELECT * FROM users WHERE id=$id") <<<<
 or die(mysql_error()); 
 Print "<table border cellpadding=3>"; 
 while($info = mysql_fetch_array( $data )) 
 { 
 Print "<tr>"; 
 Print "<th>User:</th> <td>".$info['user_name'] . "</td> "; 
 Print "<th>Balance:</th> <td>".$info['balance'] . " </td></tr>"; 
 } 
 Print "</table>"; 
 ?>
vsz
  • 4,811
  • 7
  • 41
  • 78
Jay Mee
  • 55
  • 1
  • 11
  • 1
    You are not defining `$id` anywhere, are you? – Pekka Oct 13 '11 at 19:42
  • 1
    Where is `$id` being set? Is it outputting all rows? If `$id` isn't set, you're going to have an sql syntax error with the way you've written your query. – Jaime Oct 13 '11 at 19:42
  • When a user logins in - save their id (or extract it from database based on login / password) and store it in the Session (http://www.w3schools.com/php/php_sessions.asp) and then use that in the query. Also take a look at http://stackoverflow.com/questions/3180375/select-vs-select-column – Bruce Oct 13 '11 at 19:45
  • 1
    and the problem is? $id should be the user's session? – M. Suleiman Oct 13 '11 at 19:46
  • Sidenote, your html is a bit messy, what's 'border' there, and why do you mix 'th' with 'td'? – Damien Pirsy Oct 13 '11 at 20:07
  • im mor of an editor than a coder and that is how it was and is but it dosnt display anything to display the botom bits i have to use iframe and that code would go on another page – Jay Mee Mar 15 '12 at 10:28

1 Answers1

0
<?php //
echo "<h3>Member Log in</h3>";
$error = $user = $pass = "";

if (isset($_POST['user'])){
    $user = sanitizeString($_POST['user']);
    $pass = sanitizeString($_POST['pass']);

    if ($user == "" || $pass == ""){
        $error = "Not all fields were entered<br />";
    }else{
        $token = md5("$pass");
        $query = "SELECT name,pass FROM users WHERE name='$user' AND pass='$token'";

        if (mysql_num_rows(queryMysql($query)) == 0){
            $error = "Username/Password invalid<br />";
        }else{

            $_SESSION['user']    = $user;
            $_SESSION['pass']    = $token;
            header("Location: index.php");
        }
    }
}

echo <<<_END
<form method='post' action='login.php'>$error
Username <input type='text' maxlength='16' name='user' value='$user' /><br />
Password <input type='password' maxlength='16' name='pass'value='$pass' /><br />
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
<input type='submit' value='Login' />
</form>
_END;

This is a form that asks for userid and password. After login, it will store the user id in $_SESSION['user']. Now you can refer to this variable in other pages when needed.

Dennis
  • 138
  • 1
  • 4