/    Sign up×
Community /Pin to ProfileBookmark

Trouble with retrieving data (DB ?)

Copy linkTweet thisAlerts:
Nov 12.2009

Hello,
I hope someone can help me! I feel incredibly stupid and I know I am missing something in my code, but here is what i have and what i can’t get to happen:mad: :

I have a password protected customer table. in other words, the customer logs in with his username and password. pretty simple, it works, they are logge in…..
now here is the problem i’m having-
i want it so when the customer logs in, they can only see THEIR data – their previous orders, only THEIR customer account info, and when they order their customer number is already in the order form ready to fill in the order.
i have tried a WHERE statement using the WHERE id = ‘$id”…..er, but it aint working for me….at all?
this has been bothering me for THREE days now…yes, and when i get lost driving, i dont ask anyone either…

im asking – no begging for help now though

thank you all for your help!!

to post a comment
PHP

3 Comments(s)

Copy linkTweet thisAlerts:
@KethinovNov 12.2009 — You're not giving us enough info to work with, so it's kind of hard to diagnose why you're not seeing the desired result.

Some things you could provide which would be helpful:

  • - the schema of your table

  • - the whole SELECT that you're doing on the table

  • - some sample data that is being returned

  • - the sample data you want returned instead
    • Copy linkTweet thisAlerts:
    @fmcnallyauthorNov 12.2009 — Sorry was at home and didn't have access to the pages...I appreciate your help!

    Here you go -

    They Log in -

    <?php

    session_start();

    if(isset($_COOKIE['pw']))

    // If the cookie 'pw is set, do the following;

    {

    $dbHost = 'localhost';

    // Database Connection Details - Host

    $dbUser = 'root';

    // Database Connection Details - Username

    $dbPass = 'marktwain';

    // Database Connection Details - Password

    $dbname = 'vision';

    // Database Connection Details - Database Name

    $username = $_COOKIE['pw']['username'];

    // Select the username from the cookie

    $password = $_    COOKIE['pw']['password'];

    // Select the password from the cookie

    $db = mysql_connect($dbHost,$dbUser,$dbPass); // Connection Code

    mysql_select_db($dbname,$db); // Connects to database

    $query = "SELECT * FROM login WHERE username = '$username' AND password = '$password'";

    $result = mysql_query($query, $db);

    if(mysql_num_rows($result))

    // If the login information is correct do the following;

    {

    $_SESSION['loggedin'] = 1;

    // Set the session 'loggedin' to 1 and forward the user to the admin page

    header('Location: http://dev.michaelogan.com/ccustomer_login.php');

    exit();

    }

    }

    /* If the cookie doesn't exist or the login

    information stored within the cookies

    are wrong show the login form.

    *    /

    ?>
    Copy linkTweet thisAlerts:
    @KethinovNov 12.2009 — Okay - first thing, that script is insecure. You need to escape your strings properly. If you don't, you're vulnerable to a SQL injection attack. One way you can fix it is with mysql_real_escape_string().

    You could rewrite the query like so:

    $query = "SELECT * FROM login WHERE username = '".mysql_real_escape_string($username)."' AND password = '".mysql_real_escape_string($password)."'";

    However, I still don't have enough info to tell you why your SELECT isn't returning the data you want. I still need:

  • - the schema of your table

  • - some sample data that is being returned

  • - the sample data you want returned instead
    • ×

    Success!

    Help @fmcnally spread the word by sharing this article on Twitter...

    Tweet This
    Sign in
    Forgot password?
    Sign in with TwitchSign in with GithubCreate Account
    about: ({
    version: 0.1.9 BETA 5.18,
    whats_new: community page,
    up_next: more Davinci•003 tasks,
    coming_soon: events calendar,
    social: @webDeveloperHQ
    });

    legal: ({
    terms: of use,
    privacy: policy
    });
    changelog: (
    version: 0.1.9,
    notes: added community page

    version: 0.1.8,
    notes: added Davinci•003

    version: 0.1.7,
    notes: upvote answers to bounties

    version: 0.1.6,
    notes: article editor refresh
    )...
    recent_tips: (
    tipper: @AriseFacilitySolutions09,
    tipped: article
    amount: 1000 SATS,

    tipper: @Yussuf4331,
    tipped: article
    amount: 1000 SATS,

    tipper: @darkwebsites540,
    tipped: article
    amount: 10 SATS,
    )...