passing parameter in sql query by page

Question

PinoyDev -3 Posting Whiz in Training

15 Years Ago

Good day.!

I am having problem with passing the parameter value. I have a page called index.php. This page has a textbox named "username" when the user login and type his/her user name in the textbox named "username" i want the data of that user to be displayed in the next page called enrolselection.php. I have already a recordset in the index.php which holds the login statement. below is the recordset:

if (!isset($_SESSION)) {
  session_start();
}

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
  $_SESSION['PrevUrl'] = $_GET['accesscheck'];
}

if (isset($_POST['username'])) {
  $loginUsername=$_POST['username'];
  $password=$_POST['password'];
  $MM_fldUserAuthorization = "";
  $MM_redirectLoginSuccess = "enrolselection.php";
  $MM_redirectLoginFailed = "invaliduser.php";
  $MM_redirecttoReferrer = false;
  mysql_select_db($database_enamysqldb, $enamysqldb);
  
  $LoginRS__query=sprintf("SELECT username, password FROM studentregistration WHERE username=%s AND password=%s",
    GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text")); 
   
  $LoginRS = mysql_query($LoginRS__query, $enamysqldb) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
     $loginStrGroup = "";
    
    //declare two session variables and assign them
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;	      

    if (isset($_SESSION['PrevUrl']) && false) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];	
    }
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}

the above recordset works fine. When the user login success, it display the enrolselection.php. My problem is, how can i ddisplay the data of the user who login in enrolselection.php that caomes from mysql table.? here is my recordset in enrolselection.php. I dont know what to put in the where statement of my sql. please help.

<?php require_once('Connections/enamysqldb.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

$colname_recstudinfo = "-1";
if (isset($_GET['username'])) {
  $colname_recstudinfo = $_GET['username'];
}
mysql_select_db($database_enamysqldb, $enamysqldb);
$query_recstudinfo = sprintf("SELECT * FROM studentregistration WHERE username = %s", GetSQLValueString($colname_recstudinfo, "text"));
$recstudinfo = mysql_query($query_recstudinfo, $enamysqldb) or die(mysql_error());
$row_recstudinfo = mysql_fetch_assoc($recstudinfo);
$totalRows_recstudinfo = mysql_num_rows($recstudinfo);

Ive done this in asp by just passing the parameter value of index.php to enrlselection.php that holds the data of username textbox. here is my code in asp

<%
Dim MMColParam
MMColParam = "1"
If (Request.QueryString("username") <> "") Then 
MMColParam = Request.QueryString("username")
End If
%>

<%

recdisplaysearchcontent.Source = "SELECT * FROM tblsearch_content WHERE index = " + Replace(MMColParam, "'", "''") + " ORDER BY index ASC"

%>

I dont know how to convert this asp code in php.Please help.!!

Thank you and God bless.!!

php

3 Contributors
8 Replies
166 Views
7 Hours Discussion Span
Latest Post 15 Years Ago Latest Post by PinoyDev

Will Gresham 81 Master Poster

15 Years Ago

Seeing as you have the username already in a session $_SESSION['MM_Username'] = $loginUsername; , why not just use this in the query?

death_oclock 103 Posting Whiz

15 Years Ago

can i used it the in second page query.?

Yes, thats the whole point of sessions; they last across all pages in your site until they expire or the browser is closed.

It looks to me like you would put it in here:

$query_recstudinfo = sprintf("SELECT * FROM studentregistration WHERE username = %s", GetSQLValueString($_SESSION['MM_Username'], "text"));

I am unsure of your page flow, but I assume $_GET no longer exists on this page? If this is true you can ditch the part about getting that value. Just use your session.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

PinoyDev -3 Posting Whiz in Training · Answer 1 · 2009-02-14T07:49:18+00:00

Seeing as you have the username already in a session $_SESSION['MM_Username'] = $loginUsername; , why not just use this in the query?

can i used it the in second page query.?remember that the

$_SESSION['MM_Username'] = $loginUsername

is in the first page which is the index.php. When the login is correct i want to display the data of the user who login in the enrolselection.php here is the sql query.

if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

$colname_recstudinfo = "-1";
if (isset($_GET['username'])) {
  $colname_recstudinfo = $_GET['username'];
}
mysql_select_db($database_enamysqldb, $enamysqldb);
$query_recstudinfo = sprintf("SELECT * FROM studentregistration WHERE username = %s", GetSQLValueString($colname_recstudinfo, "text"));
$recstudinfo = mysql_query($query_recstudinfo, $enamysqldb) or die(mysql_error());
$row_recstudinfo = mysql_fetch_assoc($recstudinfo);
$totalRows_recstudinfo = mysql_num_rows($recstudinfo);

which part of this query should i insert the session.?should i replace the

=%s

with the session variable? please help!!

Thank you so much for giving time with this. God bless

PinoyDev -3 Posting Whiz in Training · Answer 2 · 2009-02-14T08:00:33+00:00

Yes, thats the whole point of sessions; they last across all pages in your site until they expire or the browser is closed.
It looks to me like you would put it in here:
$query_recstudinfo = sprintf("SELECT * FROM studentregistration WHERE username = %s", GetSQLValueString($_SESSION['MM_Username'], "text"));
I am unsure of your page flow, but I assume $_GET no longer exists on this page? If this is true you can ditch the part about getting that value. Just use your session.

thank you sir.! I will post my reply if this work.Thank you very much sir.! Il try it out now.!

God bless

PinoyDev -3 Posting Whiz in Training · Answer 3 · 2009-02-14T08:16:36+00:00

Yes, thats the whole point of sessions; they last across all pages in your site until they expire or the browser is closed.
It looks to me like you would put it in here:
$query_recstudinfo = sprintf("SELECT * FROM studentregistration WHERE username = %s", GetSQLValueString($_SESSION['MM_Username'], "text"));
I am unsure of your page flow, but I assume $_GET no longer exists on this page? If this is true you can ditch the part about getting that value. Just use your session.

sir it does not display the information.whats wrong with my query.?here is my revised query with session variable:

if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

$colname_reclog = "-1";
if (isset($_SESSION['MM_Username'])) {
  $colname_reclog = $_SESSION['MM_Username'];
}
mysql_select_db($database_enamysqldb, $enamysqldb);
$query_reclog = sprintf("SELECT * FROM studentregistration WHERE username = %s", GetSQLValueString($colname_reclog, "text"));
$reclog = mysql_query($query_reclog, $enamysqldb) or die(mysql_error());
$row_reclog = mysql_fetch_assoc($reclog);
$totalRows_reclog = mysql_num_rows($reclog);

I dont know whats wrong with my code.?

Please help

death_oclock 103 Posting Whiz · Answer 4 · 2009-02-14T08:19:21+00:00

You're not displaying anything. Unless there's more to the code on this page, I don't see a single output statement.

PinoyDev -3 Posting Whiz in Training · Answer 5 · 2009-02-14T08:26:06+00:00

You're not displaying anything. Unless there's more to the code on this page, I don't see a single output statement.

im sorry sir i forgot: here is the uotput statemet:

<td width="492"><span class="style8"><?php echo $row_reclog['lastname']; ?></span></td>

but it does not display the information.Example just to display the last name of the user who login.!

Whats wrong with my query.?

Thank you for giving time with me. I really aprreciate it.!Please help

PinoyDev -3 Posting Whiz in Training · Answer 6 · 2009-02-14T08:42:58+00:00

You're not displaying anything. Unless there's more to the code on this page, I don't see a single output statement.

sir i made it.thank you for giving me the process of doing it. I just beat it 1 minute.! i just put on the top under <?php

require_once('index.php');

Thank you so much sir. If you need help in vb6 im always here to help.!!

Thank you and Glod bless. This problem was solved.!