Displaying SQL Values In Form - Session Help!

Hi,

For the $_SESSION[id] shouldn't it be something like $_SESSION[$id]?

So it should like something like this:

<?php 
include 'dbc.php';
page_protect();
$rs_settings = mysql_query("SELECT * FROM users WHERE id='".$_SESSION[$id]."'"); 
$row_settings = mysql_fetch_array($rs_settings);
?>
<html>
<head>
</head>
<body>
<form action="index.php" method="post" name="regForm" id="regForm" >
<input name="first_name" type="text" class="updateusersmall" id="first_name" value="<?php echo $row_settings['first_name']; ?>" size="30" />
</body>
</html>

Also, I am assuming that you have the connection to the database in the file 'dbc.php'.

Kieran :)

Thanks for that Kieran - unfortunately it didn't work. Everything else from the database connection is working fine.. so I don't think that is the issue. :(

Oh,
Try printing mysql_error() and see what comes up.

e.g.

echo @mysql_error();

It might be something wrong with your SQL.

Also, you should call session_start(); and the beginning of the page to start the session. The only other thing I can think of is that $_SESSION[$id] hasn't been set.

Kieran :)

I echo'd the session ID and it displayed the correct SQL ID for the logged in user. I can't imagine why it isn't working. :S

Maybe try using a while loop for the mysql_fetch_array(). Just to make sure it isn't some stupid error.

<?php 
include 'dbc.php';
page_protect();
$rs_settings = mysql_query("SELECT * FROM users WHERE id='".$_SESSION[$id]."'"); 
while($row = mysql_fetch_array($rs_settings))
{
  $row_settings = $row['first_name'];
}
?>
<html>
<head>
</head>
<body>
<form action="index.php" method="post" name="regForm" id="regForm" >
<input name="first_name" type="text" class="updateusersmall" id="first_name" value="<?php echo $row_settings; ?>" size="30" />
</body>
</html>

Kieran :)

Nope, still nothing. :(

:-O

I have done some small changes, maybe this will help.

$con is the mysql connection to the database

If the text "Ouch" appears in the text box then no rows are being returned.

<?php 
require("dbc.php");
page_protect();

$sql = "SELECT * FROM users WHERE id='".$_SESSION[$id]."'";
$rs_settings = mysql_query($sql, $con);

while($row = mysql_fetch_array($rs_settings))
{
  $row_settings = $row['first_name'];
}

if(mysql_num_rows( mysql_query($sql, $con) ) == 0)
{
  $row_settings "OUCH!";
}
?>
<html>
<head>
</head>
<body>
<form action="index.php" method="post" name="regForm" id="regForm" >
<input name="first_name" type="text" class="updateusersmall" id="first_name" value="<?php echo $row_settings; ?>" size="30" />
</body>
</html>

One last thing. In the database, has the column name first_name got any capital letters? It may be causing problems with PHPs case-sensitivity.

:(
'Owch' appeared - what do you think the issue is then?

It seems that the mysql query is retrieving nothing from the database.

In the database, has the column name first_name got any capital letters in it? It may be causing problems with PHPs case-sensitivity.

Have you changed $con to the variable assigned to your mysql connection?

$con = mysql_connect("localhost", "username", "password") or die(mysql_error());

mysql_select_db(YOUR_DATABASE_NAME, $con);

please, post your dbc.php, write your db here, ex, First_name, last_name, or what ever you have...

dbc.php:

<?php

define ("DB_HOST", "localhost"); // set database host
define ("DB_USER", "xxx"); // set database user
define ("DB_PASS","xxx"); // set database password
define ("DB_NAME","xxx"); // set database name

$link = mysql_connect(DB_HOST, DB_USER, DB_PASS) or die("Couldn't make connection.");
$db = mysql_select_db(DB_NAME, $link) or die("Couldn't select database");


$user_registration = 1;  

define("COOKIE_TIME_OUT", 10); 
define('SALT_LENGTH', 9); 

//define ("ADMIN_NAME", "admin"); // sp

/* Specify user levels */
define ("ADMIN_LEVEL", x);
define ("USER_LEVEL", x);
define ("GUEST_LEVEL", x);


function page_protect() {
session_start();

global $db; 

if (isset($_SESSION['HTTP_USER_AGENT']))
{
    if ($_SESSION['HTTP_USER_AGENT'] != md5($_SERVER['HTTP_USER_AGENT']))
    {
        logout();
        exit;
    }
}


if (!isset($_SESSION['id']) && !isset($_SESSION['username']) ) 
{
	if(isset($_COOKIE['id']) && isset($_COOKIE['user_key'])){
	/* we double check cookie expiry time against stored in database */
	
	$cookie_user_id  = filter($_COOKIE['id']);
	$rs_ctime = mysql_query("select `ckey`,`ctime` from `users` where `id` ='$cookie_user_id'") or die(mysql_error());
	list($ckey,$ctime) = mysql_fetch_row($rs_ctime);
	// coookie expiry
	if( (time() - $ctime) > 60*60*24*COOKIE_TIME_OUT) {

		logout();
		}

	 if( !empty($ckey) && is_numeric($_COOKIE['id']) && isUserID($_COOKIE['username']) && $_COOKIE['user_key'] == sha1($ckey)  ) {
	 	  session_regenerate_id(); //against session fixation attacks.
	
		  $_SESSION['id'] = $_COOKIE['id'];
		  $_SESSION['username'] = $_COOKIE['username'];
		/* query user level from database instead of storing in cookies */	
		  list($level) = mysql_fetch_row(mysql_query("select level from users where id='$_SESSION[id]'"));

		  $_SESSION['level'] = $level;
		  $_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);
		  
	   } else {
	   logout();
	   }

  } else {
	header("Location: login.php");
	exit();
	}
}
}



function filter($data) {
	$data = trim(htmlentities(strip_tags($data)));
	
	if (get_magic_quotes_gpc())
		$data = stripslashes($data);
	
	$data = mysql_real_escape_string($data);
	
	return $data;
}



function EncodeURL($url)
{
$new = strtolower(ereg_replace(' ','_',$url));
return($new);
}

function DecodeURL($url)
{
$new = ucwords(ereg_replace('_',' ',$url));
return($new);
}

function ChopStr($str, $len) 
{
    if (strlen($str) < $len)
        return $str;

    $str = substr($str,0,$len);
    if ($spc_pos = strrpos($str," "))
            $str = substr($str,0,$spc_pos);

    return $str . "...";
}	

function isEmail($email){
  return preg_match('/^\S+@[\w\d.-]{2,}\.[\w]{2,6}$/iU', $email) ? TRUE : FALSE;
}

function isUserID($username)
{
	if (preg_match('/^[a-z\d_]{5,20}$/i', $username)) {
		return true;
	} else {
		return false;
	}
 }	
 
function isURL($url) 
{
	if (preg_match('/^(http|https|ftp):\/\/([A-Z0-9][A-Z0-9_-]*(?:\.[A-Z0-9][A-Z0-9_-]*)+):?(\d+)?\/?/i', $url)) {
		return true;
	} else {
		return false;
	}
} 

function checkPwd($x,$y) 
{
if(empty($x) || empty($y) ) { return false; }
if (strlen($x) < 4 || strlen($y) < 4) { return false; }

if (strcmp($x,$y) != 0) {
 return false;
 } 
return true;
}

function GenPwd($length = 7)
{
  $password = "";
  $possible = "0123456789bcdfghjkmnpqrstvwxyz"; //no vowels
  
  $i = 0; 
    
  while ($i < $length) { 

    
    $char = substr($possible, mt_rand(0, strlen($possible)-1), 1);
       
    
    if (!strstr($password, $char)) { 
      $password .= $char;
      $i++;
    }

  }

  return $password;

}

function GenKey($length = 7)
{
  $password = "";
  $possible = "0123456789abcdefghijkmnopqrstuvwxyz"; 
  
  $i = 0; 
    
  while ($i < $length) { 

    
    $char = substr($possible, mt_rand(0, strlen($possible)-1), 1);
       
    
    if (!strstr($password, $char)) { 
      $password .= $char;
      $i++;
    }

  }

  return $password;

}


function logout()
{
global $db;
session_start();

if(isset($_SESSION['id']) || isset($_COOKIE['id'])) {
mysql_query("update `users` 
			set `ckey`= '', `ctime`= '' 
			where `id`='$_SESSION[id]' OR  `id` = '$_COOKIE[id]'") or die(mysql_error());
}			

/************ Delete the sessions****************/
unset($_SESSION['id']);
unset($_SESSION['username']);
unset($_SESSION['level']);
unset($_SESSION['HTTP_USER_AGENT']);
session_unset();
session_destroy(); 

/* Delete the cookies*******************/
setcookie("id", '', time()-60*60*24*COOKIE_TIME_OUT, "/");
setcookie("username", '', time()-60*60*24*COOKIE_TIME_OUT, "/");
setcookie("user_key", '', time()-60*60*24*COOKIE_TIME_OUT, "/");

header("Location: login.php");
}

// Password and salt generation
function PwdHash($pwd, $salt = null)
{
    if ($salt === null)     {
        $salt = substr(md5(uniqid(rand(), true)), 0, SALT_LENGTH);
    }
    else     {
        $salt = substr($salt, 0, SALT_LENGTH);
    }
    return $salt . sha1($pwd . $salt);
}

function checkAdmin() {

if($_SESSION['level'] == ADMIN_LEVEL) {
return 1;
} else { return 0 ;
}

}

?>

Database field names:
id md5_id first_name last_name username email level pass country tel website facebook youtube twitter flickr linkedin other1 other2 about photo date users_ip approved activation_code banned ckey ctime bio

:O very nice code but it's too much for me, but i saw that you validated the email, a simpler way is

filter("string", FILTER_VALIDATE_EMAIL)

Or something like this... Search filter in php web and you will see what i'm saying... I'm in the school answering from my cellphone :P

Or something like this... Search filter in php web and you will see what i'm saying... I'm in the school answering from my cellphone :P

Any chance you can have a look in further detail for the issue once you are back on your computer?

yes, in 45 - 50 minutes i'll be at home :)

Great, thank you! :)

I didnt saw anything wrong :(, for me it's too much :(

I think I am going to conclude that: Your database is messed up!

I have no idea about what is wrong with it. I have played around with the code but...

Would you look at that!

Line 213 and 214 in you dbc code is:

session_unset();
session_destroy();

Surly this would unset the session variable. You should remove those 2 lines or put $_SESSION into another variable before destroying the session. You should then use that in you MySQL query.

$id = $_SESSION['id'];
session_unset();
session_destroy();

Hope that works

Kieran :) :) :)

It worked Kieran! THANK YOU!!! :D

Hahaha nice !