haii....i had lot of different school datas and when i want to login into the data i want to get only the specified data according to the username and password..username and password is different for different schools can you please help me thanks in advance and iam waiting for your answer
mohammed_22 0 Light Poster
Gideon_1 15 Junior Poster
Hello Mohammed, helping people is the job of a forum, but you need to show us your efforts first. With your codes we will help you find your way out of the concerned problem.
mohammed_22 0 Light Poster
hoo sorry,i didnt post my code here..its like this
mohammed_22 0 Light Poster
<?php
session_start();
include "connect.php";
if(isset($_POST['submit']))
{
$Email=$_POST['username'];
$Password=$_POST['passwordname'];
$query="SELECT * FROM users WHERE email='$Email' and password='$Password'";
$result=mysql_query( $query);
$count=mysql_num_rows($result);
if($count==0){
echo "invalid";
}
else if($count > 0)
{
$fetch = mysql_fetch_array($result);
header("location:direct.php");
}
}
?>
mohammed_22 0 Light Poster
haii..this is my code and in direct.php i have two files directlist.php and directlist1.php.and i want to get only specific data in both directlist and directlist1.php and the column name "code" is specified in both and in login data base also.
mohammed_22 0 Light Poster
haii....i had lot of different school datas and when i want to login into the data i want to get only the specified data according to the username and password..username and password is different for different schools can you please help me thanks in advance and iam waiting for your answer
Gideon_1 15 Junior Poster
Hello Mohammed, the only flaws I see in your codes are you are using mysql PHP database connection layer which is deprecated. I recommend you to use mysqli or PDO database connection layer. Also your codes are not escaped which makes it very open to sql injection.
Now coming to your question, you are saying its a login system but there is no session set. After successful login you can set a session with the value of the user id (which should be a unique field in the database).
Example
<?php
session_start();
//including database connection file
include "connect.php";
//if form is submitted
if (isset($_POST['submit'])) {
//validating that input fields are not empty (also escaping them).
if (!empty($_POST['username']) && !empty($_POST['passwordname'])) {
//setting variables
$email = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['passwordname']);
//querying the database
$sql = "SELECT * FROM users WHERE email='{$email}' AND password='{$password}'";
$query = mysql_query( $query);
//rows returned
$count = mysql_num_rows($query);
//if there is no user return invalid
if ($count == 0) {
echo "invalid";
//user must be only one so need for >0
} else if ( $count == 1) {
//fetching user data
$results = mysql_fetch_array($result);
//setting session with user id
$_SESSION['user'] = $results['id'];
//redirecting user to direct.php.
header("location:direct.php");
}
}
}
?>
Sorry for making few changes in your variable names, but hope it helped.
mattster 195 Practically a Master Poster Featured Poster
Going on what @Gideon_1 first said, here is the mysqli_* version of his example (I haven't had a chance to test it at all yet, but I think it should work). Hope this helps:
<?php
session_start();
// database connection
$mysqli = new mysqli('host','username','password','database_name');
... Check connection ...
//if form is submitted
if (isset($_POST['submit'])) {
//validating that input fields are not empty (also escaping them).
if (!empty($_POST['username']) && !empty($_POST['passwordname'])) {
//setting variables
$email = $mysqli->real_escape_string($_POST['username']);
$password = $mysqli->real_escape_string($_POST['passwordname']);
$results = $mysqli->query("SELECT COUNT(*) FROM users WHERE email='' AND xx=''");
$get_total_rows = $results->fetch_row(); //hold total records in variable
if($get_total_rows == 1) {
// valid, so you can set your session in the same way as we've queried data above.
$data = $results->fetch_assoc();
$_SESSION['user'] = $data['id'];
}
$mysqli->close();
}
}
?>
Gideon_1 15 Junior Poster
@mattster, its not that I'm encouraging the mysql database connection layer but I don't know whether he has the basics of the mysqli database layer. And surprisely you just jumped to OOP mysqli for someone who codes in procedual and deprecated mysql.
I think he should learn the foundamentals first with procedual and then switch to OOP.(Personal Preference)
mohammed_22 0 Light Poster
hey its ok...any way thanks in advance but when it goes to direct.php the entire information is displaying and what to do for that.e only column in all databases is column name "code" so with that can we acess
mattster 195 Practically a Master Poster Featured Poster
No no, my apologies for how that may have come across, I'm not accusing you for encouraging anything bad, just making sure he clearly knows the difference in using mysqli_*.
Personally, having done nothing but OOP, I think that he is more than capable of using bits of OOP in his code (even if he doesn't understand it all), because small steps are better than none at all. Granted, it would be unfair to write the whole thing as a class, but by learning the fundamentals of procedural is still learning the fundamentals of inefficiency and poor, mucky code.
Most people would hardly even notice that this is object based and not procedural, so for what little bit extra it is to realise the function looks different, but provides far more efficient database handling - is surely worth it?
mohammed_22 0 Light Poster
yaaaa..iam new to here,had many problems..i hope you can help me in this..
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.