PHP Logged In As:

Butters · 7 Nov 2007 at 22:55

Me again,

I have a login which checks username and password stored in a MySQL db.

When the user logs in and gets redirected to the right page, I'd like to show a

"You are logged in as: xxxxxxxxxx"

thingy

Any ideas?

Inquisitor · 7 Nov 2007 at 23:27

Erm, session variables?

Code:

echo 'You are logged in as: ' . $_SESSION['username'];

You haven't really told us what your problem is.

Butters · 7 Nov 2007 at 23:51

No thats it. Cool. Thanks

One other thing. I have a field in a MySQL table that is classed as Unique. When a form submits to the MySQL database (with PHP) how can I get it to check for uniqueness, and, if its not unique, display something on the site to tell the user that?

If you know, that would be great.

Inquisitor · 7 Nov 2007 at 23:56

Just query to see if there are any conflicts before running the insert query.

Butters · 8 Nov 2007 at 00:02

Would you be kind enough to give me an example?

RobH · 8 Nov 2007 at 00:13

I'm not great with SQL but I think you can do something like:

Code:

$username = 'Joe'
$query = SELECT * FROM site_users WHERE username='$username'
$users = mysql_num_rows($query);

if ($users > 0){
//Username isn't unique
}

There may be an shorter way though. I believe that the MySQL 'unique' flag only checks data as it is inserted into the database, resulting in a query failure.

Inquisitor · 8 Nov 2007 at 00:14

Code:

$uniqueValue = mysql_real_escape_string($_POST['unique_value']);
$query = "SELECT `someuniquefield` FROM `sometable` WHERE `someuniquefield` = '$uniqueValue'";
$result = mysql_query($query);
$rowCount = mysql_num_rows($result);

if ($rowCount > 0)
{
    // Error logic.
}
else
{
    // Carry on with the script.
}

Butters · 8 Nov 2007 at 00:23

Cool thanks. So under //Error Logic you'd have something like

echo 'sorry, blah blah already exits', etc, etc?

Also, where you have:

($_POST['unique_value']);

does that have to be the field that is unique? (in my case, hotel_name)

RobH · 8 Nov 2007 at 00:29

Butters said:
echo 'sorry, blah blah already exits', etc, etc?

You would probably want to display a message as well as the form again with all of the data from the previous page exept the username, this saves re-entering it all again.

Butters · 8 Nov 2007 at 00:31

how on this Lords good earth would one achieve that!? As you can guess, still getting to grips with PHP

marc2003 · 8 Nov 2007 at 11:39

to fill the form in with the submitted info is easy. you just echo the $_POST data back on screen like this. notice it's just a normal form but we're using the "value" to set it.......

Code:

echo '<input type="text" name="username" value="'.htmlentities($_POST['username']).'">';

rather than echo the raw $_POST value, you should use the htmlentities function when displaying any user input on screen. this stops them from running malicious code.

and with the error messages, just create a string when an error is found and output that on the screen along with the form.

Code:

<?php
//check user input
if error
     $error = 'sorry there was error. please check your details and try again.';
.....
.....
//output form
.....
.....
if($error) echo $error; 
?>

as an example of how that works, see my page here. enter your name but leave everything else blank.

Butters · 8 Nov 2007 at 11:42

Cool, thanks marc

I'll give this a go. Funny I was just reading up about HTMLentities on Tizag.

thanks again, I'll reply if I have any problems.

marc2003 · 8 Nov 2007 at 11:50

Butters said:
thanks again, I'll reply if I have any problems.

i'm sure you will.

and what about this......

My last php question ever!

lies.

Butters · 8 Nov 2007 at 11:54

ok, I've got this and can't seem to find out whats wrong. Perhaps its a has of lots of different code areas.

Code:

<?php
session_start();
if(!$_SESSION['username']) {
       //not logged in. redirect to login page
       header("Location: login.php");
       exit;
}

$address = "localhost";
$username = "myuser";
$password = "mypass";
$database = "mydb";

mysql_connect($address,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head>

</head>

<body>


<?php
echo "<strong>You are logged in as:</strong> " . $_SESSION['username'];
?>


<p>Please answer all questions. For blank fields, please enter <strong>N/A</strong>.</p>
<p>Fields marked with an asterisk (<span class="warning">*</span>) must be completed.</p>

<?php
if (!isset($_POST['submit'])) {
?>

<form action="" method="post">

//HTML FORM HERE
</form>



<?php

$uniqueValue = mysql_real_escape_string($_POST['hotel_name']);
$query = "SELECT `hotel_name` FROM `survey` WHERE `hotel_name` = '$uniqueValue'";
$result = mysql_query($query);
$rowCount = mysql_num_rows($result);

if ($rowCount > 0)
{
    // Error logic.
	echo '<input type="text" name="hotel_name" value="'.htmlentities($_POST['hotel_name']).'">';
}
else
{
    // Carry on with the script.
}




} else {

$hotel_name = mysql_real_escape_string($_POST['hotel_name']);
$contact = mysql_real_escape_string($_POST['contact_name']);
$telephone = mysql_real_escape_string($_POST['telephone']);
$do = mysql_real_escape_string($_POST['do']);
$have = mysql_real_escape_string($_POST['have']);



mysql_query("INSERT INTO `survey` (hotel_name, contact, telephone, do, have) VALUES 

('$hotel_name','$contact','$telephone','$do','$have')");
echo "Thank you! Your survey is now complete and the information has been submitted";
}


mysql_close();

?>

</body>
</html>

When I hit submit, the "thank you your data has been entered" message appears, but nothing enters the Database.

NOTE

I am forcing the same username as I already have stored in the DB, if I create a unique entry, all is well).

EDIT:

and what about this......

Quote:
My last php question ever!

lies.

Teehee

marc2003 · 8 Nov 2007 at 12:13

oh dear.

you need to output the whole form - not just the one field with the $_POST values. also your error checking is all wrong.

try this.....

Code:

<?php
session_start();
if(!$_SESSION['username']) {
       //not logged in. redirect to login page
       header("Location: login.php");
       exit;
}

$address = "localhost";
$username = "myuser";
$password = "mypass";
$database = "mydb";

mysql_connect($address,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");

if (isset($_POST['submit'])) {
	$hotel_name = mysql_real_escape_string($_POST['hotel_name']);
	$contact = mysql_real_escape_string($_POST['contact_name']);
	$telephone = mysql_real_escape_string($_POST['telephone']);
	$do = mysql_real_escape_string($_POST['do']);
	$have = mysql_real_escape_string($_POST['have']);
	
	$query = "SELECT `hotel_name` FROM `survey` WHERE `hotel_name` = '$hotel_name'";
	$result = mysql_query($query);
	if (mysql_num_rows($result) == 1) {
		$message = 'That hotel name is already in the database. Please use another.';
	} else {
		mysql_query("INSERT INTO `survey` (hotel_name, contact, telephone, do, have) VALUES ('$hotel_name','$contact','$telephone','$do','$have')");
		$message = "Thank you! Your survey is now complete and the information has been submitted";
	}
	mysql_close();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head>

</head>

<body>


<?php
echo "<strong>You are logged in as:</strong> " . $_SESSION['username'];
?>


<p>Please answer all questions. For blank fields, please enter <strong>N/A</strong>.</p>
<p>Fields marked with an asterisk (<span class="warning">*</span>) must be completed.</p>

<form action="" method="post">
<?php
echo '<input type="text" name="hotel_name" value="'.htmlentities($_POST['hotel_name']).'">';
//repeat that for each input
if($message) echo '<p>'.$message.'</p>';
?>
</form>
</body>
</html>

Butters · 8 Nov 2007 at 12:16

Ahh, OK, so the htmlentities within the PHP tags takes the place of the standard HTML form?

marc2003 · 8 Nov 2007 at 12:22

yup. that's what it looks like from here.

Butters · 8 Nov 2007 at 12:24

Cool,

Ok, two things:

1), I'm getting this error when the page loads now:

Code:

Parse error: syntax error, unexpected $end in survey.php on line 72

2) in my form I have drop down boxes eg

Code:

<select name="do">
<option value="Yes" selected="selected">Yes</option>
<option value="No">No</option>
</select></p>

how do I code that wih the html entities?

Thanks again

marc2003 · 8 Nov 2007 at 12:35

1) probably just a typo somewhere with the php code. good practice for you to find it.

2) this isn't the best method but for a one off it should be ok......

Code:

<select name="do">
<?php
if($_POST['do'] == 'No') {
        echo '<option value="Yes">Yes</option>';
        echo '<option value="No" selected="selected">No</option>';
} else {
        echo '<option value="Yes" selected="selected">Yes</option>';
        echo '<option value="No">No</option>';
}
?>
</select>

if you had multiple drop down boxes in the same form, you'd create a function and use arrays instead of bodging it like that.

Mixeh · 8 Nov 2007 at 12:37

Havent used PHP/MySQL in a while but surely attempting to insert an existing value into a unique field results in the insert query failing and thus affecting no rows? If thats the case the check with the select query is completely redundant.