webguync Posted February 5, 2010 Report Share Posted February 5, 2010 Hello, In a MySQL database I have a users table set up with name, username and password fields. I have a simple login form with username and password fields. The action for the form is set to run the following code which retrieves the name,username and password via SQL and echoes a welcome $name. Code below. <?php ini_set("display_errors","1"); ERROR_REPORTING(E_ALL); session_start(); $con = mysql_connect("localhost","username","pw") or die('Could not connect: ' . mysql_error()); mysql_select_db("DBName") or die(mysql_error()); // Same checking stuff all over again. if(isset($_POST['submit'])) { if(empty($_POST['username']) || empty($_POST['password']) ) { echo "Please fill in both your username and password to access your exam results."; echo ""; exit; } // Create the variables again. $username = mysql_real_escape_string($_POST['username']); $password = $_POST['password']; // Encrypt the password again with the md5 hash. // This way the password is now the same as the password inside the database. //$pwid = md5($pwid); // Store the SQL query inside a variable. // ONLY the username you have filled in is retrieved from the database. $query = "SELECT username,password,name FROM Editor_Candidates WHERE password = '$password' AND username='$username'"; $result = mysql_query($query) or die(mysql_error()); if(mysql_num_rows($result) == 0) { // Gives an error if the username/pw given does not exist. // or if something else is wrong. echo "You have entered a username or password that does not match our database records. please try again. You will be redirected back to the login screen in 5 seconds. " . mysql_error(); echo ""; exit(); /* this would benefit from a redirect to a page giving better information to the user and maybe logging some errors. */ } else { // Now create an object from the data you've retrieved. $row = mysql_fetch_object($result); // You've now created an object containing the data. // You can call data by using -> after $row. // For example now the password is checked if they're equal. // By storing data inside the $_SESSION superglobal, // you stay logged in until you close your browser. $_SESSION['name'] = $row->name; $_SESSION['username'] = $username; $_SESSION['sid'] = session_id(); // Make it more secure by storing the user's IP address. $_SESSION['ip'] = $_SERVER['REMOTE_ADDR']; // Now give the success message. // $_SESSION['username'] should print out your username. //move this to after your redirect further below.. //Update record with current time IF the account has never logged in before echo " $query = "UPDATE `Editor_Candidates` SET `login_timestamp` = NOW() WHERE `username` = '$username' AND `password` = '$password' AND login_timestamp = '';"; "; $result = mysql_query($query) or die(mysql_error()); //Check if query ran succesfully } } // Start a session. If not logged in will be redirected back to login screen. if(!isset($_SESSION['username'])){ header("Location:EditorLogin.php"); exit; } echo "Welcome! You are now logged in " . $_SESSION['name'] . ""; ?> this works well enough, and also on this page (test.php), I have another form where the user submits information into a MySQL database. Their is a field set up for $name, but this info isn't carrying over into the database. The submit code is: <?php session_start(); $_SESSION['name'] = $row->name; $con = mysql_connect("localhost","username","pw") or die('Could not connect: ' . mysql_error()); mysql_select_db("ETSI_Internal") or die(mysql_error()); $name = $_SESSION['name']; $name=mysql_real_escape_string($_POST['name']); //This value has to be the same as in the HTML form file $A1=mysql_real_escape_string($_POST['Answer1']); //This value has to be the same as in the HTML form file $A2=mysql_real_escape_string($_POST['Answer2']); //This value has to be the same as in the HTML form file $A3=mysql_real_escape_string($_POST['Answer3']); //This value has to be the same as in the HTML form file $A4=mysql_real_escape_string($_POST['Answer4']); //This value has to be the same as in the HTML form file $A5=mysql_real_escape_string($_POST['Answer5']); //This value has to be the same as in the HTML form file $A6=mysql_real_escape_string($_POST['Answer6']); //This value has to be the same as in the HTML form file $A7=mysql_real_escape_string($_POST['Answer7']); //This value has to be the same as in the HTML form file $A8=mysql_real_escape_string($_POST['Answer8']); //This value has to be the same as in the HTML form file $A9=mysql_real_escape_string($_POST['Answer9']); //This value has to be the same as in the HTML form file $sql="INSERT INTO Responses (name,Answer1,Answer2,Answer3,Answer4,Answer5,Answer6,Answer7,Answer8,Answer9) VALUES ('$name','$A1','$A2','$A3','$A4','$A5','$A6','$A7','$A8','$A9')"; /*form_data is the name of the MySQL table where the form data will be saved. name and email are the respective table fields*/ if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo "The answer was submitted successfully"; mysql_close($con); ?> anyone know why the name variable info isn't sticking in the database? Quote Link to comment Share on other sites More sharing options...
Michael_ Posted February 7, 2010 Report Share Posted February 7, 2010 my guess is hat name is a reserved word. you can either rename it to something like $student_name or try changing your sql statement to enclose field names in accents $sql="INSERT INTO Responses (`name`,`Answer1`,`Answer2`,`Answer3` ... Quote Link to comment Share on other sites More sharing options...
falkencreative Posted February 7, 2010 Report Share Posted February 7, 2010 One other thing to test is if you are setting $name correctly. If you aren't, and $name is simply blank, then perhaps the insert is actually working but you don't realize it. session_start(); $_SESSION['name'] = $row->name; $name = $_SESSION['name']; echo $name; ?> Quote Link to comment Share on other sites More sharing options...
webguync Posted February 7, 2010 Author Report Share Posted February 7, 2010 thanks, I will give those ideas a try this week. Quote Link to comment Share on other sites More sharing options...
webguync Posted February 9, 2010 Author Report Share Posted February 9, 2010 (edited) Hi I given this another try and changed the field from 'name' to 'editor_name'. I can get the info to echo out correctly after the form is submitted, but the info for the field editor_name still doesn't make it into the database. Here is my updated code. <?php session_start(); $_SESSION['editor_name'] = $row->editor_name; $con = mysql_connect("localhost","username","pw") or die('Could not connect: ' . mysql_error()); mysql_select_db("ETSI_Internal") or die(mysql_error()); $editor_name = $_SESSION['editor_name']; $editor_name=mysql_real_escape_string($_POST['editor_name']); //This value has to be the same as in the HTML form file $A1=mysql_real_escape_string($_POST['Answer1']); //This value has to be the same as in the HTML form file $A2=mysql_real_escape_string($_POST['Answer2']); //This value has to be the same as in the HTML form file $A3=mysql_real_escape_string($_POST['Answer3']); //This value has to be the same as in the HTML form file $A4=mysql_real_escape_string($_POST['Answer4']); //This value has to be the same as in the HTML form file $A5=mysql_real_escape_string($_POST['Answer5']); //This value has to be the same as in the HTML form file $A6=mysql_real_escape_string($_POST['Answer6']); //This value has to be the same as in the HTML form file $A7=mysql_real_escape_string($_POST['Answer7']); //This value has to be the same as in the HTML form file $A8=mysql_real_escape_string($_POST['Answer8']); //This value has to be the same as in the HTML form file $A9=mysql_real_escape_string($_POST['Answer9']); //This value has to be the same as in the HTML form file $sql="INSERT INTO Responses (`editor_name`,`Answer1`,`Answer2`,`Answer3`,`Answer4`,`Answer5`,`Answer6`,`Answer7`,`Answer8`,`Answer9`) VALUES ('$editor_name','$A1','$A2','$A3','$A4','$A5','$A6','$A7','$A8','$A9')"; /*form_data is the name of the MySQL table where the form data will be saved. name and email are the respective table fields*/ if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo "The answer was submitted successfullynbsp;nbsp;" . $_SESSION['editor_name'] . ""; mysql_close($con); ?> any more ideas? Edited February 9, 2010 by webguync Quote Link to comment Share on other sites More sharing options...
Michael_ Posted February 9, 2010 Report Share Posted February 9, 2010 are you getting the "The answer was submitted successfully" message? add echo $sql and post the command here Quote Link to comment Share on other sites More sharing options...
webguync Posted February 9, 2010 Author Report Share Posted February 9, 2010 are you getting the "The answer was submitted successfully" message? add echo $sql and post the command here yes, the success msg is coming through. The SQL echoed out is: INSERT INTO Responses (`editor_name`,`Answer1`,`Answer2`,`Answer3`,`Answer4`,`Answer5`,`Answer6`,`Answer7`,`Answer8`,`Answer9`) VALUES ('','ANSWER 1','ANSWER 2','ANSWER 3','ANSWER 4','ANSWER 5','ANSWER 6','ANSWER 7','ANSWER 8','ANSWER 9') all the answer values come through fine, but not the editor_name. Quote Link to comment Share on other sites More sharing options...
webguync Posted February 9, 2010 Author Report Share Posted February 9, 2010 so the value for editor_name isn't sticking. Quote Link to comment Share on other sites More sharing options...
Michael_ Posted February 10, 2010 Report Share Posted February 10, 2010 Let's see your HTML form source code. I'm guessing you forgot to change the original form to name='editor_name'. ps: and you don't need those session lines about editor_name Quote Link to comment Share on other sites More sharing options...
webguync Posted February 10, 2010 Author Report Share Posted February 10, 2010 Let's see your HTML form source code. I'm guessing you forgot to change the original form to name='editor_name'. ps: and you don't need those session lines about editor_name the editor_name value is never entered in the login form, but is retrived via SQL from the database. $query = "SELECT username,password,editor_name FROM Editor_Candidates WHERE password = '$password' AND username='$username'"; and then stored using the session code, or so I thought. Quote Link to comment Share on other sites More sharing options...
falkencreative Posted February 10, 2010 Report Share Posted February 10, 2010 To repeat my earlier question... have you checked that this line is actually returning the correct information? $_SESSION['editor_name'] = $row->editor_name; If it's returning blank, that's the source of your problem, not the form or the rest of the script. Quote Link to comment Share on other sites More sharing options...
webguync Posted February 10, 2010 Author Report Share Posted February 10, 2010 To repeat my earlier question... have you checked that this line is actually returning the correct information? $_SESSION['editor_name'] = $row->editor_name; If it's returning blank, that's the source of your problem, not the form or the rest of the script. Well, when I added error reporting and echoed out the variable I get this: Notice: Undefined variable: row in path/to/file on line 7 Notice: Undefined index: editor_name in path/to/file on line 10 Success! Your answers were submitted [variable name should have echoed here] not sure what I am doing wrong though with defining the variable Quote Link to comment Share on other sites More sharing options...
falkencreative Posted February 10, 2010 Report Share Posted February 10, 2010 To be honest, I'm a little confused by this line (and apparently the editor is too): $_SESSION['editor_name'] = $row->editor_name; According to the code, you are setting the 'editor_name' variable to the value the "editor name" variable within the $row object. But I'm not seeing the $row object initiated anywhere...? Usually you'd need something like: $row = new Row(); Quote Link to comment Share on other sites More sharing options...
webguync Posted February 10, 2010 Author Report Share Posted February 10, 2010 To be honest, I'm a little confused by this line (and apparently the editor is too): $_SESSION['editor_name'] = $row->editor_name; According to the code, you are setting the 'editor_name' variable to the value the "editor name" variable within the $row object. But I'm not seeing the $row object initiated anywhere...? Usually you'd need something like: $row = new Row(); so, would I need to add $row = new row(); before $_SESSION['editor_name'] = $row->editor_name; ? Quote Link to comment Share on other sites More sharing options...
falkencreative Posted February 10, 2010 Report Share Posted February 10, 2010 Possibly...? I don't know what code the object contains, and exactly how you initialize it depends on that code. Quote Link to comment Share on other sites More sharing options...
webguync Posted February 10, 2010 Author Report Share Posted February 10, 2010 Possibly...? I don't know what code the object contains, and exactly how you initialize it depends on that code. guess not, as that produces this error. Fatal error: Cannot instantiate non-existent class: row in path/to/file on line 7 the session variable is working on the previous page to the submit page, as it is echoing out correctly. It's only wen the info is submitted is when it is not coming though. I can post all the code I have again if need be. Quote Link to comment Share on other sites More sharing options...
falkencreative Posted February 10, 2010 Report Share Posted February 10, 2010 I looked at the code you posted in the first post, and it appears like you are simply copying/pasting this line from your login form: $_SESSION['editor_name'] = $row->editor_name; Assuming that you sent the $_SESSION['editor_name'] variable within the login page, you shouldn't need to re-set that information -- it should already exist. Try this: Assuming this is your existing file: ?php session_start(); $_SESSION['editor_name'] = $row->editor_name; $con = mysql_connect("localhost","username","pw") or die('Could not connect: ' . mysql_error()); mysql_select_db("ETSI_Internal") or die(mysql_error()); $editor_name = $_SESSION['editor_name']; $editor_name=mysql_real_escape_string($_POST['editor_name']); //This value has to be the same as in the HTML form file $A1=mysql_real_escape_string($_POST['Answer1']); //This value has to be the same as in the HTML form file $A2=mysql_real_escape_string($_POST['Answer2']); //This value has to be the same as in the HTML form file $A3=mysql_real_escape_string($_POST['Answer3']); //This value has to be the same as in the HTML form file $A4=mysql_real_escape_string($_POST['Answer4']); //This value has to be the same as in the HTML form file $A5=mysql_real_escape_string($_POST['Answer5']); //This value has to be the same as in the HTML form file $A6=mysql_real_escape_string($_POST['Answer6']); //This value has to be the same as in the HTML form file $A7=mysql_real_escape_string($_POST['Answer7']); //This value has to be the same as in the HTML form file $A8=mysql_real_escape_string($_POST['Answer8']); //This value has to be the same as in the HTML form file $A9=mysql_real_escape_string($_POST['Answer9']); //This value has to be the same as in the HTML form file $sql="INSERT INTO Responses (`editor_name`,`Answer1`,`Answer2`,`Answer3`,`Answer4`,`Answer5`,`Answer6`,`Answer7`,`Answer8`,`Answer9`) VALUES ('$editor_name','$A1','$A2','$A3','$A4','$A5','$A6','$A7','$A8','$A9')"; /*form_data is the name of the MySQL table where the form data will be saved. name and email are the respective table fields*/ if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo "The answer was submitted successfullynbsp;nbsp;" . $_SESSION['editor_name'] . ""; mysql_close($con); ?> change it to: ?php session_start(); echo $_SESSION['name']; ?> Log in to your web application (this should set the SESSION variables) and then access that page. The page should have the SESSION variable printed on it. If it does, then change your code to: ?php session_start(); $con = mysql_connect("localhost","username","pw") or die('Could not connect: ' . mysql_error()); mysql_select_db("ETSI_Internal") or die(mysql_error()); $editor_name = $_SESSION['name']; $A1=mysql_real_escape_string($_POST['Answer1']); //This value has to be the same as in the HTML form file $A2=mysql_real_escape_string($_POST['Answer2']); //This value has to be the same as in the HTML form file $A3=mysql_real_escape_string($_POST['Answer3']); //This value has to be the same as in the HTML form file $A4=mysql_real_escape_string($_POST['Answer4']); //This value has to be the same as in the HTML form file $A5=mysql_real_escape_string($_POST['Answer5']); //This value has to be the same as in the HTML form file $A6=mysql_real_escape_string($_POST['Answer6']); //This value has to be the same as in the HTML form file $A7=mysql_real_escape_string($_POST['Answer7']); //This value has to be the same as in the HTML form file $A8=mysql_real_escape_string($_POST['Answer8']); //This value has to be the same as in the HTML form file $A9=mysql_real_escape_string($_POST['Answer9']); //This value has to be the same as in the HTML form file $sql="INSERT INTO Responses (`editor_name`,`Answer1`,`Answer2`,`Answer3`,`Answer4`,`Answer5`,`Answer6`,`Answer7`,`Answer8`,`Answer9`) VALUES ('$editor_name','$A1','$A2','$A3','$A4','$A5','$A6','$A7','$A8','$A9')"; /*form_data is the name of the MySQL table where the form data will be saved. name and email are the respective table fields*/ if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo "The answer was submitted successfullynbsp;nbsp;" . $_SESSION['editor_name'] . ""; mysql_close($con); ?> Try that and get back to me. Quote Link to comment Share on other sites More sharing options...
webguync Posted February 10, 2010 Author Report Share Posted February 10, 2010 $editor_name = $_SESSION['name']; ok, thanks. I did the echo $editor_name; and it works as expected. When I add $editor_name = $_SESSION['editor_name']; I get this error: Notice: Undefined index: editor_name in path/to/file on line 8 Is adding a hidden input field to my form the answer? I tried this and don't get the error, but it doesn't insert the variable into MySQL just the name 'editor_name'. Quote Link to comment Share on other sites More sharing options...
falkencreative Posted February 10, 2010 Report Share Posted February 10, 2010 When I add $editor_name = $_SESSION['editor_name']; I get this error: Notice: Undefined index: editor_name in path/to/file on line 8 Are the $_SESSION['editor_name']; and $_SESSION['name']; supposed to hold different values? My impression was that you changed the name of the variable to "editor_name" trying to get it to work -- not because there was any real reason to change it. Assuming you don't set $_SESSION['editor_name']; on the login page (within this snippet of code:) $_SESSION['name'] = $row->name; $_SESSION['username'] = $username; $_SESSION['sid'] = session_id(); // Make it more secure by storing the user's IP address. $_SESSION['ip'] = $_SERVER['REMOTE_ADDR']; // Now give the success message. // $_SESSION['username'] should print out your username. Yes, it will generate an error. You just need to use $_SESSION['name']; rather than $_SESSION['editor_name']; I'd avoid using a hidden field if you don't have to. You should be able to get this to work with a session variable. Quote Link to comment Share on other sites More sharing options...
webguync Posted February 10, 2010 Author Report Share Posted February 10, 2010 When I add $editor_name = $_SESSION['editor_name']; I get this error: Notice: Undefined index: editor_name in path/to/file on line 8 Are the $_SESSION['editor_name']; and $_SESSION['name']; supposed to hold different values? My impression was that you changed the name of the variable to "editor_name" trying to get it to work -- not because there was any real reason to change it. Assuming you don't set $_SESSION['editor_name']; on the login page (within this snippet of code:) $_SESSION['name'] = $row->name; $_SESSION['username'] = $username; $_SESSION['sid'] = session_id(); // Make it more secure by storing the user's IP address. $_SESSION['ip'] = $_SERVER['REMOTE_ADDR']; // Now give the success message. // $_SESSION['username'] should print out your username. Yes' date=' it will generate an error. You just need to use $_SESSION['name'']; rather than $_SESSION['editor_name']; I'd avoid using a hidden field if you don't have to. You should be able to get this to work with a session variable. oh yea, I did change everything to editor_name trying to get it to work, and that includes on the login page where I now have: $_SESSION['editor_name'] = $row->editor_name; $_SESSION['sid'] = session_id(); so since I changed everything to $editor_name, what I posted should work, no? Quote Link to comment Share on other sites More sharing options...
falkencreative Posted February 10, 2010 Report Share Posted February 10, 2010 so since I changed everything to $editor_name, what I posted should work, no? I believe so...? To recap, this works for you (the editor name gets printed to the page): ?php session_start(); echo $_SESSION['editor_name']; ?> But this will generate an error? ?php session_start(); $editor_name = $_SESSION['editor_name']; ?> If so, that doesn't really make sense to me... Quote Link to comment Share on other sites More sharing options...
webguync Posted February 10, 2010 Author Report Share Posted February 10, 2010 it seems that both are producing errors now. I am pretty sure the echo worked before, but not sure what I changed. The error is Notice: Undefined index: editor_name in /path/to/file on line 8 Quote Link to comment Share on other sites More sharing options...
falkencreative Posted February 10, 2010 Report Share Posted February 10, 2010 Well, if this isn't working: ?php session_start(); echo $_SESSION['editor_name']; ?> The error indicates that the $_SESSION['editor_name'] variable doesn't exist. You are logging in to your web application before you test this page, correct? You have to access the login page and set the session variable before you can use it. Quote Link to comment Share on other sites More sharing options...
webguync Posted February 10, 2010 Author Report Share Posted February 10, 2010 Well, if this isn't working: ?php session_start(); echo $_SESSION['editor_name']; ?> The error indicates that the $_SESSION['editor_name'] variable doesn't exist. You are logging in to your web application before you test this page, correct? You have to access the login page and set the session variable before you can use it. yes and it does work on the previous page as I have this code which correctly echoes out the login info. <?php echo "Welcome! You are now logged in " . $_SESSION['editor_name'] . ""; ?> Quote Link to comment Share on other sites More sharing options...
falkencreative Posted February 10, 2010 Report Share Posted February 10, 2010 I'm not sure why that isn't working for you... As far as I know, if you have it working on the previous page, the $_SESSION['editor_name'] should be available for use. Probably the only way I can help you more on this is if you send me the code and a dump of the database to my email. (I can PM you my email if you are interested). Otherwise... you may be able to use s hidden field instead. Rather than try this: This of course assumes that the $_SESSION['editor_name'] variable is set. Quote Link to comment Share on other sites More sharing options...
webguync Posted February 11, 2010 Author Report Share Posted February 11, 2010 thanks, the hidden field seems to do the trick, so unless there is any reason why I shouldn't use that method, I think I will go with it. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.