1

I am having a problem getting the data from my sql database using session's. I am trying to make a log-in system. I already have this working but every use gets directed to the same page - I want private profiles on it that can only be viewed by the person logging in with the correct email address and password.

I am using the following code - I am getting an error on line 19! If I'm honest I dont 100% understand this line - I am new to PHP and SQL and have been reading up about all of this but not getting an answer that fully explains it to me.

Any help would be appreciated - referring me to a tutorial any thing...

<?php # DISPLAY COMPLETE FORUM PAGE.

# Access session.
session_start() ;

# Redirect if not logged in.
if ( !isset( $_SESSION[ 'user_id' ] ) ) { require ( 'login_tools.php' ) ; load() ; }

# Set page title and display header section.
$page_title = 'Forum' ;


# Open database connection.
require ( 'connect_db.php' ) ;

# Display body section, retrieving from 'forum' database table.
$q = "SELECT * FROM users WHERE user_id = $_SESSION[email]" ;
$r = mysqli_query( $dbc, $q ) ;
if ($result = $mysqli->query("SELECT * FROM users"))
{
  echo '<table><tr><th></th><th></th><th id="msg"></th></tr>';
  while ( $row = mysqli_fetch_array( $r, MYSQLI_ASSOC ))
  {
    echo '<tr><td>' . $row['first_name'] .' '. $row['last_name'] . '<br>'.        $row['email'].'</td>
    <td>','</td><td>','</td> </tr>';
  }
  echo '</table>' ;
}
else { echo '<p>There are currently no messages.</p>' ; }

# Create navigation links.
#echo '<p><a href="post.php">Post Message</a> | <a href="shop.php">Shop</a> | <a     href="home.php">Home</a> | <a href="goodbye.php">Logout</a></p>' ;

# Close database connection.
mysqli_close( $dbc ) ;



?>
Improve this question
8
  • Whats the error you're getting say? Commented May 29, 2013 at 11:09
  • Did you connect to the database properly? Note: It was not necessary to provide all this code. Commented May 29, 2013 at 11:09
  • @Tom11 It was necessary, so we can see it in its entirety to debug. If he didn't, we'd just be asking to see it anyway. Commented May 29, 2013 at 11:11
  • 1
    "I am getting an error on line 19!". What is on line 19 in above code? Commented May 29, 2013 at 11:13
  • THank all - line 19 is:if ($result = $mysqli->query("SELECT * FROM users")) Commented May 29, 2013 at 11:15

4 Answers 4

Reset to default
2

you have a syntax error in your session:

$q = "SELECT * FROM users WHERE user_id = $_SESSION[email]" ;

Change it to:

$q = "SELECT * FROM users WHERE user_id = {$_SESSION['email']}" ;

But you should also escape your session data prior to inserting it into the database.

In addition, the text in your while() loop has another syntax error:

echo '<tr><td>' . $row['first_name'] .' '. $row['last_name'] . '<br>'.        $row['email'].'</td>
<td>','</td><td>','</td> </tr>';

Remove the commas, replace them with periods:

echo '<tr><td>' . $row['first_name'] .' '. $row['last_name'] . '<br>'. $row['email'].'</td> <td>' . '</td><td>' . '</td> </tr>';

By like @gareth said, you should probably choose either prodedural or object-oriented style of coding and stick with it, IE, either use mysqli_query() or $mysql->query() :)

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Thanks Phil for the quick response - I have made the changes that you suggested but the error then changes to the code: $q = "SELECT * FROM users WHERE user_id = $_SESSION['email']" ;
Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in C:\wamp\www\pic\001\forum.php on line 17
I've updated my answer, and tested it. I got the same error as you, but not in the revised code. You need to add curly braces around $_SESSION['email'], so it should now look like WHERE user_id = {$_SESSION['email']}
Rather than escaping the session data, he should be using parametrized queries. bobby-tables.com/php shows how.
1

You need to decide if you're using mysqli in procedural style (like in the first line of this extract) or in object oriented style (like in the second line).

$r = mysqli_query( $dbc, $q ) ;
if ($result = $mysqli->query("SELECT * FROM users"))
{

Looking at the rest of your posted code, I'd imagine that changing the second line (your line 19) to if ($result = mysqli_query("SELECT * FROM users")) will get rid of that error (though not necessarily any other errors).

Improve this answer

2 Comments

i GET THE FOLLOWING ERROR ON THIS LINE NOW: Warning: mysqli_query() expects at least 2 parameters, 1 given in C:\wamp\www\pic\001\forum.php on line 19
Oh yeah. Sorry, I normally use the OO version. You'll need to add in your $dbc first like this: ($result = mysqli_query($dbc, "SELECT * FROM users"))
0

You say "I am getting an error on line 19! " - Is the line wrap that you have above which shows line 20 starting with no quote mark and a td actually in your code? If so remove the line break and ensure that line 19 continues right through the rest of the table row to the ";"

Improve this answer

3 Comments

Line 19 is - if ($result = $mysqli->query("SELECT * FROM users"))
Oops - You had no line numbers showing and I obviously miscounted when I tried to find your error.
You can actually include newlines in strings.
0

Try to write like this

$q = "SELECT * FROM users WHERE user_id = '". $_SESSION['email']. "'";

Edit:

As you're comparing email it means it should be string so you need to wrap it in quotes like above.

Try also with 

if ($result = mysqli_query($dbc, "SELECT * FROM users"))

See that either user Procedure way or OOPs way. Try with above by adding $dbc to mysqli_query()

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.