PHP - getting data from sql database

Question

I am having a problem getting the data from my sql database using session's. I am trying to make a log-in system. I already have this working but every use gets directed to the same page - I want private profiles on it that can only be viewed by the person logging in with the correct email address and password.

I am using the following code - I am getting an error on line 19! If I'm honest I dont 100% understand this line - I am new to PHP and SQL and have been reading up about all of this but not getting an answer that fully explains it to me.

Any help would be appreciated - referring me to a tutorial any thing...

<?php # DISPLAY COMPLETE FORUM PAGE.

# Access session.
session_start() ;

# Redirect if not logged in.
if ( !isset( $_SESSION[ 'user_id' ] ) ) { require ( 'login_tools.php' ) ; load() ; }

# Set page title and display header section.
$page_title = 'Forum' ;


# Open database connection.
require ( 'connect_db.php' ) ;

# Display body section, retrieving from 'forum' database table.
$q = "SELECT * FROM users WHERE user_id = $_SESSION[email]" ;
$r = mysqli_query( $dbc, $q ) ;
if ($result = $mysqli->query("SELECT * FROM users"))
{
  echo '<table><tr><th></th><th></th><th id="msg"></th></tr>';
  while ( $row = mysqli_fetch_array( $r, MYSQLI_ASSOC ))
  {
    echo '<tr><td>' . $row['first_name'] .' '. $row['last_name'] . '<br>'.        $row['email'].'</td>
    <td>','</td><td>','</td> </tr>';
  }
  echo '</table>' ;
}
else { echo '<p>There are currently no messages.</p>' ; }

# Create navigation links.
#echo '<p><a href="post.php">Post Message</a> | <a href="shop.php">Shop</a> | <a     href="home.php">Home</a> | <a href="goodbye.php">Logout</a></p>' ;

# Close database connection.
mysqli_close( $dbc ) ;



?>

Answer 1

Try to write like this

$q = "SELECT * FROM users WHERE user_id = '". $_SESSION['email']. "'";

Edit:

As you're comparing email it means it should be string so you need to wrap it in quotes like above.

Try also with

if ($result = mysqli_query($dbc, "SELECT * FROM users"))

See that either user Procedure way or OOPs way. Try with above by adding $dbc to mysqli_query()

Answer 2

you have a syntax error in your session:

$q = "SELECT * FROM users WHERE user_id = $_SESSION[email]" ;

Change it to:

$q = "SELECT * FROM users WHERE user_id = {$_SESSION['email']}" ;

But you should also escape your session data prior to inserting it into the database.

In addition, the text in your while() loop has another syntax error:

echo '<tr><td>' . $row['first_name'] .' '. $row['last_name'] . '<br>'.        $row['email'].'</td>
<td>','</td><td>','</td> </tr>';

Remove the commas, replace them with periods:

echo '<tr><td>' . $row['first_name'] .' '. $row['last_name'] . '<br>'. $row['email'].'</td> <td>' . '</td><td>' . '</td> </tr>';

By like @gareth said, you should probably choose either prodedural or object-oriented style of coding and stick with it, IE, either use mysqli_query() or $mysql->query() :)

Answer 3

You need to decide if you're using mysqli in procedural style (like in the first line of this extract) or in object oriented style (like in the second line).

$r = mysqli_query( $dbc, $q ) ;
if ($result = $mysqli->query("SELECT * FROM users"))
{

Looking at the rest of your posted code, I'd imagine that changing the second line (your line 19) to if ($result = mysqli_query("SELECT * FROM users")) will get rid of that error (though not necessarily any other errors).

Answer 4

You say "I am getting an error on line 19! " - Is the line wrap that you have above which shows line 20 starting with no quote mark and a td actually in your code? If so remove the line break and ensure that line 19 continues right through the rest of the table row to the ";"