My table has 2 columns, user_id and username. The user logs in with username like this :
<?php
require('dbConnect.php');
$username = $_POST['username'];
//need to keep this in a session, for other pages later on
session_start();
$_SESSION['username'] = $username;
$sql = "SELECT * FROM user WHERE username = '$username'";
$result = mysqli_query($con,$sql);
$check = mysqli_fetch_array($result);
if(isset($check)) :
//if the username exists in the database, then show a html submit button
$con->close();
?>
<html>
<body>
<form action="UserDetails.php" method="post">
<input type="submit">
</form>
</html>
<?php else :{
//if user is not in db, show this message
echo 'Sorry about that, you can't come in.';
}
$con->close();
?>
<?php endif; ?>
How can I get the user_id that corresponds to username, to be used in pages later on ?
The (isset($check)) seemed to be causing me trouble, sometimes returning user_id, sometimes not.
Thanks in large part to Nabeel's answer, this idea worked for me. And also thanks to Solrac Ragnarockradio for putting me on track to make my code more secure with mysqli_real_escape_string :
<?php
require('dbConnect.php');
$username = mysqli_real_escape_string($con,$_POST['username']);
$sql = "SELECT * FROM user WHERE username = '$username'";
$result = mysqli_query($con,$sql);
$row = mysqli_fetch_assoc($result);
$user_id = $row["user_id"];
//give me the corresponding user_id of the logged in user
echo $user_id;
if (mysqli_num_rows($result)==0) {
echo "Failed, sorry";
}
if (mysqli_num_rows($result) > 0) {
echo "User id exists already.";
}
$con->close();
?>
After these lines:
$sql = "SELECT * FROM user WHERE username = '$username'";
$result = mysqli_query($con,$sql);
Add these lines:
$row = mysqli_fetch_assoc($result);
$user_id = $row["user_id"];
isset($check) isnt save at this point, better check for the value of $check and the {} after else arent needed and it will not work.
A few problems here:
1) If you are using "SELECT * FROM user WHERE username = $1 then username column should be UNIQUE and never forget to escape your input:
<?php
$username = mysqli_real_escape_string($con, $_POST['username']);
$sql_query = mysqli_query($con,"SELECT * FROM user WHERE username = '$username'");
2) You could check if you have any results b4 anything and assign those vars straight from the db...
if (mysqli_num_rows($sql) == 0) {
$error = "This user doesn't exists here...";
}else{
$user_info = mysqli_fetch_assoc($sql_query);
$_SESSION['username'] = $user_info['username'];
$_SESSION['user_id'] = $user_info['user_id'];
}
$con->close();
?>
Then you can output whatever you want for logged in users if $_SESSION['user_id'] is actually there...
<html>
<body>
<form action="UserDetails.php" method="post">
<input type="submit">
</form>
</body>
<?php
echo 'Well, here\'s the output: <b>'. (isset($_SESSION['user_id']) ? $_SESSION['username'] : $error).'</b>';