I am working on an android app on which I take Application ID and Applicant Name from the user as an input value for authentication which is matched from an MYSQL database using PHP to get to the next screen on connection success
login.php
<?php
session_start();
require "conn.php";
$user_name = $_POST["user_name"];
$user_id = $_POST["id"];
$mysql_qry = "select * from complaints where Applicant_Name = '".$user_name."' and Complaint_ID like '".$user_id."';";
$result = mysqli_query($conn, $mysql_qry);
if (mysqli_num_rows($result) > 0){
$_SESSION["username"] = "$user_name";
$_SESSION["userid"] = "$user_id";
echo "Login Success";
}
else {
echo "Login Not Success";
}
?>
Now on next screen, I want to show the content related to that particular Application ID and Applicant Name for which I want to use the value of variable $user_name and $user_id from login.php in WHERE part of query of content.php to fetch the particular data I require.
Right now I am using the code below which is working fine right now but I want to use the value of $user_name and $user_id to use in WHERE part of content.php query
content.php
<?php
session_start();
require "conn.php";
$username = $_SESSION["username"];
$userid = $_SESSION["userid"];
//creating a query
$stmt = $conn->prepare("SELECT Complaint_ID, Applicant_Name, Category, Subject, Description FROM complaints WHERE Complaint_ID = '".$userid."' AND Applicant_Name = '".$username."'");
//executing the query
$stmt->execute();
//binding results to the query
$stmt->bind_result($id, $name, $cat, $sub, $desc);
$complaint = array();
//traversing through all the result
while($stmt->fetch()){
$temp = array();
$temp['Complaint_ID'] = $id;
$temp['Applicant_Name'] = $name;
$temp['Category'] = $cat;
$temp['Subject'] = $sub;
$temp['Description'] = $desc;
array_push($complaint, $temp);
}
//displaying the result in json format
echo json_encode($complaint);
?>
On android there is no issue every thing is working fine its the PHP side I need Help.
I think first you need to change your select query in login.php, you should use '=' instead of like
$mysql_qry = "select * from complaints where Applicant_Name like '$user_name' and Complaint_ID like '$user_id';";
to
$mysql_qry = "select * from complaints where Applicant_Name='".$user_name."' and Complaint_ID='".$user_id."' ";
and need to store that $user_name and $user_id in session and use that session values on content.php like below
In login.php set values like below
if (mysqli_num_rows($result) > 0){
$_SESSION['name']=$user_name;
$_SESSION['id']=$user_id;
echo "Login Success";
}
Dont forget to start session at the top of both files
In content.php file use below query
$stmt = $conn->prepare("SELECT Complaint_ID, Applicant_Name, Category, Subject, Description FROM complaints WHERE Complaint_ID = '".$_SESSION['id']."' AND Applicant_Name = '".$_SESSION['name']."'");
you can use PHP $SESSIONS to handle this. For your login.php do as below
<?php
session_start();
require "conn.php";
$user_name = $_POST["user_name"];
$user_id = $_POST["id"];
//your codes
if (mysqli_num_rows($result) > 0){
echo "Login Success";
//just add this two sessions
$_SESSION["username"] = "$user_name";
$_SESSION["userid"] = "$user_id";
} else {
echo "Login Not Success";
}
?>
Then at content.php perform a check on the sessions, if successful? get the values stored in the $SESSIONS[] when the login was successful.
<?php
session_start();
if (isset($_SESSION['userid'])) {
//if succesfully set, get the values stored sessions.
$username = $_SESSION['username'];
$userid = $_SESSION['userid'];
//just echo to check if set output results are correct
echo "sessions were set successfully username is $username and userid is $userid";
}else{
echo "was unable to set sessions";
}
require "conn.php"
//creating a query
$stmt = $conn->prepare("SELECT Complaint_ID, Applicant_Name, Category, Subject, Description FROM complaints WHERE Complaint_ID = '$userid' AND Applicant_Name = '$username'");
//Rest of your codes
?>
For more information you can visit https://www.w3schools.com/php/php_sessions.asp. Sessions are available across all php pages so you can pick them from any where you want and information stored is not saved in the users computer.