i need this so that a logged in user id is used and only that user can view his/her own data from a SQL query using PHP and not all data I can provide more info on request
(look for <<< )
<center>
<title>J~Net Balance Accounts</title>
<?php
// Connects to your Database
mysql_connect("localhost", "root", "password") or die(mysql_error());
mysql_select_db("messages") or die(mysql_error());
$data = mysql_query("SELECT * FROM users WHERE id=$id") <<<<
or die(mysql_error());
Print "<table border cellpadding=3>";
while($info = mysql_fetch_array( $data ))
{
Print "<tr>";
Print "<th>User:</th> <td>".$info['user_name'] . "</td> ";
Print "<th>Balance:</th> <td>".$info['balance'] . " </td></tr>";
}
Print "</table>";
?>
<?php //
echo "<h3>Member Log in</h3>";
$error = $user = $pass = "";
if (isset($_POST['user'])){
$user = sanitizeString($_POST['user']);
$pass = sanitizeString($_POST['pass']);
if ($user == "" || $pass == ""){
$error = "Not all fields were entered<br />";
}else{
$token = md5("$pass");
$query = "SELECT name,pass FROM users WHERE name='$user' AND pass='$token'";
if (mysql_num_rows(queryMysql($query)) == 0){
$error = "Username/Password invalid<br />";
}else{
$_SESSION['user'] = $user;
$_SESSION['pass'] = $token;
header("Location: index.php");
}
}
}
echo <<<_END
<form method='post' action='login.php'>$error
Username <input type='text' maxlength='16' name='user' value='$user' /><br />
Password <input type='password' maxlength='16' name='pass'value='$pass' /><br />
<input type='submit' value='Login' />
</form>
_END;
This is a form that asks for userid and password. After login, it will store the user id in $_SESSION['user']. Now you can refer to this variable in other pages when needed.