Click here to Skip to main content
14,425,416 members
Rate this:
Please Sign up or sign in to vote.
See more:
From a user signup database I want to show some specific tables from database according to user. Like in your social media profile you have only your informration. But my code showing id(auto incremented) is undefined.


What I have tried:

$db = mysqli_connect('localhost', 'root', '', 'regi');
$sql = "SELECT * FROM user where id='$id'";
$records= mysqli_query($db, $sql);
while($row=mysqli_fetch_assoc($records)){
	 $_SESSION["username"][]= $row["username"];
}
Posted
Updated 19-Aug-19 1:39am
Comments
Richard MacCutchan 19-Aug-19 6:33am
   
Where is id defined, and where is $id defined?
mehdiazizrafi 19-Aug-19 10:05am
   
*id* is from table user of database *regi*. How can I define $id?
Richard MacCutchan 19-Aug-19 10:24am
   
But the error message says it is undefined, so something is not correct here.
mehdiazizrafi 19-Aug-19 11:22am
   
yes i know its undefined. I asked here just to find out how can I define it.
Rate this:
Please Sign up or sign in to vote.

Solution 1

Quote:
But my code showing id(auto incremented) is undefined.

We need to know the structure of database.
$id is a php variable injected in the sql query, but it is not defined in the code snipset.
$sql = "SELECT * FROM user where id='$id'";

Not necessary a solution to your question, but another problem you have.
Never build an SQL query by concatenating strings. Sooner or later, you will do it with user inputs, and this opens door to a vulnerability named "SQL injection", it is dangerous for your database and error prone.
A single quote in a name and your program crash. If a user input a name like "Brian O'Conner" can crash your app, it is an SQL injection vulnerability, and the crash is the least of the problems, a malicious user input and it is promoted to SQL commands with all credentials.
SQL injection - Wikipedia[^]
SQL Injection[^]
SQL Injection Attacks by Example[^]
PHP: SQL Injection - Manual[^]
SQL Injection Prevention Cheat Sheet - OWASP[^]
How can I explain SQL injection without technical jargon? - Information Security Stack Exchange[^]
   
Comments
mehdiazizrafi 19-Aug-19 10:07am
   
so, how can i solve this "SQL injection"?
Patrice T 19-Aug-19 10:10am
   
see links in solution to learn about sql injection
mehdiazizrafi 19-Aug-19 11:22am
   
yeah. going through. Thanks mann
Rate this:
Please Sign up or sign in to vote.

Solution 2

You need to look at this in the context of the whole system: most likely you need to look at the definition of your user table in your DB and check if it includes a column called "id". If it doesn't, then you will get an SQL error when you try to select it.
   
Comments
mehdiazizrafi 19-Aug-19 10:09am
   
yes. it has four column: id(ai), username, email, password
OriginalGriff 19-Aug-19 10:32am
   
Then use the debugger to find out exactly where the error message is, and check you are connected to the right DB.
mehdiazizrafi 19-Aug-19 11:23am
   
debugger!?
OriginalGriff 19-Aug-19 11:37am
   
How have you got to the point of writing code without knowing what a debugger is, and how to use it?

Off to Google with you! :laugh:

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100