Click here to Skip to main content
15,917,709 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more: , +
i have my webpage so i can login an account.
i am now sure what i do with the login
i believe make something into a $_SESSION[username] after the correct username and password is entered.
Once you login i would like to go to a page that can pull out that specifics users information from my phpmyadmin database then i wanna have there info in a text box.

Here is what i have can you please help me get futher and show me some next steps.
What do people typically do when you enter the right info for a login.
My tables all have a userid which is primary key for the table so maybe if there is a way to pull that from the db and store it in a session,
I want to be able to retrieve the rest of my information

					<form method="post" action="index.php">
						<label for="username">Username:</label>
						<input type="text" name="username" />
						<label for="password">Password:</label>
						<input type="text" name="password" />
						<input type="submit" name="btnSubmit" value="Log In!" />

$username = $mysqli->escape_string($username);
					 $sql = "SELECT COUNT(*) FROM users WHERE email = '$username'";//username
				      if ($result = $mysqli->query($sql)) 
				        $row = $result->fetch_array();
				        // if yes, fetch the encrypted password
				        if ($row[0] == 1) 
				          $sql = "SELECT password FROM users WHERE email = '$username'"; //username
				          if ($result = $mysqli->query($sql)) 
				            $row = $result->fetch_object();    
				            $hash = $row->password;
							if (crypt($password, $hash) == $hash) 
				              echo 'Your login credentials were successfully verified.'; 
							  $_SESSION['username'] = $username;
							  $queryLogin = "SELECT * FROM users WHERE email = '{$_SESSION["username"]}' ";
							  $myResult = $mysqli->query($queryLogin);
							  $myRow = $myResult->fetch_array();
							  $fname = $row["firstName"];
							  echo "<input type=\"text\" name=\"xyz\" value='<?php echo $fname; ?>' >";
							//<input type="text" name="xyz" value=<?php echo $val; 
							//echo "<input type=\"text\" name=\"xyz\" value='$val'>";
							 *<input type="text" name="text1" value="<?php echo $row["usr_password"]; ?>">
							 * 		$id = $_GET['id'];
 								 	$sql="select * from Doctor where DocID='$id'";
							 *   <input type = "text" name = "DocName" value = "<? echo $row['DocName']; ?>" >
							 * */
							 // UPDATE tablename SET columnName $variable etc... WHERE id = $id;
							 * $Name=$_POST['unames'];
								$data=mysql_query("SELECT * FROM tbl_sample where Name='$Name'");

				              echo 'You entered an incorrect password.';            
				            echo "ERROR: Could not execute $sql. " . $mysqli->error;

1 solution


You have code very nice but as per my opinion there are some points which you can write in better way like you have write retrieve user data query multiple times which is not necessary.

Note: I used mysql_query instead of mysqli_query.. vice versa..

1.  $sql = "SELECT COUNT(*) FROM users WHERE email = '$username'"; This query is ok because you want to verify whether the email is exist or not. But instead of getting count just run the query with LIMIT 1 as I belive the email should be unique.
$sql = "SELECT * FROM users WHERE email = '$username' LIMIT 1";
$result = mysql_query($sql) or die(mysql_error());
//now you can simply check the count
if(mysql_num_rows($result)==1) {
// continue next loop

Now instead of writing to get the password write to pull all the details with combination of email and password. But, before you make sure you convert the password in the format which you store in the database.

$password = md5($password); //assuing in md5 format which you can change as per database format
$sql = "SELECT * FROM users WHERE email = '$username' AND password = '$password'";
//the above query must return one row only as we have a sinble row with this combination

$result = mysql_query($sql);
//before echoing anything first start a session which you did
//once you start session you can create session variable and store any details here and so that you can use in other page ..
$row = mysql_fetch_array($result); //or die(mysql_error());
$_SESSION['email'] = $row['email'];
$_SESSSION['uID'] = $row['id']; // this id can be use to fetch any data from the datbaase for the specific user

//now if you want to redirect in other page just include header function
//make sure you don't echo anything before header() function otherwise it will show error
header("location:main.php");//once the login credential verify it will redirect to main.php or any other page...

Now, in the other page, at the beginning of the page just include session_start() at the top.

//now you can use the user id value stored in the session to fetch the data from the database like below 
$uID = $_SESSION['uID']; //just storing the session uid in variable
$getUserData = "SELECT * FROM users WHERE id = '$uID' LIMIT 1";
$result = mysql_query($sql) or die(mysql_error());
$row = mysql_fetch_array($result);

// now the above query fetch data n store in $row, so we can display the user details in form any where you want.

Note: there will more code to check session exist, destroy session .. which you have to check.. ok

I hope this make you a little idea. There are many other clean way like using function or oops so that you can write the code separately but I suggest the code as per your flow.

Share this answer
TheBigBearNow 22-Oct-14 10:35am    
Thank you very much Robin for your time!!
i will be looking at this and working on it after my XML exam today.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900