5 Replies - 1683 Views - Last Post: 25 August 2013 - 03:00 AM Rate Topic: -----

#1 brerallia   User is offline

  • D.I.C Head

Reputation: 0
  • View blog
  • Posts: 164
  • Joined: 21-January 13

Display the full name of the current user

Posted 24 August 2013 - 04:15 AM

I have successfully connected to database using postgre...and displaying the error and login if the user has the right username and password...

the login or index of my webpage is different from the page where if the user logs in successfully...
i already put up a session in each page and all i need to do is after the user logs in successfully then he or she can proceed to the next page and it will welcome the him or her...
so if i log in and has been successfully it will display the FULL NAME OF THE USER... this data is from the database...i dont want to use the username to welcome the user.. i want the full name of the user...

i tried to construct some code to display the fullname but it will only display when the user is me... but when the other users it doesnt display the full name..

here is my code in every different page:

THIS IS MY DATABASE CODE CONNECTION
<?php

	function db()
	{
		
		$pg = 	pg_connect("host=localhost user=postgres password=postgres dbname=postgres ");
		
		if (!$pg)
			die("Cannot connect to the database...");
	}

?>


THIS IS MY LOGIN PAGE OR THE HOMEPAGE
<?php

	session_start();
	include 'DB_Connect.inc.php';
	echo db();
 
	$query1 = pg_query("SELECT * FROM tbl_user_account WHERE username = '".$_POST['username']."' and password = '".$_POST['password']."'");
	
	if (isset($_POST['login']))
	{
		if(pg_num_rows($query1) == 0)
			$e_msg = "Invalid username or password.";
		else
		{
			$_SESSION['username'] = $_POST['username'];
			
			$user = pg_fetch_array($query1,NULL, PGSQL_ASSOC);
			
			if ($user['user_level'] == 'Admin')
				header('location: For_Admin.php');
			else
				header('location: For_Users.php'); 
		}
	}
 ?>


THIS IS THE PAGE IF THE USER SUCCESSFULLY LOGS INTO THE SYSTEM
<?php

	session_start();
	include 'DB_Connect.inc.php';
	echo db();
	
	
	$query2 = pg_query("SELECT e.*, a.* FROM tbl_employee as e INNER JOIN tbl_user_account as a ON e.employee_id = a.employee;");
	
	$name = pg_fetch_array($query2,NULL,PGSQL_ASSOC);
	
	if ($_SESSION['username'] == $name['username'])
		$f = "Welcome to ICI - Leave of Absence " . $name['last_name'] . ", " . $name['first_name'];
		echo $f;
?>


ANY HELP WILL BE APPRECIATED

Is This A Good Question/Topic? 0
  • +

Replies To: Display the full name of the current user

#2 andrewsw   User is offline

  • palpable absurdity
  • member icon

Reputation: 6905
  • View blog
  • Posts: 28,566
  • Joined: 12-December 12

Re: Display the full name of the current user

Posted 24 August 2013 - 05:24 AM

When you compare For_Users.php (which doesn't work) to For_Admin.php (which I assume does, from your description) what are the differences?

What is the difference between your information and another users in the database?

This post has been edited by andrewsw: 24 August 2013 - 05:25 AM

Was This Post Helpful? 0
  • +
  • -

#3 Atli   User is offline

  • Enhance Your Calm
  • member icon

Reputation: 4241
  • View blog
  • Posts: 7,216
  • Joined: 08-June 10

Re: Display the full name of the current user

Posted 24 August 2013 - 10:28 AM

A few things worth pointing out:

  • Your code is wide open to SQL Injection. Use prepared statements when dealing with user input in SQL queries. Much safer. (See the pg_prepare)

  • In the login page, why are you executing the query before the IF statement that determines whether it should be executed?

  • Why do you SELECT e.*, a.* when all you use in your code is the first and last name fields? Is a bit wasteful to be retuning all this data and then not using it. You should always try to be specific about what you want out of a SQL query.

  • Why do you echo db(); That function has no return value, nor would I imagine you would want to echo it's result even if it did have one. The db(); call would make more sense without the echo.

Was This Post Helpful? 3
  • +
  • -

#4 brerallia   User is offline

  • D.I.C Head

Reputation: 0
  • View blog
  • Posts: 164
  • Joined: 21-January 13

Re: Display the full name of the current user

Posted 24 August 2013 - 06:52 PM

View Postandrewsw, on 24 August 2013 - 05:24 AM, said:

What is the difference between your information and another users in the database?



ohh that... im sorry i edited it... that is supposed to be FOR ADMIN and FOR EMPLOYEES...
Was This Post Helpful? 0
  • +
  • -

#5 brerallia   User is offline

  • D.I.C Head

Reputation: 0
  • View blog
  • Posts: 164
  • Joined: 21-January 13

Re: Display the full name of the current user

Posted 24 August 2013 - 07:14 PM

View PostAtli, on 24 August 2013 - 10:28 AM, said:

[*] Your code is wide open to SQL Injection. Use prepared statements when dealing with user input in SQL queries. Much safer. (See the pg_prepare)


im sorry, i dont know how to use the pg_prepare since we havent discuss in it yet... so far, i just have to read it and learn how to use..

Quote

In the login page, why are you executing the query before the IF statement that determines whether it should be executed?


why? does it conflict something?? better, i will also try it to put in inside the if statement..

Quote

Why do you SELECT e.*, a.* when all you use in your code is the first and last name fields? Is a bit wasteful to be retuning all this data and then not using it. You should always try to be specific about what you want out of a SQL query.


because the employees table and the user account table is connected to each other via the employee id.. check the username and the password i have to connect the name if he/she is the correct user...

Quote

Why do you echo db(); That function has no return value, nor would I imagine you would want to echo it's result even if it did have one. The db(); call would make more sense without the echo.


i cant call the function in the DB_Connect.inc.php if i didnt echo it... include(); is not enough..
Was This Post Helpful? 0
  • +
  • -

#6 Atli   User is offline

  • Enhance Your Calm
  • member icon

Reputation: 4241
  • View blog
  • Posts: 7,216
  • Joined: 08-June 10

Re: Display the full name of the current user

Posted 25 August 2013 - 03:00 AM

View Postbrerallia, on 25 August 2013 - 02:14 AM, said:

Quote

In the login page, why are you executing the query before the IF statement that determines whether it should be executed?


why? does it conflict something?? better, i will also try it to put in inside the if statement..

Doesn't "conflict" with anything, no. It just makes no sense to be executing the query at a point where you don't even know if the query will be needed. The query result will only be needed inside the IF block, so it should be executed inside that IF block, not before it.

View Postbrerallia, on 25 August 2013 - 02:14 AM, said:

Quote

Why do you SELECT e.*, a.* when all you use in your code is the first and last name fields? Is a bit wasteful to be retuning all this data and then not using it. You should always try to be specific about what you want out of a SQL query.


because the employees table and the user account table is connected to each other via the employee id.. check the username and the password i have to connect the name if he/she is the correct user...

You're misunderstanding what I'm trying to say there. - Just because you join two tables does not mean you have to select ALL the fields in both tables. The SELECT clause should be followed by the fields from the result set you want returned. What you did is far to wide a selection for your needs.
/* Generally bad! Returns all fields in both tables. */
SELECT a.*, b.* 
FROM tbla a 
JOIN tblb b ON a.b_id = b.id;

/* Better. Returns ONLY the two fields specified. */
SELECT a.id, b.name
FROM tbla a 
JOIN tblb b ON a.b_id = b.id;


In the second query I'm telling it to return only specific fields that I will be needing in the code, rather than just returning everything and then ignoring most of it in the code.

View Postbrerallia, on 25 August 2013 - 02:14 AM, said:

Quote

Why do you echo db(); That function has no return value, nor would I imagine you would want to echo it's result even if it did have one. The db(); call would make more sense without the echo.


i cant call the function in the DB_Connect.inc.php if i didnt echo it... include(); is not enough..

Yes, you can. There is nothing that says you have to echo a function call. Function calls can exist all on their own without an echo.
<?php
// File: foo.php
function foo() {
    // Do some stuff here. Like connect to a database
    // or something.
}


<?php
// File: index.php
require_once "foo.php";

foo(); // Calls the function. Notice the lack of an echo.


Was This Post Helpful? 3
  • +
  • -

Page 1 of 1