Sql SELECT statement inside echo

Question

I want to get the information of the member who do the transaction. In the page, the member information I have only their username with the session such $member_name = $_SESSION['member_name'];

<?php
include_once("config.php");
if(isset($_SESSION["products"])) {
    $member_name = $_SESSION['member_name'];
    $total = 0;
    echo '<form action="cart-post-config.php" enctype="multipart/form-data" method="POST">';
    foreach ($_SESSION["products"] as $cart_itm) {
                    echo '<tr>';
                    echo '<td></td>';

                    <!---- THIS IS WHERE I PUT THE INFO OF USERNAME ---->
                    echo '<input type="hidden" name="member_name" value="'.$member_name.'"/>';

                    echo '<td><input type="text" readonly name="product_name[]" value="'.$cart_itm["name"].'"/></td>';
                    echo '<td><input type="text" readonly name="product_price[]" value="'.$cart_itm["price"].'"/></td>';
                    echo '<td><input type="text" readonly name="product_quantity[]" value="'.$cart_itm["qty"].'"/></td>';                           
                    $totalPerEach = ($cart_itm["price"]*$cart_itm["qty"]);

                    echo '<td><input type="text" readonly name="product_eachTotal[]" value="'.$totalPerEach.'"/></td>';
                    echo '<td>View Save Delete</td>';
                    echo '</tr>';
    }

Inside the echo of SESSION of Products, I want to get the further detail information of the member, such as the address, the password and etc.

    echo ' <!---- THIS IS WHERE I WANT TO WRITE SQL SELECT STATEMENT ---->
           <div id="process-to-detail">
               <div id="user-information">
                    <table>
                        <tr>
                            <td>Your Name is</td>
                            <td>Your Address is</td>
                            <td>Your Phone is</td>
                        </tr>
                    </table>
               </div>
          </div>';

In the comment above inside the echo, I want to write a sql statement to get the further detail of member which the point is select * from member_list where member_name=$_SESSION['member_name'];

Please tell me is it possible to make sql statement inside echo '...'; If it is not, how to get the member detail info.

Many Thanks.

Answer 1

Wrap the functionality you're trying to introduce in a function and then call it.

Example

    function getMyUserData($member_name)  {
        $myUserDataString = false;  // Default value.
        // your database connectivity
        $dbconn = new mysqli('server','user','password','database');
        // Sanitize your input to avoid SQL injection issues.
        $member_name = $dbconn->real_escape_string($member_name);
        // your sql statement
        //It would be better to use a unique id instead of a name.
        $sql = "SELECT `password`, `address` FROM `USERS` WHERE " .
            "`member_name` = '$member_name' LIMIT 1";  
        // execute query
        $result = $dbconn->query($sql);
        // check for query result
        if(is_object($result) && $result->num_rows > 0)  {
            // Get data from result.
            $myUserData = $result->fetch_assoc();
            // Free the result
            $result->free;
            // Access the fields you wanted
            $myUserDataString = "My user address: " . htmlentities($myUserData['address']);
            //You may echo the string here to cause the function to output your text
            // or return the value and echo it.  In this case we will return the value.
        }
        return $myUserDataString;
}
echo getMyUserData($_SESSION['member_name']);

I hope this helps..

PS It's generally not a good idea to return the password to the client. Try using hash or crypt for one way encryption.

See the following links for details:

• http://php.net/manual/en/function.crypt.php
• http://php.net/manual/en/function.hash.php