I have a log-in form where the user input his username and password. Every user has his gradelevel assign and section.
My main concern is my code cannot determine whose user is currently logged in so it cannot get the gradeassign and sectionassign of it so all of data from the tbl_students are displayed.
Hope you can help me with this. Thanks
Here's the table structure
tbl_user
| id | Name | gradeassign | sectionassign | Username | Password
----------------------------------
| 1 | XXXX | 2 | 3 | xxx | xxx
| 2 | YYYY | 1 | 2 | |
| 3 | ZZZZ | 1 | 6 | |
tbl_students
| id | Name | Grade | Section
----------------------------------
| 1 | George| 2 | 3
| 2 | YYYY | 1 | 2
| 3 | ZZZZ | 1 | 1
If the user XXX log-in, the result and date fetched must be:
| id | Name | Grade | Section |
----------------------------------
| 1 | George | 2 | 3 |
Here's my code for the log-in session of the user.
<?php
require_once('connection.php');
session_start();
if(isset($_POST['Login']))
{
if(empty($_POST['Username']) || empty($_POST['Password']))
{
header("location:faculty.php?Empty=All fields are required");
}
else
{
$query="select * from facultyagain where Username='".$_POST['Username']."'
and Pass='".$_POST['Password']."'"; $result=mysqli_query($con,$query);
if(mysqli_fetch_assoc($result))
{
$_SESSION['User']=$_POST['Username'];
header("location:faculty2.php");
}
else
{
header("location:faculty.php?Invalid= Unauthorized Access ");
}
}
}
else
{
echo 'Not Working Now Guys';
}
?>
--------Here's the query I've tried to fetch my desired result.
<?php
$connect = mysqli_connect("localhost", "root", "", "db");
$sql = "SELECT * FROM tbl_students INNER JOIN tbl_user WHERE
tbl_user.gradeassign =
tbl_students.grade AND tbl_user.sectionassign = tbl_students.section";
$result = mysqli_query($connect, $sql);
?>
<?php
if(mysqli_num_rows($result) > 0)
{
while($row = mysqli_fetch_array($result))
{
?>
<tr>
<td><?php echo $row["id"];?></td>
<td><?php echo $row["name"]; ?></td>
<td><?php echo $row["grade"]; ?></td>
<td><?php echo $row["section"]; ?></td>
</tr>
<?php
}
}
?>
You storing username
after login. Please store userId
in session instead of
username. Then try this query to fetch results.
WARNING SQL QUERY IS VULNERABLE FOR SQL-INJECTION
<?php
session_start();
$connect = mysqli_connect("localhost", "root", "", "db");
$current_user_id = $_SESSION['User'];
//I recommend you to validate session for empty or non authorized user.
$sql = "SELECT * FROM tbl_students WHERE tbl_students.id = '$current_user_id' INNER JOIN tbl_user ON tbl_user.id = tbl_students.id";
$result = mysqli_query($connect, $sql);
?>
<?php
if(mysqli_num_rows($result) > 0)
{
while($row = mysqli_fetch_array($result))
{
?>
<tr>
<td><?php echo $row["id"];?></td>
<td><?php echo $row["name"]; ?></td>
<td><?php echo $row["grade"]; ?></td>
<td><?php echo $row["section"]; ?></td>
</tr>
<?php
}
}
?>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.