1

I have a php posting script and I need it to grab the data from the database. Here's the script:

    <?php
error_reporting(E_ALL);
  session_start();

  // If the session vars aren't set, try to set them with a cookie
  if (!isset($_SESSION['user_id'])) {
    }
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  <title>Cheesecake Productions - Post Topic</title>
  <link rel="stylesheet" type="text/css" href="include/style/content.css" />
</head>
<body>

<?php

include ("include/header.html");

include ("include/sidebar.html");

?>
<div class="container">
<?php

  require_once('appvars.php');
  require_once('connectvars.php');

  // Make sure the user is logged in before going any further.
  if (!isset($_SESSION['user_id'])) {
    echo '<p class="login">Please <a href="login.php">log in</a> to access this page.</p>';
    exit();
  }
  else {
    echo('<p class="login">You are logged in as ' . $_SESSION['username'] . '. <a href="logout.php">Log out</a>.</p>');
  }

  // Connect to the database
$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME) or die('could not connect to mysql '.mysqli_connect_error());

// Grab the profile data from the database
$query = "SELECT first_name FROM ccp2_user WHERE first_name = '" . $_SESSION['user_id'] . "'";
    $data = mysqli_query($dbc, $query);

    ///////////////////////////
   ///What must I do after////
  //getting the data from////
 //database. I am new to////
//PHP//////////////////////
//////////////////////////



  $row = mysqli_fetch_array($data);
   $first_name = mysqli_real_escape_string($dbc, trim($_POST['first_name']));



  if (isset($_POST['submit'])) {
    // Grab the profile data from the POST
     $post1 = mysqli_real_escape_string($dbc, trim($_POST['post1']));

    // Update the profile data in the database
    if (!$error) {
      if (!empty($post1)) {
        // Only set the picture column if there is a new picture
    $query = "INSERT INTO `ccp2_posts` (`first_name`, `post_date`, `post`) VALUES ('$first_name', NOW(), '$post1')";
        mysqli_query($dbc, $query);

        // Confirm success with the user
        echo '<p>Your post has been successfully added. Would you like to <a href="viewpost.php">view all of the posts</a>?</p>';

        mysqli_close($dbc);
        exit();
      }
      else {
        echo '<p class="error">You must enter information into all of the fields.</p>';
      }
    }
  } // End of check for form submission
    else {
    echo '<p>Grr</p>';
    }

  mysqli_close($dbc);
?>

  <form enctype="multipart/form-data" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
    <input type="hidden" name="MAX_FILE_SIZE" value="<?php echo MM_MAXFILESIZE; ?>" />
    <fieldset>
      <legend>Post Here:</legend>     
      <label type="hidden" for="post1">Post Content:</label><br />
      <textarea rows="4"  name="post1" id="post1" cols="50">Post Here...</textarea><br />
    </fieldset>
    <input type="submit" value="Save Post" name="submit" />     
  </form>
   </div>
  <?php

include ("include/footer.html");

?>

</body> 
</html>

This script is supposed to grab first_name from the database and it is not. Help?

Edit: There's the whole code.

user2544765
  • 115
  • 1
  • 1
  • 9
  • Check the $dbc object. And this is very unsafe. Sanitize your user submitted data and use prepared statements. – digitai Jan 26 '14 at 00:55
  • You did `print_r($row)` right? – Lawrence Cherone Jan 26 '14 at 00:55
  • And... the cookie is generated from where? If none are created, then your code has done its job, as in "don't create the session". Create one. – Funk Forty Niner Jan 26 '14 at 01:04
  • @Fred-ii- I do need to delete the cookie thing as I do not use it – user2544765 Jan 26 '14 at 01:08
  • With the conditional statement it's set in, your session variable will never be created, therefore you'll be unable to pull in the user's id from a session. As per `WHERE user_id = '" . $_SESSION['user_id'] . "'` – Funk Forty Niner Jan 26 '14 at 01:09
  • @Fred-ii- Didn't seem to do anything special – user2544765 Jan 26 '14 at 01:12
  • You have an if statement that looks if $_COOKIE["user_id"] is set, and if it is, sets the session equal to the cookie. However....if you have yet to set the $_COOKIE. Is is set on a different page? – SyntaxLAMP Jan 26 '14 at 01:13
  • With all that I've said so far and you are successful to a certain point, then try `$query = "SELECT * FROM ccp2_user WHERE first_name = '" . $_SESSION['user_id'] . "'";` – Funk Forty Niner Jan 26 '14 at 01:14
  • @SyntaxLAMP I removed the cookie statement and the session with the user_id is set when you login – user2544765 Jan 26 '14 at 01:14
  • For debugging purposes, just manually set the user_id on the mysql query to see if that is working fine. If it is, you know that the session is not set. – SyntaxLAMP Jan 26 '14 at 01:22
  • @SyntaxLAMP Didn't think of that. thanks – user2544765 Jan 26 '14 at 01:22
  • @SyntaxLAMP Still coming up blank – user2544765 Jan 26 '14 at 01:24
  • I take it you tried [my suggestion](http://stackoverflow.com/questions/21358250/php-posting-script-not-getting-data-from-database#comment32204642_21358250) @user2544765 – Funk Forty Niner Jan 26 '14 at 01:26
  • @Fred-ii- Also nothing. – user2544765 Jan 26 '14 at 01:31
  • I also noticed that your `$first_name` variable isn't assigned to anything. What you should be doing is `$_SESSION['user_id'] = $_POST['first_name'];` instead of `$_SESSION['user_id'] = $_COOKIE['user_id'];` – Funk Forty Niner Jan 26 '14 at 01:33
  • @Fred-ii- why would I use post? – user2544765 Jan 26 '14 at 01:36
  • Aren't you trying to pull the "first name", isn't that the intention? This should be added `$first_name = mysqli_real_escape_string($dbc, trim($_POST['first_name']));` if that's the intention. I'm starting to be real confused as to what the intention is at this point. Your question shows as *"This script is supposed to grab first_name from the database and it is not"* so which one is it? – Funk Forty Niner Jan 26 '14 at 01:39
  • And to answer your question about "Why would I use post?" - **A:** `method="post"` and the `name="first_name"` perhaps? I suggest you break down your code to a simpler version in order to test it on a smaller scale. I can't help you anymore than I already have, or tried to. Good luck with that. – Funk Forty Niner Jan 26 '14 at 01:45
  • @Fred-ii- yeah, I suppose I need to fix the form, but what I'm trying to do is get first_name from a database instead of from the form, however for whatever reason it is not taking it from the database and inserting it into the other one. – user2544765 Jan 26 '14 at 01:48
  • You will never pull a first name from your table with what you have now, until you've established a variable that's actually `set` to something. You mentioned earlier that you've gotten rid of the cookie statement, but still... the session (name) isn't assigned to anything. You're trying to pull something from nothing is basically what I'm trying to make you understand. If you want to see if anything is assigned to a session, then do `var_dump($_SESSION);` or `var_dump($_SESSION['user_id']);` after you've declared your session variable and in a location you know something is echoing. – Funk Forty Niner Jan 26 '14 at 02:05
  • @Fred-ii- In that case do you think you could help me with this script then? – user2544765 Jan 26 '14 at 02:06
  • I can't, I'd have to setup a complete DB/table and TBH, I don't have time and the `energy` mostly to do all this. I suggest you look at a few of these links that have helped me before and could be of help to you also. http://stackoverflow.com/q/20584584/ and http://stackoverflow.com/q/21095943/ and http://stackoverflow.com/q/20838973/ – Funk Forty Niner Jan 26 '14 at 02:16
  • I posted something for you below that you can give a try. It's the best I could do in order to help. This is a very **basic** method, and hope it serves you well. @user2544765 – Funk Forty Niner Jan 26 '14 at 03:00

3 Answers3

2

Many things are strange with your code

I believe it's blank because one of the if/else is messed up:

  if (isset($_POST['submit'])) {
  ....
  } 
  else {//here
    else {
      echo '<p class="error">There was a problem accessing your profile.</p>';
    }
  }

then you have $error variable that have no meaning

$error = false;

Then you have in your form :

  <input type="text" id="first_name" name="first_name" value="" /><br />

but you dont want to grab it from there, but the database:

$query = "SELECT first_name FROM ccp2_user 
          WHERE user_id = '" . $_SESSION['user_id'] . "'";

Then your wanna grab $last_name From the post

$last_name = mysqli_real_escape_string($dbc, trim($_POST['last_name']));

but you don't have it in your form

Also this part:

if (!empty($first_name) && !empty($post1)) {
    // Only set the picture column if there is a new picture
    if (!empty($new_picture)) {
        $query = "INSERT INTO `ccp2_posts` (`first_name`, `post_date`, `post`) 
                      VALUES ('$first_name', NOW(), '$post1')";
    }
    else {
        $query = "INSERT INTO `ccp2_posts` (`first_name`, `post_date`, `post`) 
                      VALUES ('$first_name', NOW(), '$post1')";
    }
}

You you have a condition on new_picture Where did you initialize that. Why is it the same insert query again?

Don't you need quote around that?

you have so many issues here, I advice you to trouble shoot step by step. and redesign tis whole thing.

meda
  • 44,540
  • 14
  • 88
  • 122
1

I put something real quick together that works on my system.

This is a basic method and I mean basic, so you'll need to do the rest.

Just change the DB credentials to your own, and the the_user_id assigned to $_SESSION['user_id']

It's the best I can do to help.

<?php
$DB_HOST = "xxx";
$DB_USER = "xxx";
$DB_PASS = "xxx";
$DB_NAME = "xxx";

$dbc = new mysqli($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME);
if($dbc->connect_errno > 0) {
  die('Connection failed [' . $dbc->connect_error . ']');
}

session_start();
$_SESSION['user_id'] = "the_user_id"; // change this to the user's id

// You can use * also as the line from below
// $sql = $dbc->query("SELECT * FROM `ccp2_user` WHERE `user_id` = '" . $_SESSION['user_id'] . "'");
$sql = $dbc->query("SELECT `first_name` FROM `ccp2_user` WHERE `user_id` = '" . $_SESSION['user_id'] . "'");

while($row= mysqli_fetch_array($sql))
{
echo $row['user_id'];
}

// for testing purposes
// var_dump($_SESSION['user_id']);
// var_dump($_SESSION);

mysqli_close($dbc);
Funk Forty Niner
  • 74,372
  • 15
  • 66
  • 132
0

Its here,

require_once('appvars.php');
require_once('connectvars.php');

One of these file must not be set or php cant find these file. So as it says 'require' which means till we dont get this file it will not proceed. so it halt the execution there itself.

try it with :

include('appvars.php');
include('connectvars.php');

It you see the page then problem is here itself.

Rahul
  • 1,201
  • 1
  • 11
  • 20