0

I can login succesfuly and the user can be displayed... But im doing something wrong here, i can't display the name of the user. Here is the form I tried:

<?php 
include("dbconfig.php");
session_start();
if($_SERVER["REQUEST_METHOD"] == "POST")
{
// username and password received from loginform 
$name=mysqli_real_escape_string($dbconfig,$_POST['name']);
$username=mysqli_real_escape_string($dbconfig,$_POST['username']);
$password=mysqli_real_escape_string($dbconfig,$_POST['password']);

$sql_query="SELECT id FROM user WHERE username='$username' and password='$password'";
$result=mysqli_query($dbconfig,$sql_query);
$row=mysqli_fetch_array($result,MYSQLI_ASSOC);
$count=mysqli_num_rows($result);


// If result matched $username and $password, table row must be 1 row
if($count==1)
{
$_SESSION['login_user']=$username;

header("location: home.php");
}
else
{
$error="Useri ose passwordi gabim!";
}
}
?>

and here is the desplay code:

<?php
if(!isset($_SESSION['login_user']))
{
header("Location: login.php");
}
else
{
$name=$_SESSION['login_user'];
?>
Welcome <?php echo $name;?>
<?php
}
?>

What am I missing can anyone help me out? Thanks!

Improve this question
3
  • Normally you would save the user id to the session and fetch whatever you need on each page load. In your code you save the displayname to session so later when you retrieve it you will get the same and not the actual name (which isnt even stored in session) Commented Apr 10, 2016 at 12:44
  • forget to add session_start(); at your second part (desplay) Commented Apr 10, 2016 at 12:45
  • verify if you are starting a serssion_start() in the home.php Commented Apr 10, 2016 at 12:53

1 Answer 1

Reset to default
1

From what I understand, you're trying to display the user's name and not the username in the welcome message.

First of all, please see that you are not even retrieving the user's name. So, you need to fetch that along with the id.

Considering the field is "name" in your database.

You can modify your query:

$sql_query="SELECT id, name FROM user WHERE username='$username' and   password='$password'"; // Add name along with id
$result = mysqli_query($dbconfig,$sql_query);
$row = mysqli_fetch_array($result,MYSQLI_ASSOC);
$count  = mysqli_num_rows($result);

if($count==1) {

     $_SESSION['User']['username'] = $username;       // Change this
     $_SESSION['User']['name']     = $row['name'];    // Add this
     header("location: home.php"); 
 } else {
     /* Other code */
 }

Now, your display code:

 <?php
    session_start();
    if(!isset($_SESSION['User'])) {
        header("Location: login.php");
    } else {
        $name = $_SESSION['User']['name'];
  ?>
   Welcome <?php echo $name;?>
  <?php } ?>

Hope this helps.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thank's, you made my day ^.^.
Please don't construct SQL statements directly from user input. Inform yourself about SQL Injection.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.