|
PHP - Sending Processed Form Info As Html To Both The User And Client
I am trying to build a form that will process all the user inputted information, and put those contents into an html table so that I can send the info to both my customer and myself. I figured out how to send an email to myself as html, but the user email is arriving as plain text with all the html tags. Someone had suggested PHPMailer, but I cannot figure out how to format it properly to work with my setup. I am new to PHP so this is a learning curve. I have included a sample of my process form with fictitious email addresses. Any help is much appreciated. Thank you in advance for the help!
Code: [Select] <?php header("Location: ../contactthank.php"); ?> <?PHP $field_Type = $_POST['field_Type']; $field_Service_Provider = $_POST['field_Service_Provider']; $field_Brand = $_POST['field_Brand']; $field_Model = htmlspecialchars($_POST['field_Model']); $field_Size = $_POST['field_Size']; $field_Charger = $_POST['field_Charger']; $field_Case = $_POST['field_Case']; $field_Software = $_POST['field_Software']; $field_Manual = $_POST['field_Manual']; $field_Box = $_POST['field_Box']; $field_Condition = $_POST['field_Condition']; $field_FirstName = htmlspecialchars($_POST['field_FirstName']); $field_LastName = htmlspecialchars($_POST['field_LastName']); $field_Email = $_POST['field_Email']; $field_ZipCode = (int)$_POST['field_ZipCode']; $field_Comments = $_POST['field_Comments']; ?> <?php $reference = (rand(100000000000,99999999999999)); echo $reference; ?> <?php $to = "email@mail.com"; $subject = "Submission# $reference"; $headers = 'From: $field_Email' . "\r\n"; $message = '<html> <head> <title>Cell Phone Form Submission</title> </head> <body> <h1>Thank you for your submission. We will get back to you shortly</h1> <table border="1"> <tr> <td>Reference#</td> <td>' . $reference . '</td> </tr> <tr> <td>I want to</td> <td><b>Sell</b></td> </tr> <tr> <td>Service Provider</td> <td>' . $field_Service_Provider . '</td> </tr> <tr> <td>Model</td> <td>' . $field_Model . '</td> </tr> <tr> <td>Size</td> <td> ' . $field_Size . '</td> </tr> <tr> <td>Accessories</td> <td>' . $field_Charger . " " . $field_Case . " " . $field_Software . " " . $field_Manual . " " . $field_Box . '</td> </tr> <tr> <td>Condition</td> <td>' . $field_Condition . '</td> </tr> <tr> <td>Name</td> <td>' . $field_FirstName . " " . $field_LastName . '</td> </tr> <tr> <td>Email</td> <td>' . $field_Email . '</td> </tr> <tr> <td>Zip Code</td> <td>' . $field_ZipCode . '</td> </tr> <tr> <td>Comments</td> <td>' . $field_Comments . '</td> </tr> </table></body> </html> '; $headers = 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; $user = "$field_Email"; $usersubject = "Form Submission# $reference"; $userheaders = "From: email@mail.com\n"; $usermessage = '<html> <head> <title>Form Submission</title> </head> <body> <h1>Thank you. We will get back to you shortly</h1> <table border="1"> <tr> <td>Reference#</td> <td>' . $reference . '</td> </tr> <tr> <td>I want to</td> <td><b>Sell</b></td> </tr> <tr> <td>Service Provider</td> <td>' . $field_Service_Provider . '</td> </tr> <tr> <td>Model</td> <td>' . $field_Model . '</td> </tr> <tr> <td>Size</td> <td> ' . $field_Size . '</td> </tr> <tr> <td>Accessories</td> <td>' . $field_Charger . " " . $field_Case . " " . $field_Software . " " . $field_Manual . " " . $field_Box . '</td> </tr> <tr> <td>Condition</td> <td>' . $field_Condition . '</td> </tr> <tr> <td>Name</td> <td>' . $field_FirstName . " " . $field_LastName . '</td> </tr> <tr> <td>Email</td> <td>' . $field_Email . '</td> </tr> <tr> <td>Zip Code</td> <td>' . $field_ZipCode . '</td> </tr> <tr> <td>Comments</td> <td>' . $field_Comments . '</td> </tr> </table></body> </html> '; mail($to,$subject,$message,$headers); mail($user,$usersubject,$usermessage,$userheaders,$headers); ?> Similar TutorialsHi there, I need help with my form. i have this from which user will fill out e.g name telephone and a message. i want to add pre text after the message e.g name phone message preTEXT. how do i do that ? I'll be having .txt files uploaded via a form. Upon submission, it will be passed to another .php file to have the data entered into the database. It's not uploading the file to the folder, and while the trigger echoes what's set up to echo, it's loading the data into the database.
Here is the form: echo '<form action="/wp-content/plugins/csi_stats/csi_process.php" method="post" enctype="multipart/form-data"> Select Boxscore to upload: <input type="file" name="fileToUpload" id="fileToUpload"> <input type="submit" value="Upload" name="submit"> </form>'; } Here is csi_process.php
$filename = $_FILES['fileToUpload']['name'];
$target_dir = "/wp-content/uploads/csi_boxscores/21/";
$target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
$uploadOk = 1;
$imageFileType = strtolower(pathinfo($target_file,PATHINFO_EXTENSION));
// Check if image file is a actual image or fake image
if(isset($_POST["submit"])) {
// $check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
echo $target_file . ' Boxscore Sent';
echo '<br>' .$filename;
$uploadOk = 0;
}
$query = "
LOAD DATA INFILE '$fileName'
INTO TABLE a_stats
FIELDS TERMINATED BY '|'
LINES TERMINATED BY '\r\n'
IGNORE 2 Lines
(jersey,points,2pm,2pa,3pm,3pa,ftm,fta,oreb,dreb,treb,ast,blk,stl,deflect,turn,charge,pf,tf)
SET team = 426";
"team" will ultimately be a variable, and I'll have "game" in there too.
Here is the data: 235a5d12-be10-43af-abba-e45456d9d8da Jersey|Points|TwoPointsMade|TwoPointAttempts|ThreePointsMade|ThreePointAttempts|FreeThrowsMade|FreeThrowAttempts|OffensiveRebounds|DefensiveRebounds|Rebounds|Assists|BlockedShots|Steals|Deflections|Turnovers|Charges|PersonalFouls|TechnicalFouls 10|8|1|2|2|6|0|0|0|4|4|1|1|1|0|1|0|0|0 12|3|0|5|0|3|3|4|1|2|3|0|1|1|0|0|0|2|0 20|8|4|6|0|0|0|0|1|1|2|0|1|1|0|2|0|0|0 22|3|0|1|1|1|0|0|1|2|3|1|0|0|0|2|0|2|0 24|18|4|7|1|3|7|10|0|2|2|1|0|1|0|3|0|3|0 32|1|0|2|0|3|1|2|2|1|3|0|0|1|0|0|0|2|0 41|8|0|0|2|3|2|2|0|0|0|0|0|1|0|0|0|1|0 43|11|5|7|0|0|1|2|0|6|6|1|0|4|0|2|0|3|0 52|3|1|6|0|0|1|1|4|3|7|0|0|1|0|1|0|4|0 Edited November 14, 2020 by Jim R <body> <?php Echo "Hello World!"; ?> <h1> The headline here</h1> </body> The above os an example. The problem can be read in title. When clicking on View Source Code in the web browser the PHP tags are still there, which means they have not gotten processed. Why does this happen? Using Apache (XAMP). Hi there i would like to send my clients a randomly generated order code by email i have had no success so far and was wondering how to do it. Any help would be great! Thanks, Blink359 I'm a total noob at PHP, and need to make a simple authentication server-side script for a Java application that is in no way associated with the server. My Java app URL encodes in this format(pretty standard): "key1"="value1" I THINK I have the correct code in PHP to read the HTTP POST data values... Code: [Select] $username = array("1", 2, 3, 4, 5); $match = FALSE; foreach($_POST as $key1 => $value1){ foreach($username as $key2 => $value2){ if ($value1 == $value2){ $match = TRUE; break; } } if ($match = TRUE) break; } After all this I'd like to send a response saying either TRUE or FALSE(in other words, I'd like to send the variable $match). I've looked far and wide for how to do this in PHP, and couldn't find a single helpful page. Hi there I am trying to send an array of items to delete from a form, receive them back to the page then enter them into another form and then send them back to the page. Basically its a delete then confirm delete thing. So I can send the array from the first form though I am not sure how to place them into the second (confirm delete) form. What I've got so far considering the array does get sent in the first place is First I receive the array: if (isset($_POST['delete'])) { if (isset($_POST['todelete'])){ $todelete[] = ($_POST['todelete']);////here is my problem I think echo <<<_END <div>Are you sure you wish to make these changes</div> <div><form action="" method="post"> <input type='hidden' name='todelete'value="$todelete"/> <input type='hidden' name='confirm'value="confirm"/> <input id='inputform' type='submit' size='50' value='Yes' /> </form> <form action="" method="post"> <input type='hidden' name='rollback'value='rollback' /> <input id='inputform' type='submit' size='50' value='No' /> </form></div> _END; } } Then I try and receive the array back with if (isset($_POST['confirm'])){ foreach ($_POST['todelete'] as $delete_id) { $query ="DELETE FROM gallery WHERE id = $delete_id"; $result=mysql_query($query) or die("Invalid Query : ".mysql_error()); echo "Removing Data"; } } What I receive is a warning: 'Warning: Invalid argument supplied for foreach() in C:\wamp\www\css\enterphotos.php on line 91" I am sure that there is a simple solution! Can anyone help me here? I have this XML... Code: [Select] $xml = '<?xml version="1.0" encoding="utf-8"?>' . '<LeadImportDatagram>'. '<CompanyKey>' . $companyKey . '</CompanyKey>' . '<NotificationEmailTo>garysaldutti@gmail.com</NotificationEmailTo>' . '<LeadInfo>'; '<City>Osweeego</City>'; '</LeadInfo>' . '</LeadImportDatagram>'; and I need to use PHP to submit that XML to a remote server at a address in this format (http://XX.XXX.XXX.XXX/xml/importlead.asp) so that the remote server can process the info. Can anyone out there tell me how to do that? It seems like I have to use cURL and I've tried multiple times but keep getting "bad request" errors. SIDE NOTE: Is my syntax wrong? Someone else helped me write that $xml variable, but it seems weird to me that some lines end with periods and some end with semicolons. So here is my code: //form.html <form action="http://localhost/lab3/index.php" method="post " > <input type="text" name="numar" value=""><br> <input type="submit" name="submitButton" value="Submit"> </form> //and in index.php ,which is in the specified folder if I write : if($_POST['numar']!="") $m=$_POST['numar']; //then I get an error saying Undefined index: numar I really read a lot about forms and saw examples , but I can't figure out what's wrong. If you have any ideas.. Hi, I have a simple html form. <form action="mail.php" method="POST"> <p>Name</p> <input type="text" name="name"> <p>Email</p> <input type="text" name="email"> <p>Phone</p> <input type="text" name="phone"> <p>Message</p><textarea name="message" rows="6" cols="25"></textarea><br /> <input type="submit" value="Send"><input type="reset" value="Clear"> </form> I send a simple recap to e-mail through PHP. Simultaneously with this recapitulation, I would like to generate XML, which would send it in an e-mail attachment. Somehow it's not working. Would anyone help?
<?php
$name = $_POST['name'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$message = $_POST['message'];
$formcontent=" From: $name \n Phone: $phone \n Call Back: $call \n Website: $website \n Priority: $priority \n Type: $type \n Message: $message";
$recipient = "**************";
$subject = "Contact Form";
$mailheader = "From: $email \r\n";
$doc = new DOMDocument('1.0', 'UTF-8');
$doc->formatOutput = true;
$xmlRoot = $doc->createElement("xml");
$xmlRoot = $doc->appendChild($xmlRoot);
$root = $doc->createElement('OrderDetails');
$root = $doc->appendChild($root);
$ele1 = $doc->createElement('name');
$ele1->nodeValue=$name;
$root->appendChild($ele1);
$xml->saveXML("");
$mail->addStringAttachment($xml->asXML(), "xml.xml");
mail($recipient, $subject, $formcontent, $mailheader) or die("Error!");
echo "Thank You!" . " -" . "<a href='form.html' style='text-decoration:none;color:#ff0099;'> Return Home</a>";
?>
Thanks for any help!! I have an HTML form that I have a "select" drop-down menu that is selecting the name of the person you should send to. The names are being pulled from the Database, and here is what that code for the drop-down in the form looks like: <?php echo '<select name= "First_Name" , "Last_Name">'; while( $array = mysql_fetch_assoc($result) ) { $text_for_select = $array["First_Name"] . " " . $array["Last_Name"]. " " . $array["District"]; $value_for_select = $array["First_Name"] . " " . $array["Last_Name"] . "_" . $array["id"]; echo "<option></option>\n"; echo "<option value=\"$value_for_select\">$text_for_select</option>\n"; } echo '</select>';?> This works perfectly. However, what I want it to do is send the form to the email address of the person that is selected in the drop-down. The email address' are already entered in each record of the database in a field called "Email". I am using the $value_for_select variable to pull the id of the record, but I am unsure how to then tell the form to send to the email address of that record? Anybody know a way that this can be done? Here is the code of the for that should be sent: <?php if($_POST){ $to = $email; $subject = "WHAT SHOULD THIS BE"; $message = "Date: $date\n\r". "Dear $First_Name, $Last_Name,\n\r". "Blah Blah BLah.Blah Blah BLah.Blah Blah BLah.Blah Blah BLah.Blah Blah BLah.Blah Blah BLah.Blah Blah BLah.Blah Blah BLah.Blah Blah BLah.Blah Blah BLah.Blah Blah BLah.Blah Blah BLah..\n\r". "Sincerely,\n". "$name \n". "$street \n". "$city, $zip \n". "$email \\n". $headers = "From: $email"; mail($to, $subject, $message, $headers); // SUCCESS! echo '<p class="notice">'. 'Thank you for your submission. '. '</p>'; // clear out the variables for good-housekeeping unset($date,$legislator,$bill,$name,$street,$city,$zip,$email); $_POST = array(); } ?> Please help! Hi there, I am using this code to send the users email address to the database. That works fine, but i keep getting blank info added to the database. Does anyone know how i can stop this? <?php $con = mysql_connect("*","*","*"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("ogs_mailinglist1", $con); $sql="INSERT INTO mailinglist (email) VALUES ('$_POST[rec_email]')"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } mysql_close($con); ?> Thanks, Hi Guys, I am fairly new to mySQL/PHP and I have an issue. I have a login/registration system for a website and it works. However in the registration the user enters info such as their phone and email. How can I access these two fields of info from the user who is currently logged in. For example someone makes an account with: Username: Person Password: hello Email: person@gmail.com Phone: 111-111-1111 Name: Hello Person When they log into the site using their username and password, how can I detect their email/phone/name? Thanks in advance! Hi I built a really simple customer review form https://kickasssoftwear.uk/dev/reviews.html (it's only been optimised for mobile view so far) and it works using the php mail script on this page https://kickasssoftwear.uk/dev/empty2.php - the emails are being sent to me and the format of the emails is OK, and the form redirects to the empty2 page with a mailsent message in the address bar. I know I can leave that page as is and write a nice thank you message in the html - but what I really want to do is have the customers name there too, Thanks 'name' your review has been sent, but I can't get it to work - it's been 4 whole days now and I really need to eat & sleep! Please if anyone has suggestions or advice for a noob, please help. Thanks Hello all, I have a membership website which is using sessions... and ive been asked to add some promotion points system. So that each user is able to see how many promotion points they have... Now, I'm a beginner in mysql and php, but feel I'm learning fairly quickly. What I need help with, is to be able to display the amount of promotion points for the logged in user. I created a new field in my "essenti1_Users" table for the promotion code. database is called "essenti1_membership" table is "essenti1_Users" feild is "promo" I think im going to have to manually add the points to each user manually through phpMyAdmin Navicat unfortunatly. Unless anyone has any other ideas just for adding the points to each user account? ziggynerja is online now Add to ziggynerja's Reputation Report Post Edit/Delete Message This topic has been moved to PHP Applications. http://www.phpfreaks.com/forums/index.php?topic=327636.0 Hi - how's it going? I've been working on something with no luck and I'm wondering if you have any ideas. I have two tables; Members and Events. When a member logs in they are redirected to a page where I want them to be able to see a list of events that they have created based on a user ID that is common in both tables. So if the member has a memberID of 123 I want them to see any events that have the userID of 123. I used two different column names just for clarity. I've tried a number of variations on the following code: <?php session_start(); header("Cache-control: private"); // Connect to Database include ('includes/db.php'); //Has login info // If not logged in if (!$_SESSION['pkMemberID']) { echo ("<div class='box'><h2>Sorry, you are not logged in!</h2>"); exit(); } // Convert Session variable 'pkMemberID' to simple variable. $memberID = $_SESSION['memberID']; $pkMemberID = $_SESSION['pkMemberID']; $name = $_SESSION['name']; //Query Events $sql = "SELECT * FROM events WHERE userID = $memberID"; $result = mysql_query($sql); $num_rows = mysql_num_rows($result); echo ("<div>Events:<br />"); // Event exists if (!($num_rows == 0)) { $myrow = mysql_fetch_array($result); do { printf ('<span>– <a href="event_edit.php?pkEventID=%s">%s</a></span><br />', $myrow['pkEventID'], $myrow['eventName']); } while ($myrow = mysql_fetch_array($result)); } echo ("</div>"); //End Events //end page ?> Sometimes I get errors, sometimes just nothing. Any advice would be appreciated. I am ok with codeing but NOT half-as good as some of your GUYS here. I'm trying to write a simple sql query based on returning certain values from a table for that user. I would like to just beable to include this as a page user.info.php and render it on any page as include to return need values . See My CODE. PLESE HELP ME. Code: [Select] <?php @session_start(); $user = $_SESSION['username']; // Set cookie $userid = JRequest::getVar('userid'); $data = new stdClass(); $model =& $this->getModel('profile'); $my = CFactory::getUser(); // Test if userid is 0, check if the user is viewing its own profile. $db =& JFactory::getDBO(); $user =& JFactory::getUser(); $userId = $user->id; // Return with empty data if($userId == null || $userId == '') { //return false; } $user =& JFactory::getUser($userId); if($user->id == null){ //return false; } $id = & JFactory::getUser($userId); $query = 'SELECT user_id, id, format_id, year, name FROM #__muscol_albums WHERE user_id = ' . $id; //$query = 'SELECT user_id FROM #__muscol_albums WHERE id = ' . $album_id ; $result = mysql_query($query) or die('Error, No Album Search failed'); list($name, $user_id, $id, $year) = mysql_fetch_array($result); echo $id; echo $user_id; echo $year; // preform id return check and redirecto to correct url if ($user->get('id') == 0 || $userid == 0 || $userid <> $user->get('id')){ $url=JURI::root().'index.php?'.$component.'&id='.$id.'&tmpl=component&print=1'; } else { $url=JURI::root().'index.php?option=com_community&view=profile&id=1&tmpl=component&print=1'; //redirect is a function } ?> hi all, im working on a email send to de user who register on the website! now i get the email but its not email/html view and it gets in to the unwanted folder, also as i siad trust this emailadress! what do i wrong in the code?? the whole php file see //#### XXX ### where i need help! Code: [Select] <?php Session_start(); if(file_exists("support/functions_alg.php")) // user,pass and database file { include("support/functions_alg.php"); // database functions file } if($_REQUEST) { $email=$_REQUEST['email']; $pass=md5( $_REQUEST['pass'] ); $secc=md5( $_REQUEST['sec_code'] ); function check_code($secc) { if($secc == $_REQUEST['mdcode']) { return true; } else { return false; } } function check_email_address($email) { // First, we check that there's one @ symbol, and that the lengths are right if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) { // Email invalid because wrong number of characters in one section, or wrong number of @ symbols. return false; } // Split it into sections to make life easier $email_array = explode("@", $email); $local_array = explode(".", $email_array[0]); for ($i = 0; $i < sizeof($local_array); $i++) { if (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$", $local_array[$i])) { return false; } } if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1])) { // Check if domain is IP. If not, it should be valid domain name $domain_array = explode(".", $email_array[1]); if (sizeof($domain_array) < 2) { return false; // Not enough parts to domain } for ($i = 0; $i < sizeof($domain_array); $i++) { if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i])) { return false; } } } return true; } if(check_email_address($email)) { if(check_code($secc)) { //$res=register($email,$pass,$name,$address,$huisnr,$zipcode,$plaats,$dob_year,$dob_month,$dob_date,$tel); $res=true; if($res==true) { // ##### XXX ##### //mail function /* subject */ $subject = "Activeer uw Profiel"; /* To send HTML mail, you can set the Content-type header. */ $headers = "MIME-Version: 1.0 \r\n"; $headers .= "Content-type: text/html; charset=utf-8 \r\n"; /* additional headers */ $headers .= "From: " . $mailme . " \r\n"; /* and now mail it */ $text = ' <html> <head> <title>Nieuw profiel</title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> </head> <body> Activeer uw profiel op:<br><br> <a href="http://'.$_SERVER['SERVER_NAME'].'/?reg_result&activatie=true">Activeer</a>br><br> Veel plezier op onze website! </body> </html>'; $res = mail($email,$subject,$text,$headers); echo("<script>document.location.href='index.php?topic=reg_result&".$res."'</script>"); //header('location: "'.$_SERVER['HTTP_REFERER'].'?topic=reg_result&true"'); //###### XXXX ####### } else { echo "<table border=1 class=outer_tbl align=center width=50% style='border-collapse:collapse;'>"; echo "<tr><td align=center>"; echo "Fout tijdens registratie<br><a href='javascript:history.back();'>Klik hier</a> om opnieuw te proberen"; echo "</tr></td></table>"; } } else { echo("<script>document.location.href='".$_SERVER['HTTP_REFERER']."&error=code'</script>"); //header('location: "'.$_SERVER['HTTP_REFERER'].'&error=code"'); } } else { echo("<script>document.location.href='".$_SERVER['HTTP_REFERER']."&error=email'</script>"); //header('location: "'.$_SERVER['HTTP_REFERER'].'&error=email"'); } } ?> the recived email looks like : Content-type: text/html; charset=utf-8 From: info@pc-hulp-online.nl Return-Path: anonymous@server70.hosting2go.nl X-OriginalArrivalTime: 30 Apr 2012 10:47:41.0985 (UTC) FILETIME=[AB19D110:01CD26BE] <html> <head> <title>Nieuw profiel</title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> </head> <body> Activeer uw profiel op:<br><br> <a href="http://nieuw.pc-hulp-online.nl/?reg_result&activatie=true">Activeer</a>br><br> Veel plezier op onze website! </body> </html> please help me!! thnx, I have two tables. Table Name:Users Fields: User_name user_email user_level pwd 2.Reference Fields: refid username origin destination user_name in the users table and the username field in reference fields are common fields. There is user order form.whenever an user places an order, refid field in reference table will be updated.So the user will be provided with an refid Steps: 1.User needs to log in with a valid user id and pwd 2.Once logged in, there will be search, where the user will input the refid which has been provided to him during the time of order placement. 3.Now User is able to view all the details for any refid 3.Up to this we have completed. Query: Now we need to retrieve the details based on the user logged in. For eg: user 'USER A' has been provided with the referenceid '1234' during the time of order placement user 'USER B' has been provided with the referenceid '2468' during the time of order placement When the userA login and enter the refid as '2468' he should not get any details.He should get details only for the reference ids which is assigned to him. Hi, All: I'm trying to figure out what way it's the best way to pull info belonging to a specific user based on whether he's a logged-in "member", and want to make sure he's not able to access any other member's details... would the best way be to try to match the user's "username" stored in a $_SESSION when fetching his info, something like this: Code: [Select] <?php // Assume the login combo is this: $username = $_POST['username']; $password = $_POST['password']; // Assume he has already logged in: $_SESSION['username'] = $username; //EXAMPLE 1: SELECTING user info simply from actual DB username/password match: if ($_SESSION['username']) { $userRecords = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$password'"); $userInfo = mysql_fetch_array($userRecords); echo $userInfo['id'] . $userInfo['username'] . $userInfo['first-name'] . $userInfo['last-name'] . $userInfo['date-register']; } // EXAMPLE 2: or SELECTING user info based on $_SESSION['username'] value: if ($_SESSION['username']) { $userRecords = mysql_query("SELECT * FROM users WHERE username = . $_SESSION['username'] . AND password = '$password'"); $userInfo = mysql_fetch_array($userRecords); echo $userInfo['id'] . $userInfo['username'] . $userInfo['first-name'] . $userInfo['last-name'] . $userInfo['date-register']; } ?> So, my question is, are this actually working differently? is one better than the other as far as security, preventing other users from hacking either on purpose or accidenally into other user's details? thank! Appreciate any feedback... |
|||||||