Displaying data to text input field php mysqli with login session

Question

Hi how can i display user information according to their session after logged in? i would liike to display in text input field , i already create the session and include the dbconfig.php. it doesnt appear in the text input field. Is there something wrong with my mysqli query? Any helps really appreciated..

This is my stdProfile.php

    <body>
<?php
        // connect to the database
        include('dbconfig.php');
        // get record from db
       $sql = "SELECT id, stdName, stdMatric, stdFaculty, stdPhone from student";
        $result = $mysqli-> query($sql);
  session_start();
  $_SESSION['stdName'] = $stdName;
         while($row=mysqli_fetch_assoc($result))
        {

            $stdName     = $row['stdName'];
            $stdMatric = $row['stdMatric'];
            $stdFaculty = $row['stdFaculty'];
            $stdPhone = $row['stdPhone'];
        }
        ?>
      
<h3 style="margin-left: 1em; margin-top: 1em;text-decoration: underline;">Student Profile</h3>
  <div style="margin-left: 1em;">
      <div class="form">    
      <div class="row">
        <div class="col-xs-4">
        <label>Student Name</label>
        <input type="text" class="form-control" name="stdName" value="<?=$row['stdName']?>" readonly>
      </div>
      </div>
      <br />
      <div class="row">
        <div class="col-xs-4">
          <label>Student Matric</label>
          <input class="form-control" name="stdMatric" value="<?=$row['stdMatric']?>" readonly>
        </div>
      </div>
      <br>
      <div class="row">
        <div class="col-xs-4">
          <label>Student Faculty</label>
           <input class="form-control" name="stdFaculty" value="<?=$row['stdFaculty']?>" readonly>
         
        </div>
      </div>
      <br />
      <div class="row">
        <div class="col-xs-4">
          <label>Student Phone</label>
          <input class="form-control" name="stdPhone" value="<?=$row['stdPhone']?>" readonly>
        </div>
      </div>
      <br />
      <button type="button" class="btn btn-danger" onclick="location.href='../view/custHomePage.php? 
     cust_ID=<?=$_SESSION['cust_ID']?>'">Cancel</button>
      <button type="button" class="btn btn-warning" data-toggle="modal" data- 
     target="#updateModal">Edit Profile</button>
     
    </div>
   </div>
   </body>
   </html>

This is my dbconfig.php

    <?php
    // server info
    $server = 'localhost';
    $user = 'root';
    $pass = '';
    $db = 'userprofile';

   // connect to the database
   $mysqli = new mysqli($server, $user, $pass, $db);

    // show errors
   mysqli_report(MYSQLI_REPORT_ERROR); 
   ?>

and this is my output, got error and data not appear in the text field, Really appreciate for the helps..

Daniel Guzman · Accepted Answer · 2020-07-11T16:17:31.507

0

The Undefined variable error is because you're trying to read it before defining it.

$_SESSION['stdName'] = $stdName; // Undefined variable

// Some code...

$stdName = $row['stdName']; // Defining it here

Then, on your HTML form you can't access to $row. Print the variables you've defined after the SQL query.

Change this:

<input type="text" class="form-control" name="stdName" value="<?=$row['stdName']?>" readonly>

for this:

<input type="text" class="form-control" name="stdName" value="<?=$stdName?>" readonly>

Assuming you've logged and stored the user data.

login.php

<?php
    // Proceed if actually get auth credentials
    if(isset($_POST['user']) && isset($_POST['pass'])){
        include('dbconfig.php');

        $user = $_POST['user'];
        
        // There are different methods to process passwords, so I suggest to take a look on password_hash() and password_verify()

        $pass = $_POST['pass'];
         
        // Use prepared statements to make it more secure
        $sql = "SELECT id, stdName, stdMatric, stdFaculty, stdPhone from student
                WHERE user = ? AND pass = ?";

        // Prepare statement and bind params
        $stmt = $conn->prepare($sql);
        $stmt->bind_param("ss", $user, $pass);

        // Execute statement and get results
        $stmt->execute();
        $result = $stmt->get_result();

        // If there's actually at least one record that matches
        if($results->num_rows >= 1){
            $data = $result->fetch_assoc();
    
            // Store all the student retrieved data in session variables
            session_start();
            $_SESSION = $data;

            // Redirect to profile
            header("Location: stdProfile.php");
        }else{
            // Do something if wrong user/pass
        }

        $conn->close();
    }
?>

Then, you don't have to run the sql query again on the Student profile or any other page because you have the data stored in $_SESSION

As @Dharman suggested, take a look at How to use password_hash and bcrypt & password hashing in PHP

stdProfile.php

<?php
    session_start();
    if(!isset($_SESSION['id'])){
        /* If no user stored in session (logged user)
        return to index or loggin form */
        header("Location: index.php");
    }

    // Store the $_SESSION in a more handy variable
    $std = $_SESSION;
?>

Then on the HTML form of stdProfile.php

<input type="text" class="form-control" name="stdName" value="<?=$std['stdName']?>" readonly>

edited Jul 11 '20 at 16:17

answered Jul 11 '20 at 03:05

Daniel Guzman

588
2
8

Ok i will try now... – Alif Iskandar Jul 11 '20 at 03:06
hi, the user data is appear in the textfield, but it shows the data from other user data from database, not data from the user currently logged in session, is there something wrong with my session? – Alif Iskandar Jul 11 '20 at 03:31
On your SQL query you're missing the WHERE Clause, so it might be taking the first user in the database. When doing the logging, use the WHERE clause to select the user that matches auth credentials. If you've actually logged and get correctly the user data, you could store it's ID in a $_SESSION variable, so the WHERE clause will match the correct user by filtering by the ID. – Daniel Guzman Jul 11 '20 at 03:37
like this right? for the sql query $sql = "SELECT id, stdName, stdMatric, stdFaculty, stdPhone from student where id='$id' "; – Alif Iskandar Jul 11 '20 at 03:51
Yep. Just updated my answer. Hope this helps. Also, I strongly suggest not to store plain text pass (encryp them) and research about SQL Prepared Statements to prevent SQL Injection. – Daniel Guzman Jul 11 '20 at 04:10
Then my the next code will be like this right? $result = $mysqli-> query($sql); session_start(); while($row=mysqli_fetch_assoc($result)) { $id = $row['id']; $stdName = $row['stdName']; $stdMatric = $row['stdMatric']; $stdFaculty = $row['stdFaculty']; $stdPhone = $row['stdPhone']; } $_SESSION['id'] = $id; ?> – Alif Iskandar Jul 11 '20 at 04:21
Yeah, that code is correct but following the example I posted it's not necessary because we're already logging in and storing all the student data in $_SESSION. You could remove my $data = mysqli_fetch_assoc($query); and $_SESSION = $data; you can apply the code on your last comment. Take a look at the example and let me know if it's confuse. – Daniel Guzman Jul 11 '20 at 04:42
hi actually after login, user are directed to menu page, and theres button to view the user profile(which direct to stdProfile.php), when i click the button that direct to the stdProfile.php, it doesnt show session id on the url like after i click the login button , http://localhost/manageUserWeb/stdMenu.php?id=29.. how can i use session after i click the button inside the menu page that will display same as i click the login button? and display the user data on stdProfile.php according to the logged in user session? – Alif Iskandar Jul 11 '20 at 07:29
Noted, i will change the code – Alif Iskandar Jul 11 '20 at 14:53
@Dharman thanks for bringing more details. I already suggested to take a look on those topics for improving his code, but just mentioning them. My answer was more aiming to solve the current logc and syntax issues. – Daniel Guzman Jul 11 '20 at 14:58
There is no reason to show anyone how to do things wrong. Either don't show this part or show how to do it properly. – Dharman Jul 11 '20 at 15:00

Displaying data to text input field php mysqli with login session

1 Answers1