1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 12:36 pm Apr 28, 2026

Forum Moderators: coopster

Message Too Old, No Replies

Logged in session user to filter return from table

         

Orangutang

5:35 pm on Jul 15, 2010 (gmt 0)

10+ Year Member



Hi everyone,

My objective is to only retrieve quotes for the user that is logged in.

My process is login page - create session variable for the clientid stored as AI in the clients table.

After login click around site and goto "quotes.php" page and click "all quotes.php"

I then echo out the actual clientid number from the db via the session with an If statement as a check. All works well.

Further down the page when I query the db for that users quotes I receive error mess Query was empty unyet 3 quotes from that user exist in the db.

I've already had a bit of help with this which has got me this far and many thanks for that but any pointers on my main objective would be great.

Login page:

$query = mysql_query("SELECT clientid, username, password FROM clients WHERE username='$username'");
$numrows = mysql_num_rows($query); // Get all rows from SELECT statement

if ($numrows != 0) // If numrows is either or equal to 0 - IE No data
{
while ($row = mysql_fetch_assoc($query)) // Fetches actual clientid, username and password
{
$dbclientid = $row['clientid'];
$dbusername = $row['username'];
$dbpassword = $row['password'];
}
If ($username==$dbusername && $password==$dbpassword) // Checks to see if matches
{
echo "You are logged in. <a href='clientscontrolpanel.php'>Click here to go to the Control Panel.</a>";
$_SESSION['username']= $dbusername; // Register session for username
$_SESSION['logged'] = $dbclientid; // Register session for clientid
}
else
echo "Incorrect password";
}
else
echo "Username or Password not found!";


All Quotes page:

<?php
session_start();
$dbusername = $_SESSION['username'];
$dbclientid = $_SESSION['logged'];
include "includes/connect.php";
include("includes/header.php");

if ($dbusername && $dbclientid)
{
echo "<b>CUSTOMER Username:</b> $dbusername <br />";
echo "<b>CLIENT ID:</b> $dbclientid";
}
else
echo "You are not logged in.";
?>

<html>
<head>
<link href="style/main.css" rel="stylesheet" type="text/css" />
</head>
<body>
<br />
<b>You're in Purchasing</b> / All Quotes
<?php
include("includes/clientsmainhornav.php");
include("includes/clientsmainvertnav.php");
include("includes/clientsquotenav.php");
?>

<div style="position:absolute; left:270px; top:230px;">
<table width='100%' border='0' cellpadding='2' cellspacing='2' align='left' valign='centre'>
<tr><td width='20%'><b><u>All Quotes</u></b></td><td>&nbsp</td></tr>

<?php

if (! isset($_SESSION['logged']) or (isset($_SESSION['logged']) and ! ($_SESSION['logged'] > 0)))
{
die("Invalid client id");
}
$query = "SELECT * from quotes where clientid=" . $_SESSION['logged'];
$query = mysql_query($sqlCommand) or die (mysql_error());
$quoteid = mysql_insert_id();
etc etc

optik

6:55 pm on Jul 15, 2010 (gmt 0)

10+ Year Member



I've not read through your whole script but can see straight off you need to put the 'logged' variable in single quotes in your last sql statement

e.g

$query = "SELECT * from quotes where clientid='" . $_SESSION['logged']."' ";

Matthew1980

7:34 pm on Jul 15, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Hi there Orangutang,

The only thing I will suggest as a logic improvement, is the evaluation of the username/password ie:

If (($username == $dbusername) && ($password == $dbpassword))


This is now easier to read and makes more logical sense imo. Again, just a suggestion ;)

And as Optik points out the last query hasn't got quotes around it, when evaluating vars into a sql query or evaluating static content, they need to be quoted, so this would be favoured:-

$query = "SELECT * FROM `quotes` WHERE `clientid` = '".$_SESSION['logged']."' ";


But, either my version or Optik's would produce the same result. My concern is that you say the error is 'query empty', so I have to ask, have you echoed the populated var to screen to see if it is populated as expected before you execute/send the query to the DB - always helps to debug the query before sending the data.

Also, I would definitely check the $_SESSION array to see if everything is set as axpected, but personally, I think that the missing single quote will be to blame, just as was pointed out by Optik.

Hope this helps,

Cheers,
MRb

Orangutang

9:19 am on Jul 16, 2010 (gmt 0)

10+ Year Member



Hi Guys, thanks for the advice, I think I've managed to write the code correctly but if you could check. The apostrophes and quotes are quite hard to see.

$query = "SELECT * from 'quotes' where 'clientid'= "'. $_SESSION['logged'].'" ";

Ran it but unfortunately still reads query empty which brings me onto your point Matt. No worries with any advice by the way mate, its all appreciated and will probably save some of my sanity as I'm learning php, :-)

have you echoed the populated var to screen to see if it is populated as expected before you execute/send the query to the DB

You've got me thinking here because I thought I had: On the login page I:

Fetch the AI clientid from the clients table when I get the username and password.

I then create a var called $dbclientid for the clientd.

And then I create the session for the $dbclientid var and name it logged.

And then on "allquotes.php" I echo out the actual username and clientid number from the database. Username is Steve and clientid is 1. All is displayed ok username and clientid.

This to me was echoing out the populated var to screen, IE clientid = 1

But I gather thats not quite correct.


Also you mention:

I would definitely check the $_SESSION array to see if everything is set as axpected

If possible can you expand on that for me a bit, is that echoing out the whole row as an array to check its there ?

Thanks in advance again
Cheers

Orangutang

10:39 am on Jul 16, 2010 (gmt 0)

10+ Year Member



$query syntax checked and ok just to save time.

Any help with the query problem would be great, this particular function of retrieving data according to the user who is logged in is key to my site.

I can't filter any of the data in any of my tables in accordance with the user who is logged in.

As they say, up the swanny without any paddles :-)

Matthew1980

11:36 am on Jul 16, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Hi there orangutang,

>>$query = "SELECT * from 'quotes' where 'clientid'= "'. $_SESSION['logged'].'" ";


Gah! Wrong quotes, try this (admittedly they are difficult to read):-

$query = "SELECT * FROM `quotes` WHERE `clientid` = "'. $_SESSION['logged'].'" ";

They weren't quotes, they are back ticks on the column names, and as for echoing the query I meant this:-

echo $query = "SELECT * FROM `quotes` WHERE `clientid` = "'. $_SESSION['logged'].'" ";
exit;


From that see what the output to screen is to see if the data is there as you expect it to be, if not, you need to do some chasing :)

Cheers,
MRb

Orangutang

12:41 pm on Jul 16, 2010 (gmt 0)

10+ Year Member



Hi Matt,

Success, thanks mate. Back ticks, I even need to learn how to use the keyboard, uh :-)

Also echoed out the query and success, the clientid of 1 is displayed. Rather than the query returning Query empty it now displays:

SELECT * FROM `quotes` WHERE `clientid` = '1'
1 is the data that is stored in clientid column in db. Hopefully this is what you expected it to return as well?

This tells me that all is working ok but it still doesn't display the quotes ?

Any pointers please.

Orangutang

1:02 pm on Jul 16, 2010 (gmt 0)

10+ Year Member



Hiya,

As a note should I have an INSERT statement before the SELECT statement to insert the clientid that I attained from the session into the quotes table so the SELECT from quotes query will execute correctly.

Or is that not needed, the session stipulation on the query negates the need for the session var to have to be input into the quotes table first ?

Many thanks
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 12:36 pm Apr 28, 2026