Search code examples
phpmysqldatabaseregistrationaccount

How can I display specific data from a MySQL database? (fetching user's email)

I have made a registration system with a my account page.

I can display name and password in it but cannot display email after login because I have to fetch it from MySQL database as the user doesn't enter his email at login.

No error in code but email not displayed.

This is server.php login code:

// LOGIN USER 
if (isset($_POST['login_user'])) {
  $username = mysqli_real_escape_string($db, $_POST['username']);
  $password = mysqli_real_escape_string($db, $_POST['password']);

  if (empty($username)) {
   array_push($errors, "Username is required");
  }
  if (empty($password)) {
    array_push($errors, "Password is required");
  }

  if (count($errors) == 0) {
    $password = base64_encode($password);
    $query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
    $results = mysqli_query($db, $query);
    if (mysqli_num_rows($results) == 1) {
      $_SESSION['username'] = $username;

//Here is the code with problem

      $query = "SELECT email FROM users WHERE username='$username' AND password=''$password";

      $result = mysqli_query($conn, $sql);

    if (mysqli_num_rows($result) > 0) {
    while($row = mysqli_fetch_assoc($result)) {
        $_SESSION['email'] = $row["email"];
    }
    }

//Here it ends

      $_SESSION['password'] = $password;
      $_SESSION['success'] = "You are now logged in";
      if ($_SESSION['page'] == "account.php"){
          header('location: account.php');
      }
      else{
        header('location: index.php');
      }
    }else {
        array_push($errors, "Wrong username/password combination");
   }
  }
}
Solution

  • You have an error in your second query, you have not quoted the password correctly. That said, you don't need the second query at all, because the email field is already in the first result. And you know it's only one row because you check mysqli_num_rows($results) == 1

    if (count($errors) == 0) {
    $password = base64_encode($password);
    $query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
    $results = mysqli_query($db, $query);
    if (mysqli_num_rows($results) == 1) {
        $user_data = mysqli_fetch_assoc($results);
        $_SESSION['username'] = $username;
        $_SESSION['email'] = $user_data['email'];           
        $_SESSION['password'] = $password;
        $_SESSION['success'] = "You are now logged in";
        if ($_SESSION['page'] == "account.php"){
            header('location: account.php');
        }
        else{
            header('location: index.php');
        }
    }else {
        array_push($errors, "Wrong username/password combination");
    }
}

    As a last note, remember that base64 is not the ideal function to store password, and it's probably a good idea to use some hashing function instead.