Home/ Questions/Q 8760927
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-13T15:09:53+00:00

I have set up a login page for mySQL and it logs in correctly.

  • 0

I have set up a login page for mySQL and it logs in correctly. The login form has e-mail and password but when they log-in. When they first register though, their mySQL record is populated with their first and last name as well (the fields are first name, last name, e-mail, password).

The problem is that when I login successfully, it’s not grabbing the other variables from the record. It’s just grabbing the e-mail and password because that’s what they input. How do I grab the other variables of a row in mySQL (first name, last name) that correspond with data I already have (username, password)? I understand this may be sort of mySQL 101 but I’m having trouble Googling this question exactly.

I’ve attached some code. This is my checklogin.php page that validates everything. Now I understand that the variables at the bottom are not the way I get the firstname and lastname since they weren’t posted by the form (as I mentioned, the form only has e-mail and password):

<?php
$mysqli = mysqli_connect("mysql_name","user_name","password", "db_name");
if (!$mysqli)
  {
  die('Could not connect: ' . mysqli_error($mysqli));
  }

// username and password sent from form
//NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection!
$email=$mysqli->real_escape_string($_POST['email']);
$password=$mysqli->real_escape_string($_POST['password']);

$sql="SELECT * FROM tbl_name WHERE email='$email' and password='$password'";
$result = $mysqli->query($sql);

if(is_object($result) && $result->num_rows == 1){
  // Register variables and redirect to file "profile.php"
  session_start();
  $_SESSION['firstname']=$_POST['firstname'];
  $_SESSION['lastname']=$_POST['lastname'];
  $_SESSION['email']=$_POST['email'];
  $_SESSION['password']=$_POST['password'];
  header('location:profile.php');
} else {
  echo "Wrong Username or Password";
}
?>

My assumption is that the variables are called on the profile.php page that this gets redirected to after I start the session. The problem is $_SESSION[‘firstname’] and $_SESSION[‘lastname’] don’t work because I suppose they haven’t been declared yet. Any help (or even just a nudge in the right direction) would be greatly appreciated. Thanks!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team
    Try This if you have all the information in the same table:    


<?php
    $mysqli = mysqli_connect("localhost","root","", "login");
    if (!$mysqli)
      {
      die('Could not connect: ' . mysqli_error($mysqli));
      }

    // username and password sent from form
    //NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection!
    $email=$mysqli->real_escape_string($_POST['email']);
    $password=$mysqli->real_escape_string($_POST['password']);

    $sql="SELECT * FROM tbl_name WHERE email='$email' and password='$password'";
    $result = $mysqli->query($sql);

    if(is_object($result) && $result->num_rows == 1){
      // Register variables and redirect to file "profile.php"
      session_start();
      $num=$result->fetch_array(MYSQLI_ASSOC);
      $_SESSION['firstname']=$num['firstname'];
      $_SESSION['lastname']=$num['lastname'];
      $_SESSION['email']=$num['email'];
      $_SESSION['password']=$num['password'];
      //redirect('profile.php');
      header('location:profile.php');
    } else {
      echo "Wrong Username or Password";
    }

    ?>
    • 0