How can I display specific data from a MySQL database? (fetching user's email)

Question

I have made a registration system with a my account page.

I can display name and password in it but cannot display email after login because I have to fetch it from MySQL database as the user doesn't enter his email at login.

No error in code but email not displayed.

This is server.php login code:

// LOGIN USER 
if (isset($_POST['login_user'])) {
  $username = mysqli_real_escape_string($db, $_POST['username']);
  $password = mysqli_real_escape_string($db, $_POST['password']);

  if (empty($username)) {
   array_push($errors, "Username is required");
  }
  if (empty($password)) {
    array_push($errors, "Password is required");
  }

  if (count($errors) == 0) {
    $password = base64_encode($password);
    $query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
    $results = mysqli_query($db, $query);
    if (mysqli_num_rows($results) == 1) {
      $_SESSION['username'] = $username;

//Here is the code with problem

      $query = "SELECT email FROM users WHERE username='$username' AND password=''$password";

      $result = mysqli_query($conn, $sql);

    if (mysqli_num_rows($result) > 0) {
    while($row = mysqli_fetch_assoc($result)) {
        $_SESSION['email'] = $row["email"];
    }
    }

//Here it ends

      $_SESSION['password'] = $password;
      $_SESSION['success'] = "You are now logged in";
      if ($_SESSION['page'] == "account.php"){
          header('location: account.php');
      }
      else{
        header('location: index.php');
      }
    }else {
        array_push($errors, "Wrong username/password combination");
   }
  }
}

This is an error `WHERE username='$username' AND password=''$password";` — RiggsFolly, Jun 17 '19 at 16:03
Please dont __roll your own__ password hashing, specially not with `base64_encode()` PHP provides [`password_hash()`](http://php.net/manual/en/function.password-hash.php) and [`password_verify()`](http://php.net/manual/en/function.password-verify.php) please use them. — RiggsFolly, Jun 17 '19 at 16:04
The query that is causing the issue does no actually need to be there. You did `SELECT *` in previous query, so you already have `email` in the resultset of the previous query. All you need to do is `$row = mysql_fetch_assoc($result);` — RiggsFolly, Jun 17 '19 at 16:08
I didn't know any 2 way hashing so i used base64_encode and base64_decode for encryption — Legendary Jaguarz, Jun 19 '19 at 15:56
As i said i am a beginner so i dont know enough php to use prepared parameterized statements — Legendary Jaguarz, Jun 19 '19 at 16:00

score 0 · Answer 1 · edited Jun 19 '19 at 16:07

0

You should get your email once login is successful.

$password = base64_encode($password);
$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$results = mysqli_query($db, $query);

if (mysqli_num_rows($results) == 1) {
     $row = mysqli_fetch_assoc($result);
     $_SESSION['username'] = $username;
     $_SESSION['email'] = $row['email'];
}

edited Jun 19 '19 at 16:07

RiggsFolly

93,638
21
103
149

answered Jun 17 '19 at 16:04

nodeffect

1,830
5
25
42

score -1 · Accepted Answer · answered Jun 17 '19 at 16:08

You have an error in your second query, you have not quoted the password correctly. That said, you don't need the second query at all, because the email field is already in the first result. And you know it's only one row because you check mysqli_num_rows($results) == 1

if (count($errors) == 0) {
    $password = base64_encode($password);
    $query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
    $results = mysqli_query($db, $query);
    if (mysqli_num_rows($results) == 1) {
        $user_data = mysqli_fetch_assoc($results);
        $_SESSION['username'] = $username;
        $_SESSION['email'] = $user_data['email'];           
        $_SESSION['password'] = $password;
        $_SESSION['success'] = "You are now logged in";
        if ($_SESSION['page'] == "account.php"){
            header('location: account.php');
        }
        else{
            header('location: index.php');
        }
    }else {
        array_push($errors, "Wrong username/password combination");
    }
}

As a last note, remember that base64 is not the ideal function to store password, and it's probably a good idea to use some hashing function instead.

Still showing error - Parse error: syntax error, unexpected end of file in /home/vol14_6/epizy.com/epiz_23929862/htdocs/reg_test/server.php on line 99 — Legendary Jaguarz, Jun 17 '19 at 16:27
That's another error, please double check all curly braces and semicolons, because they are the most common reasons for that error — salvatore, Jun 17 '19 at 17:08

How can I display specific data from a MySQL database? (fetching user's email)

2 Answers2