Security problem.

[acrikey]

I currently have a page that reads a database for info. I would like this page to be connected with my login page so only the logged in user's info is displayed not the whole table. (Pages are separate and and there are 3 pages that need to be linked)

[CloudedVision]

Couldn't you do something like this?

Code: Select all

SELECT * FROM `users` WHERE `username`='".$username."'"

Or am I misinterpreting the question?

[Jack Franklin]

I would say you are right CV but the question is a little vague, acrikey, could you go into more detail please?

[acrikey]

Sorry, ok take Facebook as an example, you log in and it takes you to your home page, if you click on any link it takes you to a unique page to your username, eg does not show you just anyones page. Is that clearer? If not let me know and I'll get the wife to word it!!!!!

[Jack Franklin]

Then CV is right

[acrikey]

When I put that code it it send the screen blank, where should I insert that code?

Code: Select all

<head>
<?
session_start();
if(!session_is_registered(myusername)){
header("location:main_login.php");
}
?>
<title>Account Details</title>
</head>


<style type="text/css">
<!--
@import url("default.css");
<!--
body {
    background-repeat: repeat-x;
}

</style>
<body>
<div id="header">
<script>
var Digital=new Date()
var month=Digital.getMonth()
if (month <= 2){    // month is between jan and march    
    document.write("<IMG SRC='http://www.lightex.co.uk/fieldworks/images/img5.jpg'>");
} else if (month <= 5){
    // month is between april and june
    document.write("<IMG SRC='http://www.lightex.co.uk/fieldworks/images/img2.jpg'>");
} else if (month <= 8){    // july and september
    document.write("<IMG SRC='http://www.lightex.co.uk/fieldworks/images/img2.jpg'>");
} else {    // otherwise its between oct and dec
    document.write("<IMG SRC='http://www.lightex.co.uk/fieldworks/images/img3.jpg'>");
}
</script>
</div>
<div id="page">
  <div id="content">
        <div id="welcome" class="post">
            <h1 class="title">Account Details</h1>
            <IMG SRC="http://www.lightex.co.uk/fieldworks/images/420 copy.png" width="131" height="106">
        <div class="content">
              <h3 align="center"><br />
              </h3>
                <h3 align="center">&nbsp;</h3>
          </div>
    </div>
        <div id="example" class="post">
            <?php
// Connects to my Database
mysql_connect("", "", "") or die(mysql_error());
mysql_select_db("") or die(mysql_error());
$data = mysql_query("SELECT * FROM ")
or die(mysql_error());
Print "<table border cellpadding=5>";
while($info = mysql_fetch_array( $data ))
{
Print "<tr>";
Print "<th>First Name:</th> <td>".$info['f_name'] . "</td> ";
Print "<th>Surname:</th> <td>".$info['l_name'] . " </td></tr>";
Print "<th>House Name:</th> <td>".$info['hs_name'] . " </td></tr>";
Print "<th>Address:</th> <td>".$info['2l_address'] . " </td></tr>";
Print "<th>Village:</th> <td>".$info['vill_address'] . " </td></tr>";
Print "<th>Area:</th> <td>".$info['ar_address'] . " </td></tr>";
Print "<th>County:</th> <td>".$info['cout_address'] . " </td></tr>";
Print "<th>Post Code:</th> <td>".$info['pc_address'] . " </td></tr>";
Print "<th>Home Phone:</th> <td>".$info['hc_phone'] . " </td></tr>";
Print "<th>Work Phone:</th> <td>".$info['wc_phone'] . " </td></tr>";
Print "<th>Mobile Phone:</th> <td>".$info['mc_phone'] . " </td></tr>";
Print "<th>Email:</th> <td>".$info['email'] . " </td></tr>";
}
Print "</table>";

 SELECT * FROM `mytable` WHERE `username`='".$username."'"
?>
            <br>
            
            <div class="content">
                                  
              
          </div>
        </div>
  </div>
    <div id="sidebar">
        <div id="menu">
            <ul>
              <li><a href="homepage.html" onClick="logout_confirm(); return false;">Homepage</a>
             <script> function logout_confirm() {
  if(confirm("You are about to logout?"))
    window.location = "homepage.html";
}</script></li>
                <li><a href="login_success.php" title="">Login Homepage</a></li>
              <li><a href="fieldworks/accountdetails.php" title="">Account Detail</a></li>
                <li><a href="lastbill.php" title="">Last Bill</a></li>
                <li><a href="estatedetails.php" title="">Estate Details</a></li>
                <li><a href="fieldworks/contactuslogin.php" title="">Contact Us</a></li>
            </ul>
        </div>
        
        <div id="updates" class="boxed">
            <h2 class="title">Recent Updates</h2>
            <div class="content">
              <ul>
                <li> </li>
                <li>
                  <h3 class="style7">Coming Soon</h3>
                </li>
              </ul>
              <p>We will be extending our services to parks  and large lawns.</p>
              <ul>
                <li>
                  <h3></h3>
                </li>
              </ul>
          </div>
            <div class="content">
                <!-- Paste this code into the BODY section of your HTML document  -->


            </div>
      </div>
    </div>
    <div style="clear: both;">&nbsp;</div>
</div>
<div id="footer">Copyright &copy; 2006 Sitename.com. Designed by <a href="ttp://www.blanedesigns.com">Blane Designs</a>
  <p id="links"><br />
  <a href="#">Privacy Policy</a>
</div>
</body>

[CloudedVision]

session_start should be before any content.

[acrikey]

done, and the code you supplied above?

[CloudedVision]

that should be used as a mysql query.