tags:

views:

183

answers:

5
+2  Q: 

How to use data of one table in 'where' clause of another table?

hello, i need ur help guys..i m making website for 'home docor ideas'..i have a log in form(login-form.php) in which when 'log in' and 'password' is inserted,after verification through login-execute.php, redirected to viewOrder.php where user can view all of the orders ordered by clients.. all is fine up till here.. but what i want is,when user get logged in ,he view only that order which is ordered by him not all customer's orders.. two tables are there in database: members and order_insert.. in 'members' table, login and password is stored and in 'order_insert',orders of customers is stored.. codes of these three pages is as follows..

.........................

login-form.php

.........................

<form id="loginForm" name="loginForm" method="post" action="login-exec.php">
  <table width="300" border="0" align="center" cellpadding="2" cellspacing="0">
    <tr>
      <td width="112"><b>Login</b></td>
      <td width="188"><input name="login" type="text" class="textfield" id="login" /></td>
    </tr>
    <tr>
      <td><b>Password</b></td>
      <td><input name="password" type="password" class="textfield" id="password" /></td>
    </tr>
    <tr>
      <td>&nbsp;</td>
      <td><input type="submit" name="Submit" value="Login" /></td>
    </tr>
  </table>
</form>

......................... login-execute.php .........................

<?php
    //Start session
    session_start();

    //Include database connection details
    require_once('config.php');

    //Array to store validation errors
    $errmsg_arr = array();

    //Validation error flag
    $errflag = false;

    //Connect to mysql server
    $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
    if(!$link) {
        die('Failed to connect to server: ' . mysql_error());
    }

    //Select database
    $db = mysql_select_db(DB_DATABASE);
    if(!$db) {
        die("Unable to select database");
    }

    //Function to sanitize values received from the form. Prevents SQL injection
    function clean($str) {
        $str = @trim($str);
        if(get_magic_quotes_gpc()) {
            $str = stripslashes($str);
        }
        return mysql_real_escape_string($str);
    }

    //Sanitize the POST values
    $login = clean($_POST['login']);
    $password = clean($_POST['password']);

    //Input Validations
    if($login == '') {
        $errmsg_arr[] = 'Login ID missing';
        $errflag = true;
    }
    if($password == '') {
        $errmsg_arr[] = 'Password missing';
        $errflag = true;
    }

    //If there are input validations, redirect back to the login form
    if($errflag) {
        $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
        session_write_close();
        header("location: login-form.php");
        exit();
    }

    //Create query
    $qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'";
    $result=mysql_query($qry);

    //Check whether the query was successful or not
    if($result) {
        if(mysql_num_rows($result) == 1) {
            //Login Successful
            session_regenerate_id();
            $member = mysql_fetch_assoc($result);
            $_SESSION['SESS_MEMBER_ID'] = $member['member_id'];
            $_SESSION['SESS_FIRST_NAME'] = $member['firstname'];
            $_SESSION['SESS_LAST_NAME'] = $member['lastname'];
            session_write_close();
            header("location: viewOrder.php");
            exit();
        }else {
            //Login failed
            header("location: login-failed.php");
            exit();
        }
    }else {
        die("Query failed");
    }
?>

............................. viewOrder.php ..............................

<html>

<body bgcolor="#FFFFFF" >


<?

     $host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name="mydatabase"; // Database name
$tbl_name="order_insert"; // Table name
$tbl_name2="members";
// connect to server and databases
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");




$result = mysql_query("SELECT * FROM $tbl_name ");

print "<center>";
  $output .= "<table  width=1100 border=1 bordercolor=black>";
 $output .= "<tr align=center><td>ID</td><td>First Name</td><td>Last Name</td><td>E Mail</td><td> City </td><td> Country </td><td> Phone</td><td>Decoration Type</td><td>Service Description</td><td>Budget</td><td>Update</td><td>Delete</td></tr>";
  $output .= "<th></th><th></th>";
  $output .= "</tr>\n\n";



  while ($row = mysql_fetch_assoc($result)){
    $output .= "<tr>\n";

    foreach ($row as $col=>$val){
      $output .= " <td>$val</td>\n";
    } // end foreach

    $keyVal = $row["id"];


$output .=  "<td><a href='update.php?ID=$row[orderId]' >Update </a></td>";
 $output .=  "<td><a href='delete.php?ID=$row[orderId]' >Delete </a></td>";

   $output .= "</tr>\n\n";

  }// end while


  $output .= "</table></center>";
   print "$output";


?>&nbsp;&nbsp;&nbsp;<br>
<br> 
<center><table > <tr><td>
<form action="home.php"><font color="#FF0000"><input type="submit" name="btn" style="color:#CC0000" value="<--Back" ></font></form></td></tr></table></center>
</body>
</html>

..... your help and suggestions will be appreciated

A: 

You need to have foreign key (login) in your order_insert table. That means, every order knows, whom it belongs (since login of user who made order is stored here).

Then update your query :

$qry="SELECT * FROM orders,members WHERE 
orders.login = members.login AND 
members.login='$login' AND 
members.passwd='".md5($_POST['password'])."'";
Xorty  2010-06-14 06:56:41
thanx 4 reply... i tried it but it is giving me blank table :(
sahar  2010-06-14 07:33:31
and do you have that foreign key already created?
Xorty  2010-06-14 07:34:44
yup my foreign key is orderId in order table
sahar  2010-06-14 07:41:13
no no that's primary key. You need to have member_id in orders table.
Xorty  2010-06-14 07:45:14
OK i have made 'member_id', a foreign key(primary key of 'members' table) in 'order_insert' table, and have following query: $result=mysql_query("SELECT * FROM order_insert,members WHERE order_insert.member_id = members.member_id AND members.member_id='$login' AND members.passwd='".md5($_POST['password'])."'");now its giving me following warning and empty table..... Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in C:\xampp\htdocs\PHP-Login\viewOrder.php on line 44
sahar  2010-06-14 08:08:42
mysql_fetch_assoc() is taking $result as argument
sahar  2010-06-14 08:15:15
can you try that query in some query browser? We can find out, whether there is problem with MySQL query or PHP code.You can try phpMyAdmin or MySQL Query Browser or some in-IDE build tool. Type it with rough data and we'll see, so :"select * from order_insert,members where order_insert.member_id = members.memeber_id and members.memeber_id = 'john' and memebers.passwrd = md5('somepassword')";Keep in mind, that member_id looks like some numeric format. Maybe better name for that foreign key will be "member_login" or just "login"
Xorty  2010-06-14 08:16:15
member_id is of int type as it is primary key of 'members' table..
sahar  2010-06-14 08:37:17
i,ve tried the query in phpmyadmin,it is giving following error:Unknown column 'order_insert.member_id' in 'where clause'
sahar  2010-06-14 08:38:28
if it is int, query will be little more complicated :select * from order_insert,members where order_insert.memeber_id = (Select memeber_id from memebers where login = 'John') and memebers.passwrd = md5('somepassword');
Xorty  2010-06-14 08:46:00
it is giving the same error:Unknown column 'order_insert.member_id' in 'where clause'
sahar  2010-06-14 09:35:05
A: 

You've put the member_id into your session in login-execute.php, so therefore it should be available for subsequent scripts.

You can read your session data and use the value in viewOrder.php:

$memberid = (int) $_SESSION['SESS_MEMBER_ID'];
$result = mysql_query("SELECT * FROM $tbl_name WHERE member_id = $memberid");

// always check for error
if ($result === false) {
    throw new Exception(mysql_error());
}
Bill Karwin  2010-06-14 06:58:45
thanx 4 reply.. i tried it but it is giving me following warning and blank table....Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in C:\xampp\htdocs\PHP-Login\viewOrder.php on line 50
sahar  2010-06-14 07:34:39
You should always check for error conditions. I'll add an example above.
Bill Karwin  2010-06-14 18:58:13
A: 

on viewOrder.php,

$result = mysql_query("SELECT * FROM $tbl_name WHERE user_id = '{$_SESSION['SESS_MEMBER_ID']}' ");
apis17  2010-06-14 07:03:13
THANX for reply..i tried it, but its giving me following warning:Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in C:\xampp\htdocs\PHP-Login\viewOrder.php on line 44... giving me table structure only not data in it
sahar  2010-06-14 07:31:41
A: 

SELECT * FROM order_insert,members WHERE order_insert.member_id = members.member_id AND members.member_id=(select member_id from members where login = '$login');

Try the above query in any query browser. Replace the $login variable with any login name and check whether it works. Also try not use select * instead be specific about the fields you want the query to return.

Vinayak Mahadevan  2010-06-14 14:13:24
bundle of thanks.. query is working well in query browser.but in php it is not working and giving me blank table.. posting data from login-form.php is creating problem.... keep in mind that when customer submits login-form.php, redirects to login-execute.php and then to viewOrder form.......i've just updated query and added $login=$_POST['login']; in above mentioned viewOrder.php page..plz tell me where i m wrong
sahar  2010-06-15 06:10:57
Try this statement in php$result = mysql_query("SELECT * FROM order_insert,members WHERE order_insert.member_id = members.member_id AND members.member_id=(select member_id from members where login ='".$_POST['login']."')");Try the above statement and let me know whether it works
Vinayak Mahadevan  2010-06-15 09:53:33
hi Vinayak.. i've tried it, but again its giving me blank table
sahar  2010-06-16 04:39:23
Try this statement in php $result = mysql_query("SELECT * FROM order_insert,members WHERE order_insert.member_id = members.member_id AND members.login ='".$_POST['login']."'");try the above statement and instead of using select * please use specific column headings
Vinayak Mahadevan  2010-06-16 08:46:38
yes m not using * ,instead i m using following query but i dnt know why its giving me table structure only n not data in it...while its working well in phpmyadmin query browser..$result = mysql_query("SELECT order_insert.orderId,order_insert.firstName,order_insert.lastName,order_insert.eMial, order_insert.city, order_insert.country, order_insert.phone, order_insert.summary, order_insert.cost FROM order_insert,members WHERE order_insert.member_id = members.member_id AND members.login ='".$_POST['login']."'");
sahar  2010-06-17 04:33:14
in the $_post['login'] replace single quotes with double quotes and try.
Vinayak Mahadevan  2010-06-17 05:40:01
i've added these two lines in viewOrder.php:session_start();$login1=$_SESSION['SESS_LOGIN'];...n query is:$result=mysql_query("SELECT order_insert.orderId,order_insert.firstName FROM order_insert,members WHERE order_insert.member_id = members.member_id AND members.member_id=(select member_id from members where login = '$login1')"); and added this line in execute.php before redirecting to viewOrder.php:$_SESSION['SESS_LOGIN']=$member['login'];...n now its giving me right result but with warning:session_start()[function.session-start]:Can't send session cache limiter-headers already sent.why??
sahar  2010-06-17 06:31:04
hey Vinayak i found the reason of warning.. there was html code (like <html><body bgcolor="#FFFFFF">) before <? session_start() ?>...now i m getting exactly the same result that i want..great thanks for your help : )
sahar  2010-06-17 09:34:37
A: 

add session_start(); at the top of the page in viewing orders.

Something like this from a previous post.

session_start();

$memberid = (int) $_SESSION['SESS_MEMBER_ID']; $result = mysql_query("SELECT * FROM $tbl_name WHERE member_id = $memberid");

// always check for error if ($result === false) { throw new Exception(mysql_error()); }

If it doesn't work, try doing echo $_SESSION['SESS_MEMBER_ID']: and see if that outputs anything.

Gus  2010-06-23 18:44:28
thanx for ur response Gus... my problm z already been solved : )
sahar  2010-06-24 09:10:29

related questions

Remove Quotes and Commas from a String in MySQL
What's the best way of converting a mysql database to a sqlite one?
How do you manage databases in development, test, and production?
Multiple foreign keys?
Add 1 to a field (MySQL)
Issues using MS Access as a front-end to a MySQL database back-end?
Bigger than a char but smaller than a blob
How do I retrieve my MySQL username and password?
Long-time LAMP Developer moving to VB.NET
How do I Concatenate entire result sets in MySQL?
Full complete MySQL database replication? Ideas? What do people do?
SQL: Distribution of table in time
SQLite vs MySQL
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Multiple Updates in MySQL
MySQL/Apache Error in PHP MySQL query
What all do I need to escape when sending a (My)SQL query?
Auto Generate Database Diagram MySQL
Mechanisms for tracking DB schema changes
How big can a MySQL database get before performance starts to degrade.
Python and MySQL
SQL Server 2005 implementation of MySQL REPLACE INTO?
How to export data from SQL Server 2005 to MySQL
Throw Error In MySQL Trigger
Binary Data in MySQL