How to use the data of one table in the "where" section of another table?

Question

How to use the data of one table in the "where" section of another table?

I need ur help guys .. did the creation of the site for "home docking ideas". I have a login form (login-form.php) in which, after entering the "login" and "password" after checking through login-execute.php, it is redirected to viewOrder.php, where the user can view all orders ordered by customers .. everything is still fine .. but what I want when a user logs in, he only looks at this order, which is not ordered by him in all client orders. The database contains two tables: members and order_insert .. in the table "members", the login and password are stored and in "order_insert" customer orders are stored .. the codes of these three pages are as follows.

.........................

login-form.php

.........................

<form id="loginForm" name="loginForm" method="post" action="login-exec.php">
  <table width="300" border="0" align="center" cellpadding="2" cellspacing="0">
    <tr>
      <td width="112"><b>Login</b></td>
      <td width="188"><input name="login" type="text" class="textfield" id="login" /></td>
    </tr>
    <tr>
      <td><b>Password</b></td>
      <td><input name="password" type="password" class="textfield" id="password" /></td>
    </tr>
    <tr>
      <td>&nbsp;</td>
      <td><input type="submit" name="Submit" value="Login" /></td>
    </tr>
  </table>
</form>

......................... Login-execute.php .................... .....

<?php
    //Start session
    session_start();

    //Include database connection details
    require_once('config.php');

    //Array to store validation errors
    $errmsg_arr = array();

    //Validation error flag
    $errflag = false;

    //Connect to mysql server
    $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
    if(!$link) {
        die('Failed to connect to server: ' . mysql_error());
    }

    //Select database
    $db = mysql_select_db(DB_DATABASE);
    if(!$db) {
        die("Unable to select database");
    }

    //Function to sanitize values received from the form. Prevents SQL injection
    function clean($str) {
        $str = @trim($str);
        if(get_magic_quotes_gpc()) {
            $str = stripslashes($str);
        }
        return mysql_real_escape_string($str);
    }

    //Sanitize the POST values
    $login = clean($_POST['login']);
    $password = clean($_POST['password']);

    //Input Validations
    if($login == '') {
        $errmsg_arr[] = 'Login ID missing';
        $errflag = true;
    }
    if($password == '') {
        $errmsg_arr[] = 'Password missing';
        $errflag = true;
    }

    //If there are input validations, redirect back to the login form
    if($errflag) {
        $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
        session_write_close();
        header("location: login-form.php");
        exit();
    }

    //Create query
    $qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'";
    $result=mysql_query($qry);

    //Check whether the query was successful or not
    if($result) {
        if(mysql_num_rows($result) == 1) {
            //Login Successful
            session_regenerate_id();
            $member = mysql_fetch_assoc($result);
            $_SESSION['SESS_MEMBER_ID'] = $member['member_id'];
            $_SESSION['SESS_FIRST_NAME'] = $member['firstname'];
            $_SESSION['SESS_LAST_NAME'] = $member['lastname'];
            session_write_close();
            header("location: viewOrder.php");
            exit();
        }else {
            //Login failed
            header("location: login-failed.php");
            exit();
        }
    }else {
        die("Query failed");
    }
?>

............................. viewOrder.php ..............................

<html>

<body bgcolor="#FFFFFF" >


<?

     $host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name="mydatabase"; // Database name
$tbl_name="order_insert"; // Table name
$tbl_name2="members";
// connect to server and databases
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");




$result = mysql_query("SELECT * FROM $tbl_name ");

print "<center>";
  $output .= "<table  width=1100 border=1 bordercolor=black>";
 $output .= "<tr align=center><td>ID</td><td>First Name</td><td>Last Name</td><td>E Mail</td><td> City </td><td> Country </td><td> Phone</td><td>Decoration Type</td><td>Service Description</td><td>Budget</td><td>Update</td><td>Delete</td></tr>";
  $output .= "<th></th><th></th>";
  $output .= "</tr>\n\n";



  while ($row = mysql_fetch_assoc($result)){
    $output .= "<tr>\n";

    foreach ($row as $col=>$val){
      $output .= " <td>$val</td>\n";
    } // end foreach

    $keyVal = $row["id"];


$output .=  "<td><a href='update.php?ID=$row[orderId]' >Update </a></td>";
 $output .=  "<td><a href='delete.php?ID=$row[orderId]' >Delete </a></td>";

   $output .= "</tr>\n\n";

  }// end while


  $output .= "</table></center>";
   print "$output";


?>&nbsp;&nbsp;&nbsp;<br>
<br> 
<center><table > <tr><td>
<form action="home.php"><font color="#FF0000"><input type="submit" name="btn" style="color:#CC0000" value="<--Back" ></font></form></td></tr></table></center>
</body>
</html>

.....

+3

php mysql

sahar 14 . '10 6:39

5

Xorty · Answer 1 · 2010-06-14T06:56:41+0000

(login) order_insert. , , ( , ).

:

$qry="SELECT * FROM orders,members WHERE 
orders.login = members.login AND 
members.login='$login' AND 
members.passwd='".md5($_POST['password'])."'";

Bill Karwin · Answer 2 · 2010-06-14T06:58:45+0000

member_id login-execute.php, .

viewOrder.php:

$memberid = (int) $_SESSION['SESS_MEMBER_ID'];
$result = mysql_query("SELECT * FROM $tbl_name WHERE member_id = $memberid");

// always check for error
if ($result === false) {
    throw new Exception(mysql_error());
}

apis17 · Answer 3 · 2010-06-14T07:03:13+0000

viewOrder.php,

$result = mysql_query("SELECT * FROM $tbl_name WHERE user_id = '{$_SESSION['SESS_MEMBER_ID']}' ");

Vinayak mahadevan · Answer 4 · 2010-06-14T14:13:24+0000

SELECT * FROM order_insert, WHERE order_insert.member_id = members.member_id AND members.member_id = ( member_id , login = '$ login');

Try the above query in any query browser. Replace the variable $ login with any login and check if it works. Also try not to use select * instead of specifying the fields you want the query to return.

Gus · Answer 5 · 2010-06-23T18:44:28+0000

add session_start (); at the top of the page in viewing order.

Something like this from a previous post.

session_start();

$memberid = (int) $_SESSION['SESS_MEMBER_ID']; $result = mysql_query("SELECT * FROM $tbl_name WHERE member_id = $memberid");

// always check for error if ($result === false) { throw new Exception(mysql_error()); }

If this does not work, try doing echo $ _SESSION ['SESS_MEMBER_ID']: and see if something outputs.

How to use the data of one table in the "where" section of another table?

More articles: