Help with PHP


Ok, so I am creating a shop in PHP. Customers must login in order to be able to view the products, etc. I want to create a MyAccount page that will display the account history of that particular customer.

I am not getting customers to actually buy the products, its just a thing im working on myself, its not for actual use. So when a customer goes to buy a product if they are logged in then that is it, they dont need to fill in any more information.

Anyone any ideas on how I would do this?


Well, that is really an open-ended question. Do you want help with PHP, MySQL, HTML or security login’s?
For a starter, I have one site up similar to what you want to do. My site works like this:

HTML - Login page for userID and password, this page accepts inputs and “posts” to the PHP page.
(has a form on it with a few options such as userID, password, New-Registration and Guest)

login.php - a small PHP page with looks up their userID and password in the MySQL database to see
if they are allowed it. Or, optionally, sends then to a guest page that talks about becoming a member,
0r, optionally, sends them to a registration page. (Which enters their new data in the database.)

Home.php - A home page for registered members that lets them go to any other page they wish such
as a purchase page or blog page, whatever…

Several-Other.php - Many other PHP pages all with various sections of the site.

*** To secure the site from others, I use SESSION variables. When a member logs in and is validated as allowed to be on the site, I set a session variable called $_SESSION[‘UserID’] to their member UserID.
Then, on EVERY page of the live site, the first code is checking to see if that variable is empty or filled by a user id. If empty they are redirected to a page that says they are not allowed in that area, but can be by becoming a register member and giving them the option to do so.
It works very well this way. When someone closes the browser, the session is closed and the variable is gone. If someone notices over someone shoulder the actual URL of the products page and types it into their browser, it will not allow them to see it. Nice!

Well, hope that is what you are looking for. Good luck and let us know the next question…
( LOL, there are always more… )


Michael asked for further code… Of course, this pop’s up a lot of questions…

Do you want samples of SESSION variables?
What code have you got working so far?
Have you created your initial form requesting usernames and passwords.
Do you have this hooked up to a database as yet.

So, I gave you the basic layout of all you will need. There is a lot of other questions such as, do you have some products created already, are you using an online server already or do you need to set up a PHP server on your system for testing.

Sorry, I realize I answered your questions with a lot of other questions, but, I need to know what you need to be able to help you. Help us help you. Give some further info on what you need…

(Oh, I am leaving for a few hours, so it may be late when I reply back!)


Ok, so say I have a products, customer and transactions table.

The products table will hold all the products that are going to be sold on the site.
The customer table will be where the customer details will be saved, such as name, email, password, etc
The transactions table will be where the customer enters their details in order to buy a product. So, lets say they want to buy a black belt. They will click on the buy button at the black belt page, and this will bring them to a form to fill in. They will enter their username, name, address, etc. But, I am unsure how this would go back to the database.

For instance, how would the database know that they want to buy a black belt? How would it say that in the transactions table.

I would want to be able to go into the transactions table and see all the products that have been bought and by which particular customers.

Then, I would want to create a “my account” page were the customer that is logged in, could see all their previous transactions, but am also unsure how to do this.

Does that make it easier to understand?


Yes, much easier, you want a full tutorial on how to create a project from start to finish!

Well, basically this covers many many many areas of programming.

First, the database… Do you know how to set one up. Have you set one up?

Next, all of the data is handled by use of SQL. Have you experience in that? Can you create queries?

The entries made by customers would be down thru an HTML “form” page which would be send to a PHP page to handle the queries. Have you created any FORMS before?

Your “backend” administration page which would view the transactions and do maintenance would be another form page that would call another PHP page to display or alter data. Again, this involves HTML, FORMS, PHP and QUERIES…

So, to start you off, you should learn about all of the following. Any order… When you get stuck on any one of these, ask in another post which would have a post title of the question you need answered. Such as how to post a form to a PHP page. Perhaps you should start out by reading all of the tutorials on this site.
Another great source of tutorials is W3’s school… Here is a link to it. Click on an item in the list or the “Start Learning PHP now” link.

Hope that gets you started…


I have all the databases set up correctly and they are all linked to my site and working fine.

I can create queries and have already done many in my site. For instance in my products page, there is a query that looks in the products table and shows a list of the 10 latest products that were added to the database.

I already have a backend, were I can view customers, view products and add, edit and delete existing products.

What I am wanting to do is, when a user logs in, then they can view their previous account history. I know I would create a query to look for that particular username within the transactions table, but I am unaware how I get it to search for the username of the person that has logged in. I know its hard to understand, but the username will be different depending on who is logging into the system, so I dont know how to change the username that it searches for depending on the person that logs in.

Hope that helps it clearer.


Wow, sounds like you are almost done. Well, in your database, you must have a record of sales.
In this sales table, you would list each item that was ever sold. The records in that table would include
something like these items: UserID (who bought it), ItemNO (which product, with another table containing what this itemNO actually is), PricePaid, DatePurchased, IPpurchasedFrom (For security and identification) and any other data that you think is important. So, when a user logs in, you store their UserID in a session variable which can be used throughout the site.
So, if a user selects “Previous Purchases”, they would be sent to a page that pulls ALL of the data from the sales table WHERE the userID matches the session variable for UserID. So, if I was logged in as ErnieAlex, the query would simply be something like:
$query=“SELECT * FROM Sales WHERE UserID=“ErnieAlex” ORDER by DateSold DESC”;
This would retrieve all of my sales sorted with the latest first. (Dates are sorted the opposite of what you think as older dates are actually smaller values!)

Hope that is what you are asking for. Glad to hear you have all the other parts done… Good luck…


Yeah thats it, but not sure how to do the storing session variable part?


Okay, well, when you have the user login, I assume you use a UserID and password.
This is “validated” by running a query on the database and seeing if the user id and password match data you
have in the database. If so, you send the user to the live site. In that same code, you would set the
session variable with their userid. So, to use a session variable, every page that uses sessions variables
would start with “session_start();” which starts or connects to the current session. And, to set a session
variable, you use something like: $_SESSION[‘variablename’]=value; So, in your example, you might use
something like: $_SESSION[‘userid’]=$UserID; Where $UserID was the value they posted and you did
validate from the database.
Then, in any other page, you would use something like: if(isset($_SESSION[‘UserID’])… So, if the userID
session variable is set, you can use it in a query and select whatever you need. Also, if it is NOT set, you can
switch to a screen that says “You are now allowed to view this page!”, etc…
Did that help or make it worst?

PS: Do not forgot the session_start(); command at the beginning of all pages that use session variables.

Good luck…


Yes that helped.

Just say for instance I am using userID and password. And I want to check in the “transaction” table for all the transactions by the userID that is logged in. Could you give me first few lines of the code for that?? Like for the query part of it?

Many Thanks again


Sure! First, in the login you have set the session variable “userid” to the user’s id after validating it from the database, as we talked about before. Something like: $_SESSION[‘userid’]=$userID; … Just recapping!
Next, in the page where you are planning on listing all his/her transaction, you start with "session_start(); on
the first PHP code line.

Then, in your query, do something like this: (Not tested, but, you should be able to figure it out…)
$query=“SELECT * FROM transactions WHERE userid=’” . $_SESSION[‘userid’] . “’”;
NOTE: there are single quotes embedded in the string, inside the double-quotes. This is usually where some programmers have problems. So the results for $query is this:
SELECT * FROM tranactions WHERE userid=‘someuserid’
Just wanted to be clear on the quote issues.
Hope that helps, let us know if it does, or doesn’t! Good luck…


Thats great, will try that out soon.

Just one more question …

When a user wants to buy a product I just want to create a simple form were they can choose which product they want to buy from the drop down box. Do you know how I put the values that are stored in the products table into the options in drop down box?


Sure, another easy one… First, a “dropdown” in html is a tag with ‘s inside it.
Here is the basic code showing how to do that. You will have to alter it for your product list. But a start!

// connect to your database, get data about your product list…
$query=“SELECT * FROM products ORDER BY productName asc”;
$results = mysql_query($query) or mysql_error();
// loop through the results, creating an option list…
while( $row = mysql_fetch_row($results) )
echo "<OPTION VALUE=’" . $row[1] “’” . “>” . $row[1] . “\n”;

NOTE: This code assumes an open connection to your database, table is names products,
table contains productName and productName is second item in table. ( $row[1] )
You will have to alter this to work with your layout. The WHILE loops thru all products and loads them all
into the SELECT as options. This may be a problem if you have a large number of products!

Hope that helps…


Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING, expecting ‘,’ or ';'on line 122

Getting that error. Line 122 is:

       echo "<OPTION VALUE='" . $row[1] "'" . ">" . $row[1] . "</OPTION>\n";


Sorry, I was typing fast! Must upgrade my finger-cpu so it can keep up with my mind… LOL…

Change this:
echo “<OPTION VALUE=’” . $row[1] “’” . “>” . $row[1] . “\n”;
to this:
echo “” . $row[1] . “\n”;

Good luck!


Ok, so my code is as follows:

<?php session_start(); if(!isset($_SESSION["member"])){ header("location: memberlogin.php"); exit(); } $customerID = preg_replace ('#[^0-9]#i', '', $_SESSION["customerID"]); //filter everything but numbers and letters $member = preg_replace ('#[A-Za-z0-9]#i', '', $_SESSION["member"]); //filter everything but numbers and letters $password = preg_replace ('#[A-Za-z0-9]#i', '', $_SESSION["password"]); //filter everything but numbers and letters include "storescripts/connect_to_mysql.php"; $sql = mysql_query("SELECT * FROM admin WHERE id='$managerID' AND username='$manager' AND password='$password' LIMIT 1"); //$existCount = mysql_num_rows($sql); //if ($existCount == 0){ //header("location: ../index.php"); //exit(); //} ?> <?php $_SESSION['customerID']=$customerID; $account_list = ""; $sql = mysql_query("SELECT * FROM transactions WHERE customerID='" . $_SESSION['customerID'] . "'"); $accountCount = mysql_num_rows($sql); if ($accountCount > 0){ while($row = mysql_fetch_array($sql)){ $customerID = $row["customerID"]; $product = $row['product']; $dateofpurchase = $row['dateofpurchase']; $account_list .= "CustomerID $id - $CustomerID - Procuct $product - Date of Purchase $dateofpurchase"; } } else { $account_list = "You do not have any account history"; } There is definitely something in the table for the user that I am logged in with. Do you see any problems? Many Thanks


Well, looks like you are missing the closing php tag. ( ?> )…
And, are you 100% sure that your data in the database has the customer you used as a test?
You can test this by just displaying the value before the query. Just BEFORE these lines:
$account_list = “”;
$sql = mysql_query(“SELECT * FROM transactions WHERE customerID=’” . $_SESSION[‘customerID’] . “’”);
$accountCount = mysql_num_rows($sql);
Put this line:
$die("***" . $_SESSION[‘customerID’] . “***”);

What that will do is show the actual customerID that is being selected. Then, you will see if there is some odd thing being passed back to the page. If the customer ID used is displayed as you expected (minus the stars which I use to see extra spaces, no spaces allowed in database!), then next you would have to debug the query. To do that, AFTER these lines:
$account_list = “”;
$sql = mysql_query(“SELECT * FROM transactions WHERE customerID=’” . $_SESSION[‘customerID’] . “’”);
$accountCount = mysql_num_rows($sql);
Put this line:
This will show the count you are getting from the query. If zero, than you have no sample purchases in the account info for that customer ID…

So, that’s it, time to DEBUG… LOL… Never ends! Good luck.


Ok so when I put :

$die("***" . $_SESSION[‘customerID’] . “***”);

before the $account_list = “”; line.

I am getting the following error:

Fatal error: Call to undefined function () on line 28

Line 28 is $die("***" . $_SESSION[‘customerID’] . “***”);


Well, SORRY! I still have to upgrade my slow fingers so they keep up with my mind…

Just use:

die("***" . $_SESSION[‘customerID’] . “***”);

No dollar sign, this is not a variable. Sorry again…


:smiley: :smiley: :smiley:

ok, done, and it is outputing the correct id number