How can i display a row with user sessions

<?php
`session_start();
if(!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== true){
    header("location:");`
   ` exit;`
`}
?>`

`<?php
$name=$_SESSION["username"];
$conn = mysqli_connect("localhost", "root", "", "new") or die("Connection Error: " . mysqli_error($conn));
$query = "SELECT payment from members WHERE username='$name'"; 
$result = mysqli_query($conn, $query) or die(mysqli_error($conn));
$row = mysqli_fetch_row($result);`


`$payment= $row[7];
echo $payment;
if ($payment>0) {
 echo "yes";
}else
{
  echo "no";
}
?> `

if you edit your post above and add bbcode [ code ] [ /code ] tags (without the spaces), your code will be readable.

Here’s a bunch of practices that will simplify and secure what you are doing -

  1. Store the user id (auto-increment primary index) in a session variable to identify who the logged in user is. This session variable will either be set and contain the user id, or it won’t be set.
  2. Don’t copy variables to other variables without any purpose, just use the original variable.
  3. Don’t use the root database user in your application. Create a database user that has just the permissions your application needs.
  4. Don’t use or die(…) for error handling and don’t unconditionally output the raw database errors onto the web page. Instead, use exceptions for errors and in most cases let php catch and handle the exception where it will use its error related settings to control what happens with the actual error information (database errors will get displayed or logged the same as php errors.)
  5. Your members table should just hold direct member information. A payment that someone has made is related information that should be stored in a separate table, a payments table, related back to the member/user it corresponds with through the user’s id.
  6. While you would end up using a known/safe value, the user’s id, to query for the payment information, in general you should not put external/unknown data directly into an sql query statement. You would instead use a prepared query, with a place-holder in the sql query for each value, then supply the value(s) when the query gets executed. Your current query using the username could allow sql injection if the username was created with sql as part of it. See this link - https://bobby-tables.com/
  7. In general, you should fetch and operate on data using associative(name) indexes. This will make your code self-documenting and protect against changes in the database column ordering from breaking your code.
  8. If the current code isn’t working and php isn’t helping you to find out why, you likely don’t have php’s error related settings set to report and display or log all errors. You should ALWAYS have error_reporting set to E_ALL and when learning, developing, and debugging code/queries, have display_errors set to ON, when on a live/public server, display_errors should be set to OFF, and log_errors should be set to ON. These settings should be in the php.ini on your system.
Sponsor our Newsletter | Privacy Policy | Terms of Service