Take database specific data

Asked

Viewed 583 times

-2

Good guys, I’m doing a project with the following pages pedidos.php and anexa.php. The action of the requests goes to the attached page, in it I have the sending of the content to the database and email, through the function mail(), everything works perfectly. However, I wish on another page, called "My requests", to display the data of the completed request.

But I don’t know how to make this inclusion specific, all orders go to the same bank, and different people who log in.

Someone help me with this question! Please! Thank you in advance.

Attached page.php

<?php
    $nome        = $_POST['nome_empresa'];
    $telefone    = $_POST['telefone'];
    $email       = $_POST['email'];
    $material    = $_POST['material'];
    $cor         = $_POST['cor'];
    $quantidade  = $_POST['quantidade'];
    $acabamento  = $_POST['acabamento'];
    $formato     = $_POST['formato'];
    $altura      = $_POST['altura'];
    $largura     = $_POST['largura'];
    $papel       = $_POST['papel'];
    $gramatura   = $_POST['gramatura'];
    $descricao   = $_POST['descricao'];
    $aleatorio=rand(1,99999);

    $sql = mysql_query("INSERT INTO pedidos (nome_empresa, telefone, email, material, cor, quantidade, acabamento, formato, altura, largura, papel, gramatura, descricao, aleatorio) VALUES ('$nome', '$telefone', '$email', '$material', '$cor', '$quantidade', '$acabamento', '$formato', '$altura', '$largura', '$papel', '$gramatura', '$descricao', '$aleatorio')");
?>

<div class="container">
    <div class="jumbotron jumbotron-fluid">
    <?php
        include ("Mail.php");
        include ("Mail/mime.php");

        $up=0;

        $nome        = $_POST['nome_empresa'];
        $telefone    = $_POST['telefone'];
        $email       = $_POST['email'];
        $material    = $_POST['material'];
        $cor         = $_POST['cor'];
        $quantidade  = $_POST['quantidade'];
        $acabamento  = $_POST['acabamento'];
        $formato     = $_POST['formato'];
        $altura      = $_POST['altura'];
        $largura     = $_POST['largura'];
        $papel       = $_POST['papel'];
        $gramatura   = $_POST['gramatura'];
        $descricao   = $_POST['descricao'];

        $recipients = '[email protected]';

        $headers = array (
            'From'    => '[email protected]', 
            'To'      => $recipients,
            'Subject' => "Pedido N#$aleatorio"
        );

        $crlf = "\r\n";
        $text = "<p>Um novo pedido foi realizado por: $nome</p></br></br>

            DETALHES DO PEDIDO:</br></br>

            Pedido de Numero:#$aleatorio</br>
            Telefone: $telefone</br>
            Email: $email</br>
            ____________________________________</br></br>

            Material: $material</br>
            Acabamento: $acabamento</br>
            Formato: $formato</br>
            Tamanho = $altura x $largura</br>
            Cor: $cor</br>
            Papel : $papel</br>
            Gramatura: $gramatura</br>
            Quantidade: $quantidade</br></br>

            Descricoes: $descricao
        ";

        $html = "<HTML><BODY><font color=blue>$text</font></BODY></HTML>";

        $mime = new Mail_mime($crlf);
        $mime->setHTMLBody($html);

        for( $i = 0; $i < count($_FILES['anexo']['name']); $i++ ) {
            if (is_uploaded_file($_FILES['anexo']['tmp_name'][$i])) {
                $caminho[$i] = "/home/conexaografica/www/areaderevendedor/tmp/".$_FILES['anexo']['name'][$i];

                if(copy($_FILES['anexo']['tmp_name'][$i],$caminho[$i])) {
                    $mime->addAttachment($caminho[$i]);
                    unlink($caminho[$i]);
                    echo "Seu arquivo foi anexado!<br>";
                }
            } else {
                echo "<h1>O arquivo não foi transferido!</h1>";
                echo "<h2><font color='red'>Caminho ou nome de arquivo Inválido</font></h2>";
            }
        }

        $body = $mime->get();
        $headers = $mime->headers($headers);

        $params = array (
            'auth' => true, 
            'host' => 'smtp.conexaografica.com.br',
            'username' => 'contato=conexaografica.com.br',
            'password' => 'conexaografica' 
        );

        $mail_object = Mail::factory('smtp', $params);
        $result = $mail_object->send($recipients, $headers, $body);
        if (PEAR::IsError($result)) {
            echo "Algo deu errado... (" . $result->getMessage(). ")";
        } else {
            echo(
                "<P>$nome, Seu pedido foi realizado com sucesso.</P>".
                "Pedido de Numero:#$aleatorio <br>".         
                "<P align='center'>DETALHES DO PEDIDO:</P>".
                "Telefone: $telefone <br>".
                "Email: $email <br>".
                "<P>____________________________________</P>".
                "Material: $material <br>".
                "Acabamento: $acabamento <br>".
                "Formato: $formato <br>".
                "Tamanho = $altura x $largura <br>".
                "Cor: $cor <br>".
                "Papel : $papel <br>".
                "Gramatura: $gramatura <br>".
                "Quantidade: $quantidade <br><br>".

                "OBS: Salve o numero do seu pedido."
            );
        }   
    ?>

    </br></br>

    <?php
        date_default_timezone_set('America/Sao_Paulo');
        $date = date('H:i d/m/Y');
        echo ("Hora e Data: $date");
    ?>
    </div>
</div>

Login page.php

<?php
    if(isset($_POST['entrar']) && $_POST['entrar'] == "login"){
        $usuario = $_POST['usuario'];
        $senha = $_POST['senha'];

        if(empty($usuario) || empty($senha)){
            echo 'Preencha todos os campos!';
        }else{
            $query = "SELECT nome, usuario, senha FROM usuarios WHERE usuario = '$usuario' AND senha = '$senha'";
            $result = mysql_query($query);
            $busca = mysql_num_rows($result);
            $linha = mysql_fetch_assoc($result);

            if($busca > 0){
                $_SESSION['nome'] = $linha['nome'];
                $_SESSION['usuario'] = $linha['usuario'];
                header('Location: logado.php');
                exit;
            }else{
                echo 'Usuário ou senha inválidos.';
            }
        }
    }
?>

Page requests.php

<?php
    include_once("settings/setting.php");
    @session_start();

    $nome = $_SESSION['nome'];
    $usuario = $_SESSION['usuario'];

    if(!isset($_SESSION['nome']) && !isset($_SESSION['usuario'])){
        header('Location: login.php');
        exit;
    }
?>
php mysql

  • Tip: Select all the code and click Ctrl + K leaves it formatted.

  • 1

    What is the login script ?

  • I put as an answer!

  • Okay, it’s been deleted, I’m new to the site, I didn’t know how it works yet!

  • Normal :) take the opportunity to make a [tour] and see the pages of [Faq]

  • pedidos is somehow related to the user ?

  • Well, I edited the question with the top of the requests.php.

Show 2 more comments

1 answer

0

Firstly: never, never, never, never, never, never put raw variables in your database queries. Never. Never. That’s asking to have your system hacked by children. Use this function to avoid this problem.

Now, your main problem is that you are not using your database right. You want to list the orders made by the logged-in user, correct? Then you need to include the user’s primary key (ID) in your orders. Create a column to save the user key at the time of the request and then just make one SELECT logged in user id. Something like:

SELECT * FROM pedidos WHERE usuario_id = $usuario_id

Then you wouldn’t even have to deal with it, because you’ve already dealt with it in the login, but treat it anyway. Ah! And you’ll need to put the user id in your SESSION also, of course.

Browser other questions tagged php mysql

You are not signed in. Login or sign up in order to post.