OO PHP showing different tables for different user log in ID's

Hi, i am trying to post tutor_id into an array and store it inside a variable so i can then call the variable in a sql statement so that each time a admin logs in they can only see their subjects etc. I used a get function and tried storing it in a variable then calling it in a sql statement but nothing works.

Below is my log in.php page

<?php 
	//include '../private/initialize.php';	//initialize the web site
	
	//if($session->is_signed_in()) {									//if the user has already succesfully login
			//header("Location:../public/browse_tutor.php ");			//allow the user to see the browse_admin.php page
		//}
	
	 if($_SERVER['REQUEST_METHOD'] === 'POST') {						//check for submissions
	
		$username=trim($_POST['username']);
		$password=trim($_POST['password']);
		
		$admin_found = $_GET['tutor_id'];
		$admin_found = Tutor::verify_user($username, $password);
		
		//print_r ($admin_found);

				
				if($admin_found) {
						$session->login($admin_found);
						header("Location:../public/browse_admin.php"); //successful login; redirect to browse_admin.php page
					echo "<script> location.href='../public/browse_tutor.php';; </script>";

					
					
					} else {
						echo "Your login name or password are incorrect. Click login to try again";
					}
		
		} else {

	
		//The following form will collect the information: loginname and password. id is not in the form, as it is created automatically
			echo " Please enter you login details <br> ";
			
				
			 echo  "<form action=login.php name='submit' method='post'>";
				echo "<table>";
					echo "<tr> <td> Login Name </td> <td> <input type='text' name ='username'> </td> </tr>";
					echo "<tr> <td> Password </td> <td> <input type='text' name ='password'> </td> </tr>";
				echo "</table>";    
    				echo " <br> <br> <input type='submit' name='submit' value='Submit' />";
			echo "</form>";
		
			}

?>
  	 </div>

This is my class Tutor page which includes veriy user function.
class Tutor {

		public $tutor_id;
		public $username;
		public $password;
		static public $database;
		
static public function set_database($database) {
		self::$database = $database;
	}


static public function find_by_sql($sql){
		$results = self::$database->query($sql);
			if(!$results) {								//add valuation of the query succeded or failed
				exit("Database query failed. ");
				}
			if($results) {
				echo "Database query succeeded. <br> ";
				}
		$object_array=[];
		while($record = $results->fetch_assoc()) { //get the first row as an array and create an object
			$object_array[] = self::instantiate($record);
			}
		$results->free;
		return $object_array;		
		}
		

static public function find_all() {
		$sql = "SELECT * FROM Tutor";
		return self::find_by_sql($sql);
	} 
	

static public function find_by_id($tutor_id) {
		$sql = "SELECT * FROM Tutor WHERE tutor_id='" . self::$database->escape_string($tutor_id) . "'"; //escape the string
		$result = self::find_by_sql($sql);
		if(!empty($result)){
			echo "not empty";
			return array_shift($result);
		} else {
			echo "empty";
		}
	} 
		
		

static protected function instantiate($record) {
		$object = new Tutor;
		foreach($record as $property => $value) {
			if(property_exists($object, $property)){
				$object->$property=$value;				 
				}
			}
		return $object;
	}
		
	
		
static public function verify_user($username, $password){
			$sql = "SELECT * FROM Tutor WHERE username='$username' AND password='$password'"; //escape the string
			$result = self::find_by_sql($sql);			
			return array_shift($result);
		}
	
	
	}

?>

This is the DigitalTutors page which contains the sql query i want to pass through

<?php

class DigitalTutors {


	static public $DB;
	
	
	static public function set_database($DB) {
			self::$DB = $DB;
		}


	static public function find_by_sql($sql){
			$results = self::$DB->query($sql);
				if(!$results) {								//add valuation of the query succeded or failed
					exit("Database query failed. ");
					}
				if($results) {
					echo "Database query succeeded. <br> ";
					}
			$object_array= $_GET['tutor_id'];
			while($result = $results->fetch_assoc()) { //get the first row as an array and create an object
				$object_array[] = self::instantiate($result);
				}
			$results->free;
			return $object_array;		
			}

	static public function find_all() {
			
			$sql = "SELECT subject_Code, subject_Title, subject_Description FROM Subject Where tutor_id ='$object_array'";
			return self::find_by_sql($sql);
		} 


//$admin_found = $_GET['tutor_id'];





	
	static public function find_by_id($tutor_id) {
			$sql = "SELECT * FROM Tutor WHERE tutor_id='" . self::$DB->escape_string($tutor_id) . "'"; //escape the string
			$result1 = self::find_by_sql($sql);
			if(!empty($result1)){
				echo "not empty";
				return array_shift($result1);
			} else {
				echo "empty";
			}
		} 

			public function delete() {
		$sql = "DELETE FROM Tutor WHERE tutor_id='" . $this->tutor_id . "' LIMIT 1"; // or id = '" . self::$database->escape_string($this->id) "'
		$results = self::$database->query($sql);
		return $results;			
		}
		
		
	static protected function instantiate($record) {
			$object = new DigitalTutors;
			foreach($record as $property => $value) {
				if(property_exists($object, $property)){
					 $object->$property=$value;
					}
				}
			return $object;
		}

		public function update() {
		//$sql = "UPDATE vehicles SET company='".self::$database->escape_string($this->company)."' WHERE id=' ". self::$database->escape_string($this->id) . " '"; //correct one backup!
		$sql = "UPDATE Tutor SET ";
			$sql .= "name='".self::$database->escape_string($this->name)."', ";
			$sql .= "phone='".self::$database->escape_string($this->phone)."', ";
			$sql .= "qualifications='".self::$database->escape_string($this->qualifications)."', ";
			$sql .= "subjects_to_teach='".self::$database->escape_string($this->subjects_to_teach)."', ";
			$sql .= "bank_account_number='".self::$database->escape_string($this->bank_account_number)."', ";
			$sql .= "rates='".self::$database->escape_string($this->rates)."', ";
		$sql .= "WHERE tutor_id=' ". self::$database->escape_string($this->tutor_id) . " '";

			$results = self::$database->query($sql);
			return $results;
			
		}

		public function merge_attributes($args=[]) {
			foreach($args as $key=>$value) {
					if(property_exists($this, $key)) {
							$this->$key = $value;
						}
					}
				}
				
		public function create() {				//instance method. NOT STATIC. refers to instance/specific object
			//echo "create <br>";
			//$attributes = $this->sanitized_attributes();

			//echo "my attributes are:";
			
			//$sql = "INSERT INTO vehicles (" . join(', ', array_keys($attributes)) . ") VALUES ( ' " . join("','", array_values($attributes)) . "')";
	
			$sql = "INSERT INTO Tutor (name, phone, qualifications, subjects_to_teach, bank_account_number, rates) VALUES ('$this->name', '$this->phone', '$this->qualifications', '$this->subjects_to_teach', '$this->bank_account_number', '$this->rates')";
			$results = self::$database->query($sql);
			if($results) {
				$this->tutor_id = self::$database->insert_id;
				}
			return $results;
		}


protected function sanitized_attributes(){
			//echo "sanitized";
			$sanitized = [];

			foreach($this->attributes() as $key=> $value) {
				$sanitized[$key] = self::$database->escape_string($value);
				}
			return $sanitized;
		}		
		
		
		
public $tutor_id;
public $name;
public $phone;
public $qualifications;
public $subjects_to_teach;
public $bank_account_number;
public $rates;
public $subject_Title;
public $subject_Description;
public $subject_Code;

}




?>

And finally this is my admin page called browse_tutor where the data should be output.

<?php 
	$tutor_id = $_GET['tutor_id'];
	echo $tutor_id;
				
				echo "<h2> You are logged in as administrator </h2>";
				
				$tutor_array = DigitalTutors::find_all();	//call the find_all() function



		echo "<table border = 1 width=100%>";
			echo "<tr bgcolor=#ADD8E6>";
				echo "<th> Subject </th>";
				echo "<th> Subject Description </th>";
				echo "<th> Phone </th>";
				echo "<th> Qualifications </th>";
				echo "<th> Subjects </th>";
				echo "<th> Account No </th>";
				echo "<th> Rates </th>";
			echo "</tr>";
  		

		foreach ($tutor_array as $tut) {
			echo "<tr>";
				echo "<td>" . $tut->subject_Title . "</td>";
				echo "<td>" . $tut->subject_Description . "</td>";
				echo "<td>" . $tut->subject_Code . "</td>";
				$tut->subjects_to_teach . "</td>";
				//echo "<td>" . $tut->bank_account_number . "</td>";					
				//echo "<td>" . $tut->rates . "</td>";
				echo "<td> <a href=> Update </td>";
				echo "<td> <a href=> Delete </td>";		
		echo "</tr>";
}

		echo "</table>";
		
?>

and what should that mean?

i am trying to store from my sql table user ID’s called tutor_id into an array so it can be called upon when i type a $sql query. I have 3 users with different tutor_id’s in my login page each time a different user logs in only their table should appear.

	static public function find_all() {
			
			$sql = "SELECT subject_Code, subject_Title, subject_Description FROM Subject Where tutor_id ='$object_array'";
			return self::find_by_sql($sql);
		} 

Try sticking an echo $sql; in between those two lines, and you might see what’s going on…

1 Like

it shows theres nothing there in object array but why won’t it work with $admin_found which contains tutor ids in an array?

Have you enabled error displays on the top of your code? Perhaps it will make things clearer…

<?php
ini_set('display_errors',1);
error_reporting(-1);
?>

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.