Show full name instead of just last name

Question

My login form has username and password fields. When a user logs in with their username and password, I want to display the user's full name instead of their username. On the next page, I want to say welcome FULLNAME, not welcome USERNAME.

This is the html code of index.php or login page:

<form action="" method="POST">
            <div class="rows grid">
                
                <div class="row">
                    <label for="username">用户名</label>
                    <input type="text" id="username" name="userName" placeholder="输入用户名" required>
                </div>
                <!--密码-->
                <div class="row">
                    <label for="password">密码</label>
                    <input type="password" id="password" name="passWord" placeholder="输入密码" required>
                </div>
                <!--提交按钮-->
                <div class="row">
                    <input type="submit" id="submitBtn" name="submit" value="登录" required>
                <!--注册链接-->
                    <span class="registerLink">还没有账号？<a href="register.php">注册</a></span>
                </div>
            </div>
        </form>
    </div>
    </div>

This is the php code:

<?php
// 提交
if(isset($_POST['submit'])){ 
// 存储用户名、密码、邮箱、号码
$userName = $_POST['userName'];
$passWord = $_POST['passWord'];
// 从数据库中选择
$sql = "SELECT * FROM admin WHERE 
    usernames = '$userName' AND
    passwords = '$passWord'";
// 执行查询
$result = mysqli_query($conn, $sql);
// 计算相同用户名和密码的帐户数量
$count = mysqli_num_rows($result);
// 将结果计数到数组中
$row = mysqli_fetch_assoc($result);
// 检查数据库中是否有帐户
if ($count == 1){
    $_SESSION['loginMessage'] = '<span class = "success">欢迎 '.$userName.'</span>';
    header('location:' .SITEURL. 'dashboard.php');
    exit(); 
}
else{
    $_SESSION['noAdmin'] = '<span class = "fail">请检查您的用户名和密码，然后重试。</span>';
    header('location:' .SITEURL. 'index.php');
    exit();
    }
}
?>

This is register.php or registration link:

<form action="" method="POST">
                <div class="rows grid">
                    <!--全名-->
                    <div class="row">
                        <label for="fullname">全名</label>
                        <input type="text" id="fullname" name="fullName" placeholder="输入全名" required>
                    </div>
                     <!--用户名-->
                     <div class="row">
                        <label for="username">用户名</label>
                        <input type="text" id="username" name="userName" placeholder="输入用户名" required>
                    </div>
                     <!--邮箱-->
                     <div class="row">
                        <label for="email">邮箱</label>
                        <input type="email" id="email" name="emaiL" placeholder="输入邮箱" required>
                    </div>
                      <!--手机号码-->
                      <div class="row">
                        <label for="number">手机号码</label>
                        <input type="number" id="number" name="numbeR" placeholder="输入手机号码" required>
                    </div>
                    <!--密码-->
                    <div class="row">
                        <label for="password">密码</label>
                        <input type="password" id="password" name="passWord" placeholder="输入密码" required>
                    </div>
                    <!--提交按钮-->
                    <div class="row">
                        <input type="submit" id="submitBtn" name="submit" value="注册" required>
                    <!--已有账号？-->
                        <span class="registerLink">已经有账号了？<a href="index.php">登录</a></span>
                    </div>
                </div>
            </form>

Note: I want to display the entered full name in the welcome dashboard.

Answer 1

1. Please change your select query to a parameterized prepared statement to avoid SQL injection attacks
2. To display "fullname", just get the database record as an associative array, such as $row, and then use $row["fullname"] (if the field name is actually If it is fullname, use $row["fullName"])

So change the following code block to:

/// 其他代码
$sql = "SELECT * FROM admin WHERE 
    usernames = '$userName' AND
    passwords = '$passWord'";
// 执行查询
$result = mysqli_query($conn, $sql);
// 计算相同用户名和密码的帐户数
$count = mysqli_num_rows($result);
// 将结果计算到数组中
$row = mysqli_fetch_assoc($result);
// 检查数据库中是否有帐户
if ($count == 1){
    $_SESSION['loginMessage'] = '<span class = "success">欢迎 '.$userName.'</span>';
    header('location:' .SITEURL. 'dashboard.php');
    exit(); 
}
/// 其他代码

change to:

<?php
/// 其他代码
$sql = "SELECT * FROM admin WHERE usernames = ? AND passwords = ?";

$query = $conn->prepare($sql);
$query->bind_param("ss", $userName,$passWord );
$query->execute();
$result = $query->get_result();
$num = $result->num_rows;

if ($num == 1){
    $row = $result->fetch_assoc();
    $_SESSION['loginMessage'] = '<span class = "success">欢迎 '.$row["fullname"].'</span>';
    header('location:' .SITEURL. 'dashboard.php');
    exit(); 
}
/// 其他代码
?>