some php sql help needed

daktarie · Nov 8, 2007

php Mysql for dummies and google got me going but now im stuck

the database is oke but i made a error in the query some where it needs to control if user and password combination exists
im puzzeling for 2 day's now and dont get it to run right.
when it runs it go's direct tho the ELSE statement
and display's the wrong blblblaaaaaa text
so my gues is i have the query wrong but cant figure out what.
any help would be great

PHP:

<title>Untitled Document</title>
</head>

<body>
<?php

// data base access
include('xxxx');
 


mysql_connect($host, $username, $password)or die(mysql_error());
mysql_select_db($database)or die(mysql_error());

$db_name="daktarie_GPRO";
$tbl_name="registered_members";

$name=$_POST['username'];
$password=$_POST['password'];

$sql = 'SELECT * FROM `registered_members` WHERE name=\'".$name."\' and password=\'".$password."\'""';
$result=mysql_query($sql);

if($count==1){

$_SESSION['username'] = $name; 
$_SESSION['password'] = $password;
header("location:login_success.php");
}

else {
echo "<center><font size='5'>Wrong password or username";
}

?> 
</body>
</html>

DJHolliday · Nov 9, 2007

I'm missing a line here.
Something like:
'$count = mysql_num_rows($result)'

Otherwise I don't see any relation between your SQL Statement and your $count variable.
But maybe I'm missing something else here.

flinx · Nov 9, 2007

DJHolliday said:
I'm missing a line here.
Something like:
'$count = mysql_num_rows($result)'

Otherwise I don't see any relation between your SQL Statement and your $count variable.
But maybe I'm missing something else here.

True.

And there's something wrong with the query string too. You start the string with a single quote, and close it with a double quote when you want to add the $name and $password. Just use double quotes at the beginning and the end of the whole string. That way PHP will substitute the two variables with their value:

PHP:

$sql = "SELECT * FROM registered_members WHERE name='$name' and password='$password'";

Another thing: never use user inserted values in your queries without validation:

PHP:

$name=mysql_real_escape_string($_POST['username']);
$password=mysql_real_escape_string($_POST['password']);

One last thing (though maybe the book will talk about that later on): never save passwords in plaintext. Save them encrypted, for example using the MD5 function.
In that case, you would have something like this to get the $password:

PHP:

$password=md5(mysql_real_escape_string($_POST['password']));

Slothie · Nov 9, 2007

Quicknote: IF you're gonna md5 it, you don't have to escape it. I have never seen a non-escaped md5 hash.

daktarie · Nov 9, 2007

DJHolliday said:
I'm missing a line here.
Something like:
'$count = mysql_num_rows($result)'

Otherwise I don't see any relation between your SQL Statement and your $count variable.
But maybe I'm missing something else here.

yup your right i posted on accedent the wrong version

i edited the sugested parts but still with the same result i hate it that i just canrt find out why

daktarie · Nov 11, 2007

im getting a bit closer to solving the problem.

now i get this error

Parse error: syntax error, unexpected T_VARIABLE in /home/daktarie/public_html/checklogin.php on line 22

22 is this line $count = mysql_num_rows($result)
but the error must be above it i gues

so im missing something but im taping in the blind what it is :dunno:
plz help this old guy is running out of paracetemol

PHP:

<?php

//database acces
include(xxxxx);
 


mysql_connect($host, $username, $password)or die(mysql_error());
mysql_select_db($database)or die(mysql_error());

$db_name="daktarie_GPRO";
$tbl_name="registered_members";

$name=mysql_real_escape_string($_POST['myname']);
$password=mysql_real_escape_string($_POST['mypassword']);  

$sql = "SELECT * FROM registered_members WHERE myname='$name' and mypassword='$password'";
$result=mysql_query($sql);

if(!$result){die(mysql_error()

$count = mysql_num_rows($result)



if($count==1){

$SESSION ['myname'] = $name; 
$SESSION_ ['mypassword'] = $password;
header("location:member_page.php");
}

else {
echo "<center><font size='5'>Wrong password or username";
}

?>

DefecTalisman · Nov 14, 2007

Ok, I could be far from wrong here, but shouldnt it look more like:

PHP:

<?php 

....

$result=mysql_query($sql); 

if(!$result)
{
 die(mysql_error() );
}
else
{
 $count = mysql_num_rows($result);
}

...

?>

Cj555 · Nov 14, 2007

it should be

PHP:

$_SESSION['myname'] = $name;
$_SESSION['mypassword'] = $password;

as opposed to what youve written with _'s all over the place...
Edit:
and

PHP:

if(!$result){die(mysql_error()

is wrong

should be...

PHP:

if(!$result)
die(mysql_error());

daktarie · Nov 15, 2007

thanx guys that error check was the part causing the error got it works now

mvmusic · Dec 5, 2007

regarding escaping strings: if you are going to use mysql_real_escape_string, do stripslashes() first (unless you have PHPv3). magic_quotes_gpc are enabled for v2 and v3 which could cause frustration later on

some php sql help needed

daktarie

New Member

DJHolliday

New Member

flinx

New Member

Slothie

New Member

daktarie

New Member

daktarie

New Member

DefecTalisman

Community Advocate

Cj555

New Member

daktarie

New Member

mvmusic

New Member

Free Web Hosting

Our Community

Legal