Hi guys,
I need help with validating the user to see if the username exists in database table or not.
Here is my code. default.php -
-
<form name="form1" action="authenticate.php">
-
<table class="tableborder" align=center bgcolor="#f0f0f2">
-
<tr>
-
<td style="padding-bottom: 10px;" colspan="2" class="heading1"><b>Login Required</b></td>
-
</tr>
-
<tr>
-
<td height="30">Username:</td>
-
<td><input type="text" name="Username" style="width:15em;">
-
</td>
-
</tr>
-
<tr>
-
<td height="30">Password:</td>
-
<td><input type="password" name="Password" style="width:15em;">
-
</td>
-
</tr>
-
<tr><td height="30" align="right"><input class="submit" name="register" type="button" value="Register" onClick="window.location=;"></td>
-
<td><input name="submit" type="submit" value="Log-in" class="submit"></td></tr>
-
</table>
-
</form>
-
authenticate.php -
-
<?php
-
$con = mysql_connect("localhost","username","password");
-
if (!$con)
-
{
-
die('Could not connect: ' . mysql_error());
-
-
}
-
mysql_select_db("tbl_login", $con);
-
$Username = $_POST['Username'];
-
$Password = $_POST['Password'] ;
-
-
$sql="SELECT Username FROM login_tbl WHERE Username=’".$Username.”’ and Password=’”.$Password.”’”;
-
$r = mysql_query($sql);
-
if(!$r) {
-
$err=mysql_error();
-
print $err;
-
exit();
-
}
-
if(mysql_affected_rows()==0){
-
print "no such login in the system. please try again.";
-
exit();
-
}
-
else{
-
print "successfully logged into system.";
-
//proceed to perform website’s functionality – e.g. present information to the user
-
}
-
?>
I desperately need to fix this code. Any help will be really appreciated.
Thanks
7  61607  Markus 6,050
Recognized Expert Expert
What's wrong with above code?
What does or doesnt happen?
Use mysql_num_rows() to see if the user name is already present.
What's wrong with above code?
What does or doesnt happen?
Use mysql_num_rows() to see if the user name is already present.
Hi markusn,
I am not sure what's wrong with the code. When I enter username and password which already exists in database and click on login I get a blank page. Please help me with this problem.
Thanks
It is hard for us to see what the problem is. You need to do some debugging here yourself.
Suggestions: Echo out the query statement so you can see what is really being submitted to your database. See if there are any unexpected errors here, such as a blank value due to a typo or some other strange reason. Check to see that any non-alphabetic symbols in the password do not make the query incorrect syntactically.
Then if possible, try to copy and paste the query statement that you echo out to your screen directly into a database console window. This will let you see what the database is really outputting instead of having it filtered through your PHP code. Here you can see what the return is.
By the way, two things I notice about your code.
1) you have $Password used directly in your query, but don't you need to have something like a database specific function call like PASSWORD('$password')? My syntax here not totally correct but the point is, the database may store the password in an encrypted format so just comparing the stored value with the user supplied value directly may not work.
2) You examine if the user is registered by checking the affected rows, and this is not robust in my opinion. You should just use a SELECT count(*) statement and then examine the number of rows returned. If 0, then the user does not exist yet, if 1 then the user already exists.
Atli 5,058
Recognized Expert Expert
Hi.
In your query, you are escaping the values in back-ticks (`) rather than single-quotes ('). That won't work.
Back-ticks are meant for column or database names. Single-quotes for string and date values.
Also, the structure of that code is a bit odd.
You should be making sure that the user is valid, or else show him an error. Your code does the except opposite, checking if the user is NOT valid, validating by default.
Consider the following: -
$result = mysql_query("...") or die(mysql_error());
-
if(mysql_num_rows($result) == 1) {
-
echo "Success! You are logged in!";
-
}
-
else {
-
echo "Failure! Try again.";
-
}
-
Also note how I use the die() function there. Basically does the same thing the if statement after you query call does.
It is hard for us to see what the problem is. You need to do some debugging here yourself.
Suggestions: Echo out the query statement so you can see what is really being submitted to your database. See if there are any unexpected errors here, such as a blank value due to a typo or some other strange reason. Check to see that any non-alphabetic symbols in the password do not make the query incorrect syntactically.
Then if possible, try to copy and paste the query statement that you echo out to your screen directly into a database console window. This will let you see what the database is really outputting instead of having it filtered through your PHP code. Here you can see what the return is.
By the way, two things I notice about your code.
1) you have $Password used directly in your query, but don't you need to have something like a database specific function call like PASSWORD('$password')? My syntax here not totally correct but the point is, the database may store the password in an encrypted format so just comparing the stored value with the user supplied value directly may not work.
2) You examine if the user is registered by checking the affected rows, and this is not robust in my opinion. You should just use a SELECT count(*) statement and then examine the number of rows returned. If 0, then the user does not exist yet, if 1 then the user already exists.
Problem solved. Thanks guys.
Hi.
In your query, you are escaping the values in back-ticks (`) rather than single-quotes ('). That won't work.
Back-ticks are meant for column or database names. Single-quotes for string and date values.
Also, the structure of that code is a bit odd.
You should be making sure that the user is valid, or else show him an error. Your code does the except opposite, checking if the user is NOT valid, validating by default.
Consider the following:
-
$result = mysql_query("...") or die(mysql_error());
-
if(mysql_num_rows($result) == 1) {
-
echo "Success! You are logged in!";
-
}
-
else {
-
echo "Failure! Try again.";
-
}
-
Also note how I use the die() function there. Basically does the same thing the if statement after you query call does.
Problem solved. Thanks Atli.
I think you are right and mysqli should be used instead
Sign in to post your reply or Sign up for a free account.
Similar topics | |
by: Colin Steadman |
last post by:
I have built a page that lists all our databases, the
users connected to each database, and what application
they are using. Because these databases are moved, or
removed from time to time I need...
|
by: Jonathan |
last post by:
I am looking for a simple way to check if a database table exists. I
keep getting advice to use "Try.. Catch" and other error handling
methods, but I obviously don't want to have to display an...
|
by: adam |
last post by:
hello
What query shoul I send to SQL serwer ( in transact SQL language ) to check
does some database exist on serwer ? It similar to problem "does some table
exist in database" - resolve to it...
|
by: Brian Tkatch |
last post by:
Is there a way to check the order in which SET INTEGRITY needs to be
applied? This would be for a script with a dynamic list of TABLEs.
B.
|
by: Boujii |
last post by:
<html>
<head>
<title>Add New MySQL User</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<?
if(isset($_POST))
{
| | |
by: happyse27 |
last post by:
Hi All,
I modified the user registration script, but not sure how to make it check for each variable in terms of preventing junk registration and invalid characters?
Two codes below :
a)...
|
by: qwedster |
last post by:
Howdy folks!
I am using stored procedure to see if a value exists in database table and return 0 if exists or else -1, in the following SQL queries.
However how to check if a value (that is...
|
by: qwedster |
last post by:
Folk!
How to programattically check if null value exists in database table (using stored procedure)?
I know it's possble in the Query Analyzer (see last SQL query batch statements)?
But how...
|
by: PHPstarter |
last post by:
Hiya. I have a script that is run by a <form> which basically allows u to write into inputs the fields username, new username, password, repeat password, comment etc,
The problem is that I want...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| | |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
