My first php script involves logining in to a site. I used a tutorial
from a book and it doesn't seem to be working correctly. The code is
below
I started with a simple form to insert a username and password
------------------------------------------------
quote:<?php pass.form.php ?>
<html>
<head><title> User Authentication</title></head>
<body bgcolor="white" >
<h2>Please Log in </h2>
<form method="post" action="pass.lo gin.php">
USERNAME: <input type="text" name="user"><br >
PASSWORD: <input type="password" name="pass"><br >
<input type="submit" value="log in">
</form>
</body>
</html>
------------------------------------------------
next comes the login script
------------------------------------------------
quote:<?php
/* verifies username and password */
// set up variables
define ('HOST', 'localhost');
define ('USER', 'root');
define ('PASS', '*******');
define ('DB', 'comp390');
//connect and get numfound
mysql_connect(H OST, USER, PASS);
mysql_select_db (DB);
$result = mysql_query("SE LECT COUNT(*) AS numfound FROM users WHERE
user='{$HTTP_PO ST_VARS['user']} AND
pass='{$HTTP_PO ST_VARS['pass']}'");
//Decide what we're going to allow
$result_ar = @mysql_fetch_ar ray($result);
if ($result_ar['numfound'] < 1) // ***** LOGIN FAILED ******
{
header('Locatio n: pass.form.php?e rror=1');
}
else // ***** LOGIN succeeded!! *****
{
echo "Logged in Successfully!";
}
?>
------------------------------------------------
now I have a database set up, comp390. A table called users so as far
as I can see that is ok. I have populated the DB with a few users
giving each a password and I can't get the script to echo... Logged in
Successfully. Even when I use the correct usernames and password. So
before I go any furthur and improve the script I need to sort this
problem out.
Maybe it's not connecting to the DB at all or maybe I have made a
simple typo. Any ideas what I'm overlooking?
4  1737 
Hi,
First, you have to use some kind of error checking in your script.
Since this is your first attempt, do not use the @ error suppression as
it, well, suppresses errors.
Use mysql_error and/or mysql_errno functions to handle errors suitably.
Also all mysql_* functions return a FALSE on failure, so you might want
to check for that.
Second, please do not use $HTTP_POST_VARS[] directly in your SQL query.
Now, with respect to your question, see if your mysql_fetch_arr ay()
returns anything at all (remove the @) and also, do a
print_r($result _ar) to see the contents. That will definitely help
you.
Also, you may want to echo the query you are executing to see if indeed
you are executing the query you think you are.
Add:
$username = $_POST['user']; // and add check for $username existence
$passwd = $_POST['pass']; // and add check for $passwd existence
$query = "SELECT COUNT(*) AS numfound FROM users WHERE
user='".$userna me."' AND pass='".$passwd ."'";
echo "Query to execute: $query <br />";
Hope that helped a bit.
Thanks.
--Kartic
"Kartic" <ka************ ******@gmail.co m> wrote in message
news:11******** *************@c 13g2000cwb.goog legroups.com... Hi,
First, you have to use some kind of error checking in your script.
Since this is your first attempt, do not use the @ error suppression as
it, well, suppresses errors.
Use mysql_error and/or mysql_errno functions to handle errors suitably.
Also all mysql_* functions return a FALSE on failure, so you might want
to check for that.
Second, please do not use $HTTP_POST_VARS[] directly in your SQL query.
Now, with respect to your question, see if your mysql_fetch_arr ay()
returns anything at all (remove the @) and also, do a
print_r($result _ar) to see the contents. That will definitely help
you.
Also, you may want to echo the query you are executing to see if indeed
you are executing the query you think you are.
Add:
$username = $_POST['user']; // and add check for $username existence
$passwd = $_POST['pass']; // and add check for $passwd existence
$query = "SELECT COUNT(*) AS numfound FROM users WHERE
user='".$userna me."' AND pass='".$passwd ."'";
echo "Query to execute: $query <br />";
Hope that helped a bit.
Thanks.
--Kartic
Also, as a general rule of thumb, properly escape things within sql
statements; it make debugging easier later on.
So, the query above would become:
$query = "SELECT COUNT(*) AS `numfound` FROM `users` WHERE
`user`='$userna me' AND pass='$passwd' ";
(also note that you don't need to end the strings around $username and
$passwd like above; since the whole string is double-quoted, PHP will
interpolate the variables in the string)
Most definitely follow the suggestions Kartic has given you (especially with
using @).
Hope this helps.
-Noah
thank you for the replies I will take these onboard when improving my
script this week. Thank you.
paul wrote: My first php script involves logining in to a site. I used a tutorial
from a book and it doesn't seem to be working correctly. The code is
below
<snip>
next comes the login script
------------------------------------------------
quote:<?php
/* verifies username and password */
// set up variables
define ('HOST', 'localhost');
define ('USER', 'root');
define ('PASS', '*******');
define ('DB', 'comp390');
//connect and get numfound
mysql_connect(H OST, USER, PASS);
mysql_select_db (DB);
$result = mysql_query("SE LECT COUNT(*) AS numfound FROM users WHERE
user='{$HTTP_PO ST_VARS['user']} AND
--------------------------------^ missing single-quote
should read:
user='{$HTTP_PO ST_VARS['user']}' AND
pass='{$HTTP_PO ST_VARS['pass']}'");
//Decide what we're going to allow
$result_ar = @mysql_fetch_ar ray($result);
if ($result_ar['numfound'] < 1) // ***** LOGIN FAILED ******
{
header('Locatio n: pass.form.php?e rror=1');
}
else // ***** LOGIN succeeded!! *****
{
echo "Logged in Successfully!";
}
?>
<snip> This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Bob |
last post by:
Hi,
I have a website in a Linux/Apache shared hosting environment and have
been given access to the MySQL server running on the same machine. To
access this database from PHP, I have to call mysql_connect(host,
user, password) where the password is hardcoded into my PHP source
file in clear text.
I see two security problems with this:
|
by: 21novembre |
last post by:
Hi all,
I'm working on my first php+mysql program.
I have a mysqld running and there's a DB named "example" with a table
"tbl". Here it is:
--------------
mysql> use example;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
|
by: kamilla |
last post by:
I have a mysql 3.5 server installed on a suse linux 8.1, with address 10.0.0.100.
Now I want to access that db from a W2K pc, address 10.0.0.200.
I am able to ping 10.0.0.100, but I cannot connect to the db, and get error 2013.
I have tried with MySQL Administrator 1.0 and also with ODBC.
The db on linux has
grant all on *.* to ''@'10.0.0.%'
and also tried
.... to root@10.0.0.200
and others seen on posted messages.
I can access that db...
|
by: news |
last post by:
I have a new situation I'm facing and could use a suggestion or two, as
I don't seem to be able to think in the abstract very well.
We have a local server which holds all of our image files.
We have a remote server that runs our public Web server and mySQL
database.
I need to be able to run a script that will:
Read the contents of a dir on the local server and
a. make thumbnails of the files in it
b. querey the database and pull...
|
by: Jeremy Dillinger |
last post by:
I am trying to design a program that will use data from a MySQL database.
Currently all the data is being used with PHP scripts from a website. I am
also trying to build a software solution that can use the same data. I have
gone through all the data connectors in Visual Basic.net and none of them
have the options for connecting to MySQL. Does anybody know how I would go
about doing this? Thanks in advance!
Jeremy
| | |
by: NewsReader |
last post by:
Hello,
I have been looking around the net for a script to help me connect to and
help gather information from Cisco routers/switches. I have pieced together
a couple of different scripts from various different sources. I am having
issue when connecting to Cisco devices. For some reason the scripts
timesout/stops working just after the connection section of the script. It
does not give me a confirmation of completeion nor does it give me...
|
by: csgraham74 |
last post by:
Hi,
I have recently decided to start using MYSQL instead of MS Access 2003.
After reading through numerous articles i have learnt that i can use
access as a GUI for making changes etc to the MYSQL databases.
My problem is that i am unable to set this up correctly - would anyone
be able to give me a set by set guide on how to do this or give me a
|
by: d3vkit |
last post by:
Okay so I am at a loss here. I have a website that I've previously had no trouble connecting to the mysql DB on. I have an include to a connect file with the relevant connection info, and it was working fine until today. I am trying to implement some ajax with the javascript framework mootools (although I don't see how this is causing the problem it started happening right around this time sooo...)
I am sending info from my login form to the...
|
by: Ananthu |
last post by:
Hi
I have done all the codings part for connecting mysql with java in eclipse environment.
Coding Part:
import java.sql.Connection;
import java.sql.DriverManager;
public class MysqlConnect {
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| | |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
