By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,967 Members | 1,690 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,967 IT Pros & Developers. It's quick & easy.

Help

P: n/a
Dal
Help! I'm trying to get a login script to work.

I get this error message

MySQL Login Error: You have an error in your SQL syntax near
''jvsd0001_customers` WHERE cust_name='testuser' AND
cust_pass='test123'' at line 1

I'm using a database called test
here is mysql table:
mysql> select * from jvsd0001_customers;
+---------+-----------+---------------+
| cust_id | cust_name | cust_password |
+---------+-----------+---------------+
| 1 | testuser | test123 |
+---------+-----------+---------------+
1 row in set (0.00 sec)

[jvsd0001@hal] pico login.php

UW PICO(tm) 4.2 File:
login.php Modified

<?php
$username = $_POST['user'];
$password = $_POST['pass'];
if (!$_POST['pass'] && !$_POST['user']) {
?>
<html><b>Member Login</b>
<br><form method="POST">Username:
<br><input type="text" name="user" value="">
<br>Password:
<br><input type="text" name="pass" value="">
<br><input type="submit" name="submit" value="Login">
<?php
} else {
mysql_connect ("localhost", "abdullah") or die ('My SQL Error: ' .
mysql_error());
mysql_select_db ("test");
$stuff = mysql_query("SELECT * FROM 'jvsd0001_customers` WHERE
username='".$cust_name."' AND password='".$cust_pass."'") or
die("MySQL
Login Error: ".mysql_error());
if (mysql_num_rows($stuff) > 0) {
echo("Logged in");
} else {
echo("Login Incorrect. Please Try Again!");
}
}
?>

What's wrong???

I can't get this script to work either.

<?php
if(!isset($HTTP_POST_VARS['cust_name'])&&!isset($HTTP_POST_VARS['cust_pass']))
{
//Visitor needs to enter a name and password
?>
<h1>Please Log In</h1>
This page is secret.
<form method="post" action="secretdb.php">
<table border="1">
<tr>
<th> Username </th>
<td> <input type="text" name="cust_name"> </td>
</tr>
<tr>
<th> Password </th>
<td> <input type="password" name="cust_pass"> </td>
</tr>
<tr>
<td colspan="2" align="center">
<input type="submit" value="Log In">
</td>
</tr>
</table>
</form>
<?php
}
else
{
// connect to mysql
$mysql = mysql_connect( 'localhost', 'abdullah');
if(!$mysql)
{
echo 'Cannot connect to database.';
exit;
}
// select the appropriate database
$mysql = mysql_select_db( 'test' );
if(!$mysql)
{
echo 'Cannot select database.';
exit;
}

// query the database to see if there is a record which matches
$query = "select count(*) from jvsd0001_customers where
cust_name = '$cust_name' and
cust_pass = '$cust_pass'";

$result = mysql_query( $query );
if(!$result)
{
echo 'Cannot run query.';
exit;
}

$count = mysql_result( $result, 0, 0 );

if ( $count > 0 )
{
// visitor's name and password combination are correct
echo '<h1>Here it is!</h1>';
echo 'I bet you are glad you can see this secret page.';
}
else
{
// visitor's name and password combination are not correct
echo '<h1>Go Away!</h1>';
echo 'You are not authorized to view this resource.';
}
}
?>

Can abody tell me what I'm doing wrong here, please!
Jul 17 '05 #1
Share this Question
Share on Google+
6 Replies


P: n/a

Well, in answer to your question, you need to change a few lines:

For starters:

mysql_connect ("localhost", "abdullah") or die ('My SQL Error: ' .
mysql_error());
mysql_select_db ("test");

should read:

$db = mysql_connect("localhost", "abdullah") or die ('My SQL Error: ' .
mysql_error());
mysql_select_db("test", $db);

Secondly:

$stuff = mysql_query("SELECT * FROM 'jvsd0001_customers` WHERE
username='".$cust_name."' AND password='".$cust_pass."'")

should read:

$stuff = mysql_query("SELECT * FROM jvsd0001_customers WHERE
username='".$cust_name."' AND password='".$cust_pass."'", $db);

This is because PHP can manage several databases at once, so you need to
give each database a variable name. I've chosen $db, but you can use
whatever you want.

Secondly, you should probably be using encrypted passwords. It's just a
good idea. It's even built right in to MySQL. Instead of using password =
"your password here", you would use password = password("your password
here"). This will encode the password into a 16-digit hexadecimal string.

Next, if a user enters a quotation mark into their username or password,
it'll screw up your query. I'm not sure if there's a simple way of fixing
this.

Hopefully, this helps.

--
Jonathan Lamothe
Founder of the Anime Void.
http://ani-void.cjb.net
Jul 17 '05 #2

P: n/a
Jonathan Lamothe wrote:
Next, if a user enters a quotation mark into their username or password,
it'll screw up your query. I'm not sure if there's a simple way of fixing
this.


$sql .= "WHERE '".str_replace("'","''",$dubious_user_input)."' ";

Jul 17 '05 #3

P: n/a
Look at your line:

username='".$cust_name."' AND password='".$cust_pass."'"

and write

username='$cust_name' AND password='$cust_pass'")

instead.
Eagle
On 24 Nov 2003 13:38:20 -0800, da**@cogeco.ca (Dal) wrote:
Help! I'm trying to get a login script to work.

I get this error message

MySQL Login Error: You have an error in your SQL syntax near
''jvsd0001_customers` WHERE cust_name='testuser' AND
cust_pass='test123'' at line 1

I'm using a database called test
here is mysql table:
mysql> select * from jvsd0001_customers;
+---------+-----------+---------------+
| cust_id | cust_name | cust_password |
+---------+-----------+---------------+
| 1 | testuser | test123 |
+---------+-----------+---------------+
1 row in set (0.00 sec)

[jvsd0001@hal] pico login.php

UW PICO(tm) 4.2 File:
login.php Modified

<?php
$username = $_POST['user'];
$password = $_POST['pass'];
if (!$_POST['pass'] && !$_POST['user']) {
?>
<html><b>Member Login</b>
<br><form method="POST">Username:
<br><input type="text" name="user" value="">
<br>Password:
<br><input type="text" name="pass" value="">
<br><input type="submit" name="submit" value="Login">
<?php
} else {
mysql_connect ("localhost", "abdullah") or die ('My SQL Error: ' .
mysql_error());
mysql_select_db ("test");
$stuff = mysql_query("SELECT * FROM 'jvsd0001_customers` WHERE
username='".$cust_name."' AND password='".$cust_pass."'") or
die("MySQL
Login Error: ".mysql_error());
if (mysql_num_rows($stuff) > 0) {
echo("Logged in");
} else {
echo("Login Incorrect. Please Try Again!");
}
}
?>

What's wrong???

I can't get this script to work either.

<?php
if(!isset($HTTP_POST_VARS['cust_name'])&&!isset($HTTP_POST_VARS['cust_pass']))
{
//Visitor needs to enter a name and password
?>
<h1>Please Log In</h1>
This page is secret.
<form method="post" action="secretdb.php">
<table border="1">
<tr>
<th> Username </th>
<td> <input type="text" name="cust_name"> </td>
</tr>
<tr>
<th> Password </th>
<td> <input type="password" name="cust_pass"> </td>
</tr>
<tr>
<td colspan="2" align="center">
<input type="submit" value="Log In">
</td>
</tr>
</table>
</form>
<?php
}
else
{
// connect to mysql
$mysql = mysql_connect( 'localhost', 'abdullah');
if(!$mysql)
{
echo 'Cannot connect to database.';
exit;
}
// select the appropriate database
$mysql = mysql_select_db( 'test' );
if(!$mysql)
{
echo 'Cannot select database.';
exit;
}

// query the database to see if there is a record which matches
$query = "select count(*) from jvsd0001_customers where
cust_name = '$cust_name' and
cust_pass = '$cust_pass'";

$result = mysql_query( $query );
if(!$result)
{
echo 'Cannot run query.';
exit;
}

$count = mysql_result( $result, 0, 0 );

if ( $count > 0 )
{
// visitor's name and password combination are correct
echo '<h1>Here it is!</h1>';
echo 'I bet you are glad you can see this secret page.';
}
else
{
// visitor's name and password combination are not correct
echo '<h1>Go Away!</h1>';
echo 'You are not authorized to view this resource.';
}
}
?>

Can abody tell me what I'm doing wrong here, please!


Jul 17 '05 #4

P: n/a
password = password("your password
here").


Hi !

What function is this ???????
It's not even listed in the PHP.net manual or anywhere else I look.
Am I missing something?

Eagle

Jul 17 '05 #5

P: n/a
Eagle wrote:
Look at your line:

username='".$cust_name."' AND password='".$cust_pass."'"

and write

username='$cust_name' AND password='$cust_pass'")

instead.
Eagle


Am I missing something or is that just a coding style issue.

Personally, I prefer the former. It separates the variables out more
clearly and is therefor easier to read for me.

I NEVER include variables references in a double quoted string literals.
But that's just my style.
Jul 17 '05 #6

P: n/a
"Eagle" <ea*********@lycos.com> wrote in message
news:rp********************************@4ax.com...
password = password("your password
here").


Hi !

What function is this ???????
It's not even listed in the PHP.net manual or anywhere else I look.
Am I missing something?

Eagle

It is a function in MySQL, not PHP.
Jul 17 '05 #7

This discussion thread is closed

Replies have been disabled for this discussion.