Help

Next, if a user enters a quotation mark into their username or password,
it'll screw up your query. I'm not sure if there's a simple way of fixing
this.

Help! I'm trying to get a login script to work.

I get this error message

MySQL Login Error: You have an error in your SQL syntax near
''jvsd0001_customers` WHERE cust_name='testuser' AND
cust_pass='test123'' at line 1

I'm using a database called test
here is mysql table:
mysql> select * from jvsd0001_customers;
+---------+-----------+---------------+
| cust_id | cust_name | cust_password |
+---------+-----------+---------------+
| 1 | testuser | test123 |
+---------+-----------+---------------+
1 row in set (0.00 sec)

[jvsd0001@hal] pico login.php

UW PICO(tm) 4.2 File:
login.php Modified

<?php
$username = $_POST['user'];
$password = $_POST['pass'];
if (!$_POST['pass'] && !$_POST['user']) {
?>
<html><b>Member Login</b>
<br><form method="POST">Username:
<br><input type="text" name="user" value="">
<br>Password:
<br><input type="text" name="pass" value="">
<br><input type="submit" name="submit" value="Login">
<?php
} else {
mysql_connect ("localhost", "abdullah") or die ('My SQL Error: ' .
mysql_error());
mysql_select_db ("test");
$stuff = mysql_query("SELECT * FROM 'jvsd0001_customers` WHERE
username='".$cust_name."' AND password='".$cust_pass."'") or
die("MySQL
Login Error: ".mysql_error());
if (mysql_num_rows($stuff) > 0) {
echo("Logged in");
} else {
echo("Login Incorrect. Please Try Again!");
}
}
?>

What's wrong???

I can't get this script to work either.

<?php
if(!isset($HTTP_POST_VARS['cust_name'])&&!isset($HTTP_POST_VARS['cust_pass']))
{
//Visitor needs to enter a name and password
?>
<h1>Please Log In</h1>
This page is secret.
<form method="post" action="secretdb.php">
<table border="1">
<tr>
<th> Username </th>
<td> <input type="text" name="cust_name"> </td>
</tr>
<tr>
<th> Password </th>
<td> <input type="password" name="cust_pass"> </td>
</tr>
<tr>
<td colspan="2" align="center">
<input type="submit" value="Log In">
</td>
</tr>
</table>
</form>
<?php
}
else
{
// connect to mysql
$mysql = mysql_connect( 'localhost', 'abdullah');
if(!$mysql)
{
echo 'Cannot connect to database.';
exit;
}
// select the appropriate database
$mysql = mysql_select_db( 'test' );
if(!$mysql)
{
echo 'Cannot select database.';
exit;
}

// query the database to see if there is a record which matches
$query = "select count(*) from jvsd0001_customers where
cust_name = '$cust_name' and
cust_pass = '$cust_pass'";

$result = mysql_query( $query );
if(!$result)
{
echo 'Cannot run query.';
exit;
}

$count = mysql_result( $result, 0, 0 );

if ( $count > 0 )
{
// visitor's name and password combination are correct
echo '<h1>Here it is!</h1>';
echo 'I bet you are glad you can see this secret page.';
}
else
{
// visitor's name and password combination are not correct
echo '<h1>Go Away!</h1>';
echo 'You are not authorized to view this resource.';
}
}
?>

Can abody tell me what I'm doing wrong here, please!

password = password("your password
here").

Look at your line:

username='".$cust_name."' AND password='".$cust_pass."'"

and write

username='$cust_name' AND password='$cust_pass'")

instead.
Eagle

password = password("your password
here").

Hi !

What function is this ???????
It's not even listed in the PHP.net manual or anywhere else I look.
Am I missing something?

Eagle