Hi guys,
I found this script: http://hvassing.com/2007/simple-php-...#comment-31549
but if I try to recall, in a page I created, the variable "username"
that a user fill in the login page, it does not work.
How could I retrieve the "username", in other pages, using sessions?
I think that the answer is in the last 8 lines of code of
"manage-check.php" but I do not know how....
For example if I fill this code in "members-only.php":
---------------------------------------
<?
$db=mysql_connect('XXXX.YYYYYYYYYYYY.ZZZ','user',' 123456') or
die(mysql_error());
mysql_select_db("XXXX",$db);
$result=mysql_query("SELECT * FROM members
WHERE username="$_POST[username]"");
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
while ($record = mysql_fetch_row($result)){
echo "id: ".$record[0]."<br />";
echo "NOME: ".$record[1]."<br />";
echo "<br />";
}
---------------------------------------
it does not work!!!
How could I retrieve "username" using "WHERE username="?????????" ???
TNX in advance! 9  1837 
On Dec 28, 12:13*pm, lukk3tt0 <lu...@ghjghjhg.llwrote:
Hi guys,
I found this script:http://hvassing.com/2007/simple-php-...session-and-my...
but if I try to recall, in a page *I created, the variable "username"
that a user fill in the login page, it does not work.
How could I retrieve the "username", in other pages, using sessions?
hmmm cannot quite follow, but a common thing (which even I made when
using sessions first time :-|) is to forget to user start_session()
every time. It does not start the sesstion, just gives you access to
it.
$result=mysql_query("SELECT * FROM members
WHERE username="$_POST[username]"");
Gee... I have been wondering whether the post can be in there, but
*just in case* I have always used it like this
$result=mysql_query("SELECT * FROM members WHERE username=\"".
$_POST["username"]."\"");
or
$result=mysql_query("SELECT * FROM members WHERE username=\"".
$_SESSTION["username"]."\"");
say
if(isset($_SESSTION["username"]))
$result=mysql_query("SELECT * FROM members WHERE username=\"".
$_SESSTION["username"]."\"");
else
$result=mysql_query("SELECT * FROM members WHERE username=\"".
$_POST["username"]."\"");
WBR
Sonnich
On Dec 28, 6:13 pm, lukk3tt0 <lu...@ghjghjhg.llwrote:
Hi guys,
I found this script:http://hvassing.com/2007/simple-php-...session-and-my...
but if I try to recall, in a page I created, the variable "username"
that a user fill in the login page, it does not work.
How could I retrieve the "username", in other pages, using sessions?
I think that the answer is in the last 8 lines of code of
"manage-check.php" but I do not know how....
For example if I fill this code in "members-only.php":
---------------------------------------
<?
$db=mysql_connect('XXXX.YYYYYYYYYYYY.ZZZ','user',' 123456') or
die(mysql_error());
mysql_select_db("XXXX",$db);
$result=mysql_query("SELECT * FROM members
WHERE username="$_POST[username]"");
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
while ($record = mysql_fetch_row($result)){
echo "id: ".$record[0]."<br />";
echo "NOME: ".$record[1]."<br />";
echo "<br />";}
---------------------------------------
it does not work!!!
How could I retrieve "username" using "WHERE username="?????????" ???
TNX in advance!
The MySQL Select should be like
SELECT `field`, `field` FROM `table` WHERE `field`='value';
you need the '' unless the field is kinda int
lukk3tt0 wrote:
Hi guys,
I found this script:
http://hvassing.com/2007/simple-php-...#comment-31549
but if I try to recall, in a page I created, the variable "username"
that a user fill in the login page, it does not work.
How could I retrieve the "username", in other pages, using sessions?
I think that the answer is in the last 8 lines of code of
"manage-check.php" but I do not know how....
For example if I fill this code in "members-only.php":
---------------------------------------
<?
$db=mysql_connect('XXXX.YYYYYYYYYYYY.ZZZ','user',' 123456') or
die(mysql_error());
mysql_select_db("XXXX",$db);
$result=mysql_query("SELECT * FROM members
WHERE username="$_POST[username]"");
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
while ($record = mysql_fetch_row($result)){
echo "id: ".$record[0]."<br />";
echo "NOME: ".$record[1]."<br />";
echo "<br />";
}
---------------------------------------
it does not work!!!
How could I retrieve "username" using "WHERE username="?????????" ???
TNX in advance!
Enable display_errors and see what you get for messages.
Also, please cross-post; do not multi-post!
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attglobal.net
==================
..oO(jodleren)
>Gee... I have been wondering whether the post can be in there, but
*just in case* I have always used it like this
$result=mysql_query("SELECT * FROM members WHERE username=\"".
$_POST["username"]."\"");
or
$result=mysql_query("SELECT * FROM members WHERE username=\"".
$_SESSTION["username"]."\"");
Strings in SQL are delimited with single quotes. And you _never_ want to
use a user-submitted value directly in a query without any validation.
Read about SQL injection.
Micha
On Dec 28, 2:13 am, lukk3tt0 <lu...@ghjghjhg.llwrote:
Hi guys,
I found this script:http://hvassing.com/2007/simple-php-...session-and-my...
but if I try to recall, in a page I created, the variable "username"
that a user fill in the login page, it does not work.
How could I retrieve the "username", in other pages, using sessions?
I think that the answer is in the last 8 lines of code of
"manage-check.php" but I do not know how....
For example if I fill this code in "members-only.php":
---------------------------------------
<?
$db=mysql_connect('XXXX.YYYYYYYYYYYY.ZZZ','user',' 123456') or
die(mysql_error());
mysql_select_db("XXXX",$db);
$result=mysql_query("SELECT * FROM members
WHERE username="$_POST[username]"");
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
while ($record = mysql_fetch_row($result)){
echo "id: ".$record[0]."<br />";
echo "NOME: ".$record[1]."<br />";
echo "<br />";}
---------------------------------------
it does not work!!!
How could I retrieve "username" using "WHERE username="?????????" ???
TNX in advance!
$result=mysql_query("SELECT * FROM members
WHERE username="$_POST[username]"");
Your quotes are messed up, doing what sskaje said should fix your
problem.
$result = mysql_query("SELECT * FROM members WHERE username=`
$_POST['username']`");
That should fix your problem.
..oO(jp****@gmail.com)
>$result=mysql_query("SELECT * FROM members
WHERE username="$_POST[username]"");
Your quotes are messed up, doing what sskaje said should fix your
problem.
$result = mysql_query("SELECT * FROM members WHERE username=`
$_POST['username']`");
That should fix your problem.
Nope. It will cause a parse error because of the single-quoted array
index inside of a double-quoted string. Additionally it will cause an
SQL error because a backtick (`) is not a valid string delimiter.
Correct:
$result = mysql_query("
SELECT *
FROM members
WHERE username = '$_POST[username]'
");
or
$result = mysql_query("
SELECT *
FROM members
WHERE username = '{$_POST['username']}'
");
Of course this won't fix the SQL injection problem ...
Micha
Michael Fesser wrote:
Read about SQL injection.
Well, I prefer to laught at it: http://xkcd.com/327/
--
----------------------------------
Iván Sánchez Ortega -ivansanchez-algarroba-escomposlinux-punto-org-
Now listening to: Lamb - The K&D Sessions? (1998) - [10] Trans Fatty Acid
(K&D Session) (8:31) (97.000000%)
On Sat, 29 Dec 2007 01:33:01 +0100, Michael Fesser <ne*****@gmx.dewrote:
.oO(jp****@gmail.com)
>$result=mysql_query("SELECT * FROM members
WHERE username="$_POST[username]"");
Your quotes are messed up, doing what sskaje said should fix your
problem.
$result = mysql_query("SELECT * FROM members WHERE username=`
$_POST['username']`");
That should fix your problem.
Nope. It will cause a parse error because of the single-quoted array
index inside of a double-quoted string. Additionally it will cause an
SQL error because a backtick (`) is not a valid string delimiter.
Correct:
$result = mysql_query("
SELECT *
FROM members
WHERE username = '$_POST[username]'
");
Which will probably give a notice the constant 'username' is not defined..
or
$result = mysql_query("
SELECT *
FROM members
WHERE username = '{$_POST['username']}'
");
That's the one.
Of course this won't fix the SQL injection problem ...
Very true. And a 'SELECT * ' should never be used in production, only for
testing purposes. Naming the fields you should have will both ease the
load on the server and cause a transparant failure instead of an obscure
one on a table alteration.
--
Rik Wasmus
..oO(Rik Wasmus)
>On Sat, 29 Dec 2007 01:33:01 +0100, Michael Fesser <ne*****@gmx.dewrote:
>$result = mysql_query("
SELECT *
FROM members
WHERE username = '$_POST[username]'
");
Which will probably give a notice the constant 'username' is not defined.
Nope, not in this case. Constants are not resolved in a double-quoted
string (unless you use curly syntax like in the second example).
Whether this syntax is recommended or not is another question, though.
Micha This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Charles E. Pelkey |
last post by:
Hi all,
Got a question for y'all regarding the best way to maintain HUGE forms and
linking them to data tables in MySQL.
I have a set of forms that were created specifically for a Loan...
|
by: Nona Me |
last post by:
Is there a program that can make automatically input forms and views using
the table design information in mysql.
for example:
in mysql you have a table: Customer
with the next field: Name,...
|
by: Jim Johnstone |
last post by:
Some details of my HOME PC. I am running the following ....
Win2000 SP4; IE V6; 512MB RAM; H/Disk Space OK.
In the past couple of weeks I have installed/configured from binaries for ..
MySQL...
|
by: gonzalo briceno |
last post by:
I have been using phplib for a while and I really like the framework
except for form creation. Maybe it is me but I in my opinion there
isn't a good way to create forms or should I say, everything...
|
by: MLH |
last post by:
"The following unexpected error occurred in Sub CopyMySQLbttn_Click,
line #250, CBF on frmVehicleChooserform. 2465: "Can't find the field
'forms' referred to in your expression. You may have...
|
by: Tempo |
last post by:
I have been looking around for a few days for ways to use Python with
HTML forms. What I am interested in doing is placing the data that is
submited through an HTML form and collected by Python...
|
by: greg |
last post by:
HI,
I have an asp page that loops through the forms collection gathering data
from input controls that web surfers have entered in. The problem I have is
when I get to the submit button, I get...
|
by: elyob |
last post by:
Okay, I'm about to add some checkboxes to a form, and then store the data in
a column on a MySQL database. Just wanted to know best practice, at the
moment I'm writing and thinking .. God that's...
|
by: dirk |
last post by:
Hey,
I'm new to php and I'm trying to write some php code so that I can
insert data into a mysql database using html forms.
I've got two text forms and a submit button. When entering data and...
|
by: klimmer |
last post by:
Hello,
I'am used to work with PHP and MySQL on webbased application.
I have to make for my colleagues a program that have to follow a few
dessistions (path) like a flowchart.
The result shood...
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| |
