My first php script involves logining in to a site. I used a tutorial
from a book and it doesn't seem to be working correctly. The code is
below
I started with a simple form to insert a username and password
------------------------------------------------
quote:<?php pass.form.php ?>
<html>
<head><title> User Authentication</title></head>
<body bgcolor="white">
<h2>Please Log in </h2>
<form method="post" action="pass.login.php">
USERNAME: <input type="text" name="user"><br>
PASSWORD: <input type="password" name="pass"><br>
<input type="submit" value="log in">
</form>
</body>
</html>
------------------------------------------------
next comes the login script
------------------------------------------------
quote:<?php
/* verifies username and password */
// set up variables
define ('HOST', 'localhost');
define ('USER', 'root');
define ('PASS', '*******');
define ('DB', 'comp390');
//connect and get numfound
mysql_connect(HOST, USER, PASS);
mysql_select_db(DB);
$result = mysql_query("SELECT COUNT(*) AS numfound FROM users WHERE
user='{$HTTP_POST_VARS['user']} AND
pass='{$HTTP_POST_VARS['pass']}'");
//Decide what we're going to allow
$result_ar = @mysql_fetch_array($result);
if ($result_ar['numfound'] < 1) // ***** LOGIN FAILED ******
{
header('Location: pass.form.php?error=1');
}
else // ***** LOGIN succeeded!! *****
{
echo "Logged in Successfully!";
}
?>
------------------------------------------------
now I have a database set up, comp390. A table called users so as far
as I can see that is ok. I have populated the DB with a few users
giving each a password and I can't get the script to echo... Logged in
Successfully. Even when I use the correct usernames and password. So
before I go any furthur and improve the script I need to sort this
problem out.
Maybe it's not connecting to the DB at all or maybe I have made a
simple typo. Any ideas what I'm overlooking?
4  1700 
Hi,
First, you have to use some kind of error checking in your script.
Since this is your first attempt, do not use the @ error suppression as
it, well, suppresses errors.
Use mysql_error and/or mysql_errno functions to handle errors suitably.
Also all mysql_* functions return a FALSE on failure, so you might want
to check for that.
Second, please do not use $HTTP_POST_VARS[] directly in your SQL query.
Now, with respect to your question, see if your mysql_fetch_array()
returns anything at all (remove the @) and also, do a
print_r($result_ar) to see the contents. That will definitely help
you.
Also, you may want to echo the query you are executing to see if indeed
you are executing the query you think you are.
Add:
$username = $_POST['user']; // and add check for $username existence
$passwd = $_POST['pass']; // and add check for $passwd existence
$query = "SELECT COUNT(*) AS numfound FROM users WHERE
user='".$username."' AND pass='".$passwd."'";
echo "Query to execute: $query <br />";
Hope that helped a bit.
Thanks.
--Kartic
"Kartic" <ka******************@gmail.com> wrote in message
news:11*********************@c13g2000cwb.googlegro ups.com... Hi,
First, you have to use some kind of error checking in your script.
Since this is your first attempt, do not use the @ error suppression as
it, well, suppresses errors.
Use mysql_error and/or mysql_errno functions to handle errors suitably.
Also all mysql_* functions return a FALSE on failure, so you might want
to check for that.
Second, please do not use $HTTP_POST_VARS[] directly in your SQL query.
Now, with respect to your question, see if your mysql_fetch_array()
returns anything at all (remove the @) and also, do a
print_r($result_ar) to see the contents. That will definitely help
you.
Also, you may want to echo the query you are executing to see if indeed
you are executing the query you think you are.
Add:
$username = $_POST['user']; // and add check for $username existence
$passwd = $_POST['pass']; // and add check for $passwd existence
$query = "SELECT COUNT(*) AS numfound FROM users WHERE
user='".$username."' AND pass='".$passwd."'";
echo "Query to execute: $query <br />";
Hope that helped a bit.
Thanks.
--Kartic
Also, as a general rule of thumb, properly escape things within sql
statements; it make debugging easier later on.
So, the query above would become:
$query = "SELECT COUNT(*) AS `numfound` FROM `users` WHERE
`user`='$username' AND pass='$passwd' ";
(also note that you don't need to end the strings around $username and
$passwd like above; since the whole string is double-quoted, PHP will
interpolate the variables in the string)
Most definitely follow the suggestions Kartic has given you (especially with
using @).
Hope this helps.
-Noah
thank you for the replies I will take these onboard when improving my
script this week. Thank you.
paul wrote: My first php script involves logining in to a site. I used a tutorial
from a book and it doesn't seem to be working correctly. The code is
below
<snip>
next comes the login script
------------------------------------------------
quote:<?php
/* verifies username and password */
// set up variables
define ('HOST', 'localhost');
define ('USER', 'root');
define ('PASS', '*******');
define ('DB', 'comp390');
//connect and get numfound
mysql_connect(HOST, USER, PASS);
mysql_select_db(DB);
$result = mysql_query("SELECT COUNT(*) AS numfound FROM users WHERE
user='{$HTTP_POST_VARS['user']} AND
--------------------------------^ missing single-quote
should read:
user='{$HTTP_POST_VARS['user']}' AND
pass='{$HTTP_POST_VARS['pass']}'");
//Decide what we're going to allow
$result_ar = @mysql_fetch_array($result);
if ($result_ar['numfound'] < 1) // ***** LOGIN FAILED ******
{
header('Location: pass.form.php?error=1');
}
else // ***** LOGIN succeeded!! *****
{
echo "Logged in Successfully!";
}
?>
<snip> This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Bob |
last post by:
Hi,
I have a website in a Linux/Apache shared hosting environment and have
been given access to the MySQL server running on the same machine. To
access this database from PHP, I have to call...
|
by: 21novembre |
last post by:
Hi all,
I'm working on my first php+mysql program.
I have a mysqld running and there's a DB named "example" with a table
"tbl". Here it is:
--------------
mysql> use example;
Reading table...
|
by: kamilla |
last post by:
I have a mysql 3.5 server installed on a suse linux 8.1, with address 10.0.0.100.
Now I want to access that db from a W2K pc, address 10.0.0.200.
I am able to ping 10.0.0.100, but I cannot connect...
|
by: news |
last post by:
I have a new situation I'm facing and could use a suggestion or two, as
I don't seem to be able to think in the abstract very well.
We have a local server which holds all of our image files.
We...
|
by: Jeremy Dillinger |
last post by:
I am trying to design a program that will use data from a MySQL database.
Currently all the data is being used with PHP scripts from a website. I am
also trying to build a software solution that...
|
by: NewsReader |
last post by:
Hello,
I have been looking around the net for a script to help me connect to and
help gather information from Cisco routers/switches. I have pieced together
a couple of different scripts from...
|
by: csgraham74 |
last post by:
Hi,
I have recently decided to start using MYSQL instead of MS Access 2003.
After reading through numerous articles i have learnt that i can use
access as a GUI for making changes etc to the...
|
by: d3vkit |
last post by:
Okay so I am at a loss here. I have a website that I've previously had no trouble connecting to the mysql DB on. I have an include to a connect file with the relevant connection info, and it was...
|
by: Ananthu |
last post by:
Hi
I have done all the codings part for connecting mysql with java in eclipse environment.
Coding Part:
import java.sql.Connection;
import java.sql.DriverManager;
public class...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
| |
