By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,952 Members | 985 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,952 IT Pros & Developers. It's quick & easy.

is my script connecting to MySQL correctly?

P: n/a
My first php script involves logining in to a site. I used a tutorial
from a book and it doesn't seem to be working correctly. The code is
below

I started with a simple form to insert a username and password
------------------------------------------------
quote:<?php pass.form.php ?>
<html>

<head><title> User Authentication</title></head>

<body bgcolor="white">

<h2>Please Log in </h2>
<form method="post" action="pass.login.php">
USERNAME: <input type="text" name="user"><br>
PASSWORD: <input type="password" name="pass"><br>
<input type="submit" value="log in">
</form>
</body>
</html>
------------------------------------------------
next comes the login script
------------------------------------------------
quote:<?php

/* verifies username and password */
// set up variables
define ('HOST', 'localhost');
define ('USER', 'root');
define ('PASS', '*******');
define ('DB', 'comp390');
//connect and get numfound
mysql_connect(HOST, USER, PASS);
mysql_select_db(DB);
$result = mysql_query("SELECT COUNT(*) AS numfound FROM users WHERE
user='{$HTTP_POST_VARS['user']} AND
pass='{$HTTP_POST_VARS['pass']}'");

//Decide what we're going to allow
$result_ar = @mysql_fetch_array($result);
if ($result_ar['numfound'] < 1) // ***** LOGIN FAILED ******
{
header('Location: pass.form.php?error=1');

}
else // ***** LOGIN succeeded!! *****
{
echo "Logged in Successfully!";
}
?>
------------------------------------------------
now I have a database set up, comp390. A table called users so as far
as I can see that is ok. I have populated the DB with a few users
giving each a password and I can't get the script to echo... Logged in
Successfully. Even when I use the correct usernames and password. So
before I go any furthur and improve the script I need to sort this
problem out.

Maybe it's not connecting to the DB at all or maybe I have made a
simple typo. Any ideas what I'm overlooking?

Jul 17 '05 #1
Share this Question
Share on Google+
4 Replies


P: n/a
Hi,

First, you have to use some kind of error checking in your script.
Since this is your first attempt, do not use the @ error suppression as
it, well, suppresses errors.

Use mysql_error and/or mysql_errno functions to handle errors suitably.
Also all mysql_* functions return a FALSE on failure, so you might want
to check for that.

Second, please do not use $HTTP_POST_VARS[] directly in your SQL query.

Now, with respect to your question, see if your mysql_fetch_array()
returns anything at all (remove the @) and also, do a
print_r($result_ar) to see the contents. That will definitely help
you.

Also, you may want to echo the query you are executing to see if indeed
you are executing the query you think you are.

Add:
$username = $_POST['user']; // and add check for $username existence
$passwd = $_POST['pass']; // and add check for $passwd existence
$query = "SELECT COUNT(*) AS numfound FROM users WHERE
user='".$username."' AND pass='".$passwd."'";
echo "Query to execute: $query <br />";
Hope that helped a bit.

Thanks.
--Kartic

Jul 17 '05 #2

P: n/a
"Kartic" <ka******************@gmail.com> wrote in message
news:11*********************@c13g2000cwb.googlegro ups.com...
Hi,

First, you have to use some kind of error checking in your script.
Since this is your first attempt, do not use the @ error suppression as
it, well, suppresses errors.

Use mysql_error and/or mysql_errno functions to handle errors suitably.
Also all mysql_* functions return a FALSE on failure, so you might want
to check for that.

Second, please do not use $HTTP_POST_VARS[] directly in your SQL query.

Now, with respect to your question, see if your mysql_fetch_array()
returns anything at all (remove the @) and also, do a
print_r($result_ar) to see the contents. That will definitely help
you.

Also, you may want to echo the query you are executing to see if indeed
you are executing the query you think you are.

Add:
$username = $_POST['user']; // and add check for $username existence
$passwd = $_POST['pass']; // and add check for $passwd existence
$query = "SELECT COUNT(*) AS numfound FROM users WHERE
user='".$username."' AND pass='".$passwd."'";
echo "Query to execute: $query <br />";
Hope that helped a bit.

Thanks.
--Kartic


Also, as a general rule of thumb, properly escape things within sql
statements; it make debugging easier later on.
So, the query above would become:

$query = "SELECT COUNT(*) AS `numfound` FROM `users` WHERE
`user`='$username' AND pass='$passwd' ";

(also note that you don't need to end the strings around $username and
$passwd like above; since the whole string is double-quoted, PHP will
interpolate the variables in the string)

Most definitely follow the suggestions Kartic has given you (especially with
using @).

Hope this helps.

-Noah
Jul 17 '05 #3

P: n/a
thank you for the replies I will take these onboard when improving my
script this week. Thank you.

Jul 17 '05 #4

P: n/a
paul wrote:
My first php script involves logining in to a site. I used a tutorial
from a book and it doesn't seem to be working correctly. The code is
below

<snip>

next comes the login script
------------------------------------------------
quote:<?php

/* verifies username and password */
// set up variables
define ('HOST', 'localhost');
define ('USER', 'root');
define ('PASS', '*******');
define ('DB', 'comp390');
//connect and get numfound
mysql_connect(HOST, USER, PASS);
mysql_select_db(DB);
$result = mysql_query("SELECT COUNT(*) AS numfound FROM users WHERE
user='{$HTTP_POST_VARS['user']} AND
--------------------------------^ missing single-quote

should read:

user='{$HTTP_POST_VARS['user']}' AND
pass='{$HTTP_POST_VARS['pass']}'");

//Decide what we're going to allow
$result_ar = @mysql_fetch_array($result);
if ($result_ar['numfound'] < 1) // ***** LOGIN FAILED ******
{
header('Location: pass.form.php?error=1');

}
else // ***** LOGIN succeeded!! *****
{
echo "Logged in Successfully!";
}
?>


<snip>
Jul 17 '05 #5

This discussion thread is closed

Replies have been disabled for this discussion.