Jump to content

PHP Login Help Please


avh13

Recommended Posts

Hi,

 

I am new to php and I am having trouble with a php login code for website I am making. I am getting a response saying "notice undefined variable row"

 

this is what I have thus far: How would I define that row? 

<?php

 

$db_usr= $_POST["userid"];
$db_pswd= $_POST["password"];
$con=mysql_connect("localhost",$db_user,$db_pass, $db_name);
if(! $con)
{
        die('Connection Failed'.mysql_error());
}
mysql_select_db("*****",$con);
$sql=mysql_query("SELECT * FROM users WHERE userid='name' and password='password'");
$result=mysql_query($sql);
{
    if($row["userid"]==$db_usr && $row["password"]==$db_pswd)
        echo "Welcome Back  $db_usr "; 
    else
        echo "Sorry  $db_usr";
}

?>

Link to comment
Share on other sites

This logic seems really off key to me.

 

So, the values $_POST["userid"] and $_POST["password"] come from the form yes? Are they values which the user enters?

 

With your mysql_connect() function, it takes only 3 parameter, but but you have specified 4 making me think you have got mixed up the with mysqli_ connect() extension which takes 4 - (host,user,password,db).

 

mysql_connect() takes 3 - host, user, pass.

 

You then connect to the database using mysql_select_db() - accepting 2 parameters the database name/variable and the link/connection variable.

 

Having said that, you should really be using the mysqli_ extension as mysql standard declaration has been deprecated as of 5.5.0.

 

Kind regards,

 

L2c.

Link to comment
Share on other sites

The $row variable you are using isn't set anywhere. After result you should do something like $row = mysql_fetch_assoc($result);

 

Also, put code in code brackets, identified by the "<>" icon.

Link to comment
Share on other sites

Try changing your code to this and see if it helps you:

 
$db_usr= $_POST["userid"];
$db_pswd= $_POST["password"];
$con=mysql_connect("localhost",$db_user,$db_pass, $db_name);
if(! $con)
{
        die('Connection Failed'.mysql_error());
}
mysql_select_db("*****",$con);
$sql=mysql_query("SELECT * FROM users WHERE userid={$db_usr} and password={$db_pswd}");
 
$rows = mysql_num_rows($sql);
 
if($rows == 1)
{
     echo "Welcome back, ".$db_usr;
}
else
{
    echo "You did not enter a correct username/password.";
}
 

You would also set a session if you are looking to create a user login system. Sessions retain their value when navigating through different pages on your website. A standard variable will not work as once the script ends, the standard variables' value is lost.

 

Regards,

 

L2c.

Edited by Love2c0de
Link to comment
Share on other sites

Try changing your code to this and see if it helps you:

 
$db_usr= $_POST["userid"];
$db_pswd= $_POST["password"];
$con=mysql_connect("localhost",$db_user,$db_pass, $db_name);
if(! $con)
{
        die('Connection Failed'.mysql_error());
}
mysql_select_db("*****",$con);
$sql=mysql_query("SELECT * FROM users WHERE userid={$db_usr} and password={$db_pswd}");
 
$rows = mysql_num_rows($sql);
 
if($rows == 1)
{
     echo "Welcome back, ".$db_usr;
}
else
{
    echo "You did not enter a correct username/password.";
}
 

You would also set a session if you are looking to create a user login system. Sessions retain their value when navigating through different pages on your website. A standard variable will not work as once the script ends, the standard variables' value is lost.

 

Regards,

 

L2c.

 

This code would only work if every single user who signed up with the site actually has a PMA accoutn as well...

 

More seriously, think SQL INJECTION. This is not the way to prevent it.

Link to comment
Share on other sites

More seriously, think SQL INJECTION. This is not the way to prevent it.

 

Of course, had the topic continued I would told him about the dangers of putting data straight into a query but he didn't seem to reply so never got the chance.

 

I believe he could be back when he has some unexpected results :happy-04:

 

Regards,

 

L2c.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.