Mobil-D

Never mind, got it working. Thanks guys.

Thanks for the reply PFMaBiSmAd (and sorry about the oversight Pikachu2000). I'll definitely follow your security advice whenever I start working on production networks. Right now I'm working purely locally and all I want is for the thing to work. I hear what you're saying about '$_SESSION['con']', I've replaced that with '$con'. But mysql_error() returns nothing when I try to execute a query.

I'm hoping someone can help me cos my hair's going white with this one. I'm trying to put together a script that acts as web-based interface to an SQL server. There are actually two parts, admin.htm and admin.php. The first part is just a form that passes login credentials to the PHP file. That part seems to work fine, but I'll post the source anyway: - <!DOCTYPE HTML> <html lang="en"> <head> <title>SQL admin login</title> <meta charset="iso-8859-1" /> </head> <body> <form action="admin.php" method="post"> <label for="username">Username: -</label> <br /> <input type="text" name="username" id="username" /> <br /> <br /> <label for="password">Password: -</label> <br /> <input type="password" name="password" id="password" /> <br /> <br /> <label for="server">Server: -</label> <br /> <input type="text" name="server" id="server" /> <br /> <br /> <label for="database">Database: -</label> <br /> <input type="text" name="database" id="database" /> <br /> <br /> <input type="submit" value="Login" /> <input type="reset" value="Reset" /> </form> </body> </html> Following is the content of admin.php. By this point I can see the connection in MySQL Workbench, and when I submit the query 'SELECT * FROM subscribers' it's being stored in '$_POST['query']', but 'mysql_query($_POST['query'],$_SESSION['con']);' is returning nothing. There is definitely a record in that table, and the user I'm logging on with has permission to run the 'SELECT' command against this database, so I can't figure out why mysql_query(); is returning nothing: - <!DOCTYPE HTML> <?php session_start(); if(!$_SESSION['con']) { if(!($_POST['username'] || $_POST['password'])) { if(!($_SESSION['username'] || $_SESSION['password'])) { $error="Username and password variables empty."; } } else { $_SESSION['username']=mysql_real_escape_string($_POST['username']); $_SESSION['password']=mysql_real_escape_string($_POST['password']); $_SESSION['server']=mysql_real_escape_string($_POST['server']); $_SESSION['database']=mysql_real_escape_string($_POST['database']); $_SESSION['con']=mysql_pconnect($_SESSION['server'],$_SESSION['username'],$_SESSION['password']); if(!$_SESSION['con']) { $error="Failed to connect to server."; } else { $database=mysql_select_db($_SESSION['database'],$_SESSION['con']); if(!$database) { $error="Failed to connect to database."; } } } } if(!$_POST['query']) { $error="No query submitted."; } else { $result=mysql_query($_POST['query'],$_SESSION['con']); if(!$result) { $error="Query returned nothing."; } } ?> <html lang="en"> <head> <title>SQL admin interface</title> <meta charset="iso-8859-1" /> </head> <body> <form action="admin.php" method="post"> <textarea name="query" rows="10" cols="50">SELECT * FROM subscribers</textarea> <br /> <br /> <input type="submit" value="Submit query" /> </form> <?php if($error) { echo $_POST['query']."<br /><br />".$result."<br /><br />".$error; die(); } else { while($row=mysql_fetch_assoc($result)) { echo $row['name']." ".$row['email']; echo "<br />"; } } ?> </body> </html> Can anyone help? MOD EDIT: . . . tags added.

PHP/MySQL newbie here hoping you guys will be able to help me. I've only been working with each of them for about a week or so, and I've inevitably started hitting brick walls which I can't seem to get around no matter how many comments I add to my code telling me what it's actually supposed to do. Anyway, just wanted to say hai, make myself known, and thank everyone in advance for any help or advice you can offer me.