jusjus7

ok i will look into that tomorrow as its 1am in the UK right now and i have been at this all day! lol thanks again!!!

YES!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! You my sir are a genius Thank you soooo much i can finally click solved!!

i get 1 displayed on the page

i get this Warning: mysql_fetch_row() expects parameter 1 to be resource, string given in C:\xampp\htdocs\Site1\test\checklogin2.php on line 29 Warning: mysql_num_rows() expects parameter 1 to be resource, null given in C:\xampp\htdocs\Site1\test\checklogin2.php on line 32 Wrong Username or Password

yes it goes from loginre1.php to checklogin2.php and from there it should go to login_success.php, login_success2.php or login_success4.php (depending on user year)

yep but i cant seem to figure out where i have been looking at this code all day and nothing seems to look wrong (to me) <?php session_start(); ini_set('session.bug_compat_42',0); ini_set('session.bug_compat_warn',0); $host="localhost"; // Host name $username="phpuser"; // username $password="phpuser"; // password $db_name="phpsite"; // Database name $tbl_name="users"; // Table name // Replace database connect functions depending on database you are using. mysql_connect("$host", "$username", "$password"); mysql_select_db("$db_name"); //submitting query // username and password sent from form //NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection! $UsersID=mysql_real_escape_string($_POST['UsersID']); $U_Password=mysql_real_escape_string($_POST['U_Password']); $sql="SELECT UsersID,U_YearID FROM users WHERE UsersID='$UsersID' and U_Password='$U_Password'"; //echo $sql; $result=mysql_query($sql); //checking results // Replace counting function based on database you are using. $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row //Direct Userbased on result if($count==1){ // Register $UsersID, $U_Password and redirect to file "login_success.php" $_SESSION['UsersID']=$result[0]; $_SESSION['U_YearID']=$result[1]; if($_SESSION['U_YearID']==1){ header("Location:login_success.php"); exit; } if($_SESSION['U_YearID']==2){ header("Location:login_success2.php"); exit; } if($_SESSION['U_YearID']==4){ header("Location:login_success4.php"); exit; } } else { echo "Wrong Username or Password"; } ?>

yep # Column Type Collation Attributes Null Default Extra Action 1 UsersID varchar(7) latin1_swedish_ci No None Change Drop More 2 U_Password varchar(10) latin1_swedish_ci No None Change Drop More 3 U_YearID varchar(1) latin1_swedish_ci No None Change Drop More 4 U_FirstName tinytext latin1_swedish_ci No None Change Drop More 5 U_LastName tinytext latin1_swedish_ci No None Change Drop More 6 CompanyID

it changes to the checklogin2.php address

but when i put a wrong username or password it does tell me its wrong!!

hmm it doesnt seem to be working as i still get a blank page :/ so its the query :s

nope nothing happens it just gives me a blank checklogin.php page :/ could it be the if statements are not properly written? as i took off the error reporting thing you said this has come up again :/ Warning: Unknown: Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively in Unknown on line 0

nope nothing happens it just gives me a blank checklogin.php page :/ could it be the if statements are not properly written?

so one of the semicolons is wrongly placed?

yes i did and nothing still got blank page

all i get is a blank page back!

That is what i am using $sql="SELECT UsersID,U_YearID FROM users WHERE UsersID='$UsersID' and U_Password='$U_Password'"; <?php session_start(); ini_set('session.bug_compat_42',0); ini_set('session.bug_compat_warn',0); $host="localhost"; // Host name $username="phpuser"; // username $password="phpuser"; // password $db_name="phpsite"; // Database name $tbl_name="users"; // Table name // Replace database connect functions depending on database you are using. mysql_connect("$host", "$username", "$password"); mysql_select_db("$db_name"); //submitting query // username and password sent from form //NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection! $UsersID=mysql_real_escape_string($_POST['UsersID']); $U_Password=mysql_real_escape_string($_POST['U_Password']); $sql="SELECT UsersID,U_YearID FROM users WHERE UsersID='$UsersID' and U_Password='$U_Password'"; //echo $sql; $result=mysql_query($sql); //checking results // Replace counting function based on database you are using. $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row //Direct Userbased on result if($count==1){ // Register $UsersID, $U_Password and redirect to file "login_success.php" $_SESSION['UsersID']=$result[0]; $_SESSION['U_YearID']=$result[1]; if($_SESSION['U_YearID']==1){ header("location:login_success.php"); exit; } if($_SESSION['U_YearID']==2){ header("location:login_success2.php"); exit; } if($_SESSION['U_YearID']==4){ header("location:login_success4.php"); exit; } } else { echo "Wrong Username or Password"; } ?>

this is what i have found error_reporting ; Default Value: E_ALL & ~E_NOTICE ; Development Value: E_ALL | E_STRICT ; Production Value: E_ALL & ~E_DEPRECATED is this what i need to change?

no all i keep getting is a blank page :/

I commented it out and i dont get that sql "error" any more but all i get is a blank page...any ideas would it could be and why its not taking me to any page?

Still nothing i have added session_start() at the top of the php code and still getting that :/ session_start(); ini_set('session.bug_compat_42',0); ini_set('session.bug_compat_warn',0); $host="localhost"; // Host name $username="phpuser"; // username $password="phpuser"; // password $db_name="phpsite"; // Database name $tbl_name="users"; // Table name // Replace database connect functions depending on database you are using. mysql_connect("$host", "$username", "$password"); mysql_select_db("$db_name"); //submitting query // username and password sent from form //NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection! $UsersID=mysql_real_escape_string($_POST['UsersID']); $U_Password=mysql_real_escape_string($_POST['U_Password']); $sql="SELECT UsersID,U_YearID FROM users WHERE UsersID='$UsersID' and U_Password='$U_Password'"; echo $sql; $result=mysql_query($sql); //checking results // Replace counting function based on database you are using. $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row //Direct Userbased on result if($count==1){ // Register $UsersID, $U_Password and redirect to file "login_success.php" $_SESSION['UsersID']=$result[0]; $_SESSION['U_YearID']=$result[1]; if($_SESSION['U_YearID']==1) header("location:login_success.php"); if($_SESSION['U_YearID']==2) header("location:login_success2.php"); if($_SESSION['U_YearID']==4) header("location:login_success4.php"); } else { echo "Wrong Username or Password"; } ?>

SELECT UsersID,U_YearID FROM users WHERE UsersID='aa101' and U_Password='000123456'

i have put it bk in <?php ini_set('session.bug_compat_42',0); ini_set('session.bug_compat_warn',0); $host="localhost"; // Host name $username="phpuser"; // username $password="phpuser"; // password $db_name="phpsite"; // Database name $tbl_name="users"; // Table name // Replace database connect functions depending on database you are using. mysql_connect("$host", "$username", "$password"); mysql_select_db("$db_name"); //submitting query // username and password sent from form //NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection! $UsersID=mysql_real_escape_string($_POST['UsersID']); $U_Password=mysql_real_escape_string($_POST['U_Password']); $sql="SELECT * FROM users WHERE UsersID='$UsersID' and U_Password='$U_Password'"; echo $sql; $result=mysql_query($sql); //checking results // Replace counting function based on database you are using. $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row //Direct Userbased on result if($count==1){ // Register $UsersID, $U_Password and redirect to file "login_success.php" $_SESSION['UsersID']=$result[0]; $_SESSION['U_YearID']=$result[1]; if($_SESSION['U_YearID']==1) header("location:login_success.php"); if($_SESSION['U_YearID']==2) header("location:login_success2.php"); if($_SESSION['U_YearID']==4) header("location:login_success4.php"); } else { echo "Wrong Username or Password"; } ?> and i get this error

This is all the code i am using right now <?php ini_set('session.bug_compat_42',0); ini_set('session.bug_compat_warn',0); $host="localhost"; // Host name $username="phpuser"; // username $password="phpuser"; // password $db_name="phpsite"; // Database name $tbl_name="users"; // Table name //submitting query // username and password sent from form //NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection! $UsersID=mysql_real_escape_string($_POST['UsersID']); $U_Password=mysql_real_escape_string($_POST['U_Password']); $sql="SELECT * FROM users WHERE UsersID='$UsersID' and U_Password='$U_Password'"; echo $sql; $result=mysql_query($sql); //checking results // Replace counting function based on database you are using. $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row //Direct Userbased on result if($count==1){ // Register $UsersID, $U_Password and redirect to file "login_success.php" $_SESSION['UsersID']=$result[0]; $_SESSION['U_YearID']=$result[1]; if($_SESSION['U_YearID']==1) header("location:login_success.php"); if($_SESSION['U_YearID']==2) header("location:login_success2.php"); if($_SESSION['U_YearID']==4) header("location:login_success4.php"); } else { echo "Wrong Username or Password"; } ?>

Nope :/ i get this error now SELECT UsersID, U_YearID FROM users WHERE UsersID='aa101' and U_Password='000123456' Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\Site1\test\checklogin1.php on line 31 Wrong Username or Password

sorry i know i am sounding really dumb but how do i do that? where to i type echo by the select by the from or at the where end?