justin7410

Hey ulferik, i really appreciate the feedback unfortunately i am pretty new to programming and php as a whole. i tried to do what you have said separating the query into its own variable , not sure how to create the return count into a variable $query = mysql_query(" SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username' AND `password`= '$password' "); $result = return(mysql_result($query) ; ????? function login($username, $password){ $user_id = user_id_from_username($username); $username = sanitize($username); $password = md5($password); $query = mysql_query(" SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username' AND `password`= '$password' "); return(mysql_result($query, 0) == 1) ? $user_id : false; I tried printing these on screen using both print_r and var_dump getting either a NULL or undeclared variable error for both my $login variable from the OP .. any other suggestions or help would be greatly appreciated. thanks again guys..

Hey Guys, I am in the beginning stages of creating a user login / register system for my website. currently, i am working on the conditionals to make sure the information logged in is proper , either matching the DB of my users or spitting an error array , letting my users know that either they need to enter both a valid username & pass or that the info entered does not match the Database. i have created a few functions that clean up the $_POST variables using mysql_real_escape_string: and my main function login(); function sanitize($data) { return mysql_real_escape_string($data); } function user_id_from_username($username){ $username = sanitize($username); return (mysql_result(mysql_query(" SELECT `user_id` FROM `users` WHERE `username`= '$username'"), 0 , 'user_id')); } function login($username, $password){ $user_id = user_id_from_username($username); $username = sanitize($username); $password = md5($password); return(mysql_result(mysql_query(" SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username' AND `password` = '$password'"), 0) == 1) ? $user_id : false; } and the conditionals to check the parameters given: if (empty($_POST) === false) { $username = $_POST['loginname']; $password = $_POST['loginpass']; if (empty($username) === true || empty($password) === true) { $errors[] = 'You need to enter a valid Username & Password'; } else if (user_exists($username) === false ) { $errors[] = ' Sorry we could not find this user info in our userbase.'; } else if (user_active($username) === false ) { $errors[] = 'This account still needs to be activated'; } else { $login = login($username, $password); if ($login === false) { $errors[] = ' The Username / Password combination you entered is incorrect.'; } else { echo 'Login Ok!!'; Now finally my issue : When i click login all of my conditionals work except the most important one. When I input a working username and password i am given the same error from my array that the combination is not correct. so its finding the username but the password is not matching and accepting ? any suggestions ? i have been trying to figure this out for a minute. Thanks guys!. edit: (just wanted to add: sorry mods for all caps in title, tried to go back and edit but was to late)

Yes this is what i thought would happen originally, but at the moment i'm watching a PHP tutorial where the person uses this code and implements this code in his video. the code spits out perfectly when he connects to a live server , and echos out all the tables have been created and the data has been inserted. this is just the script from his website to copy and paste to follow along THE ENTIRE CODE HERE: <?php/********************************************************* MySQL PHP Search Exercises by Adam Khoury @ developphp.com MySQL Database Version Used In the Lessons: 5.1.58 PHP Version Used in the Lessons: 5.2.17 For Code Logic and Code Explanations Watch the Videos *********************************************************/ // This script is for auto creating and populating two tables // needed for the exercises in this series // ------------------------------------------------ // Force script errors and warnings to show during production only error_reporting(E_ALL); ini_set('display_errors', '1'); // Connect to your MySQL database here include_once("connect_to_mysql.php"); // Create the table 1 for storing pages $sqlCommand = "CREATE TABLE pages ( id INT UNSIGNED AUTO_INCREMENT NOT NULL PRIMARY KEY, page_title VARCHAR(255), page_body TEXT, page_views INT NOT NULL default '0', FULLTEXT (page_title,page_body) ) ENGINE=MyISAM"; $query = mysql_query($sqlCommand) or die(mysql_error()); echo "<h3>Success creating Pages table</h3>"; // Create the table 2 for storing Blog entries $sqlCommand = "CREATE TABLE blog ( id INT UNSIGNED AUTO_INCREMENT NOT NULL PRIMARY KEY, blog_title VARCHAR(255), blog_body TEXT, blog_views INT NOT NULL default '0', FULLTEXT (blog_title,blog_body) ) ENGINE=MyISAM"; $query = mysql_query($sqlCommand) or die(mysql_error()); echo "<h3>Success creating Blog table</h3>"; // Insert dummy data into the pages table $sqlCommand = "INSERT INTO pages (page_title,page_body) VALUES ('PHP Random Number','Learn to generate a random number using PHP blah blah blah'), ('Javascript Clock','Build a Javascript digital clock in this tutorial blah blah blah'), ('Flash Gallery','Use Actionscript to build a Flash Photo gallery blah blah blah'), ('XML RSS FEED','Learn to assemble XML RSS Feeds for your website blah blah blah'), ('CSS Shadows','Learn text and container shadow techniques using CSS blah blah blah'), ('HTML5 Canvas Tag','Learn how to animate the HTML5 Canvas tag using blah blah blah'), ('PHP Calculator','Learn to build a working calculator using PHP and blah blah blah'), ('Flash Website','Learn to create a full flash website template blah blah blah')"; $query = mysql_query($sqlCommand) or die(mysql_error()); echo "<h3>Success populating the pages table with data</h3>"; // Insert dummy data into the blog table $sqlCommand = "INSERT INTO blog (blog_title,blog_body) VALUES ('Trip to Disney World','Disney world would have been fun if I were 10 blah blah blah'), ('Refrigeration School','I graduated school finally after blah blah blah'), ('Big Giant Doodoo','In the bathroom today I made the biggest doodoo blah blah blah'), ('New Pet Bird','Today I got a new bird that repeats everything blah blah blah'), ('Pet Bird Died','My cat ate my bird today so as punishment I blah blah blah')"; $query = mysql_query($sqlCommand) or die(mysql_error()); echo "<h3>Success populating the blog table with data</h3>"; ?> At first, i thought he was placing a variable that you yourself are suppose to rename to whatever you want, then watching along further he was just using the same variable. is there something i'm simply missing or not understanding ?

I have a variable called $sqlCommand , variable is listed twice with two different values. the first $sqlCommand is holding a value of creating a table called page the second $sqlCommand is holding a value of create a table called blog As you can see in the code below : // Create the table 1 for storing pages $sqlCommand = "CREATE TABLE pages ( id INT UNSIGNED AUTO_INCREMENT NOT NULL PRIMARY KEY, page_title VARCHAR(255), page_body TEXT, page_views INT NOT NULL default '0', FULLTEXT (page_title,page_body) ) ENGINE=MyISAM"; $query = mysql_query($sqlCommand) or die(mysql_error()); echo "<h3>Success creating Pages table</h3>"; // Create the table 2 for storing Blog entries $sqlCommand = "CREATE TABLE blog ( id INT UNSIGNED AUTO_INCREMENT NOT NULL PRIMARY KEY, blog_title VARCHAR(255), blog_body TEXT, blog_views INT NOT NULL default '0', FULLTEXT (blog_title,blog_body) ) ENGINE=MyISAM"; $query = mysql_query($sqlCommand) or die(mysql_error()); echo "<h3>Success creating Blog table</h3>"; My question is how is php reading this as two separate values ?? they both seem to be declared in a global fashion , yet when they are inputted into the $query function they both are produced separately ? anybody know the reason for this ? thanks.

you sir are awesome ! rep for you ! thanks man

hmm that makes zero sense to me . its calling to look at my dbconnect.php to a line that is not even holding any code. my dbconnect doesnt call to any header , it simply contains the connection to the DB and 2 conditionals simply checking if the DB and and server are connected to . <?php // CONNECTION TO DATABASE $connect = mysql_connect('localhost','username','pass'); $db = mysql_select_db('db_2_connect', $connect); if (!$connect) { die('Could not connect to Server: ' . mysql_error()); } if (!$db) { die('Could not connect to Database: ' . mysql_error()); } ?> for the life of me i cant make the connection of how the error calls this page. ??

Ah i see what your saying that makes sense . So there error is reporting now This is my code: <?php include('include/init.php'); error_reporting(E_ALL); ini_set("display_errors", 1); $id = $_GET['id']; $idQuery = mysql_query( "SELECT * FROM `content` WHERE `id`=$id LIMIT 0 , 20"); if(isset($id)){ $rows = mysql_fetch_assoc($idQuery); if (isset($rows['id'])){ extract($rows); } } if( ! is_numeric($id]) ) { header("location: index.php"); exit; } ?> Now the error i receive after putting in the code you added i display these errors: Warning: Cannot modify header information - headers already sent by (output started at /home/justin/public_html/core/database/dbconnect.php:35) in /home/justin/public_html/watch.php on line 21 i played around with the position of the header trying to put it after the variable is declared, with no luck . any other suggestions ?

i also added the exit i forgot to mention but thanks for adding that... if( ! is_numeric($id) ) { header("Location: index.php"); exit(); } for the error reporting error_reporting(E_ALL); ini_set("display_errors", 1); why is this needed for the header(); to work ?

Trying to create a Redirect using PHP , to first check for a valid ID, if valid id is missing to send back to index.php My first code: if( ! is_numeric($id) ) { die('Sorry, you selected an invalid ID'); } This works perfectly fine and when deleting the id from the URL , the die occurs and i get the correct error message. Now , I am trying to create a redirect after the security measure The code i entered was the following: if( ! is_numeric($id) ) { header("Location: index.php"); } Now this code does not seem to do the trick, since when i go to the URL and delete the id to check if anything happens, the page redirect sends me nowhere. Keep in mind the FIRST CODE is being replaced by the SECOND CODE and they are NOT included together Any thoughts or suggestions ?? Thanks

So i have answered my own question : the solution was simple. ; if(isset($_GET[$pageid])){ needs to be if(isset($pageid)){ hope this helps anyone else that has issues with this kind of problem , thanks for your help regardless jazzman

above the query ... check the bottom of the first post. the variable is named $pageid .. not $id thats a typo on the question. it would be if(isset($_GET[$pageid])){

Hey Jazzman, thanks for the reply. i really thought that back tick would help solve the issue, that was a typo on my part and was not a problem in the code. i am still trying to solve this issue. my print_r does not return my $rows nor can i echo any variables from my extract(). any other suggestions guys ??

Hey guys , I am currently trying to create a dynamic page layout using data that i am pulling from my database.(mysql) i have created the a href to show page.php?title=$title&id=$Id then i created the page.php where the code will be inserted to spit out the page after matching the ids this is where the problem ensues, i have created some conditionals At first, i had this code: <? $content = mysql_query("SELECT * FROM `content` ORDER BY rating, votes DESC LIMIT 0 , 30"); ?> <? if(isset($_GET['id'])){ $row = mysql_fetch_assoc($content); if (isset($row['id'])){ extract($row); } } if (!isset($_GET['movieid'])){ header("Location: i.php"); exit(); } print_r ($rows); //shows the entire array ?> but my problem that i was encountering was that any link i clicked was not producing a different ID to the URL, it was just spitting out the same array for every link i clicked on . i then tried hunting my $_GET and figured to find where the variables are coming from. and to change my SQL query to locate the correct variable i figured that the issue must be that my sql statement is not matching the $_GET to the field of the Database( 'id' ) , although that is the name of the field. i then changed it up to this simple code: $pageid = $_GET['id']; $title = $_GET['title']; $idQuery = mysql_query(" SELECT * FROM `content` WHERE 'id'=$pageid LIMIT 0 , 20"); if(isset($_GET[$id])){ $rows = mysql_fetch_assoc($idQuery); if (isset($rows['id'])){ extract($rows); } } print_r ($rows) // nothing is found i really wish to figure this out without being spoon fed the answer, but i have been stuck on this for a few nights and really could use some suggestions. thanks guys