gtrufitt

How do I INSERT data into a field if it is empty but if it is being updated use the UPDATE query? Is it something like: If ($field = NULL) then { $SQL = "INSERT into TABLE (field) VALUES ('{$_POST['value']}') WHERE userid = '$userid'" } else { $SQL = "UPDATE table SET value = VALUE ('{$_POST['newvalue']}') WHERE userid = '$userid'" } Thanks

Thanks for your help. I now get this error: Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in C:\Inetpub\wwwroot\padgate2\hall\TMP3keoixklx4.php on line 48 The line is: while($row = mysql_fetch_array($m)) { is it because that line is before the query? while($row = mysql_fetch_array($m)) { $hallmembers = "SELECT f_name, l_name FROM user WHERE id = '$userid'"; $m = mysql_query($hallmembers) or die(mysql_error()."<Br /><br /.".$hallmembers); Cheers

Hi, my code is: [code<html> <head> <title>Untitled Document</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <link rel="stylesheet" type="text/css" href="../main.css" /> </head> <body> <?php mysql_connect("localhost", "admin", "admin") or die("Cannot connect to DB!"); mysql_select_db("padgate") or die("Cannot select DB!"); $hall = "SELECT id FROM userhall WHERE hallid = '6'"; $h = mysql_query($hall) or die(mysql_error()."<Br /><br /.".$hall); // don't use your SQL statement in your error. It will let malicious users know your table structure and open it up to sql injection. $rowa = mysql_fetch_array($h); $userid = $rowa['id']; $hallmembers = "SELECT f_name, l_name FROM user WHERE id = '$userid'"; $m = mysql_query($hallmembers) or die(mysql_error()."<Br /><br /.".$hallmembers); // don't use your SQL statement in your error. It will let malicious users know your table structure and open it up to sql injection. $countm = mysql_num_rows($m); ?> <div id="center"> <div id="logo"> <img src="../images/padcommlogo.png" alt="PadComm" /></div> <?php include("../php/login.php"); ?> <div id="date"> <script language="JavaScript" type="text/javascript"> <!-- var currentTime = new Date() var month = currentTime.getMonth() + 1 var day = currentTime.getDate() var year = currentTime.getFullYear() document.write("Today's date is: ") document.write(day + "/" + month + "/" + year) //--> </script> </div> <?php include("../php/navigation.php"); ?> <div id="content"> <h1>Croft Hall</h1></p> <?php if($countm == 0) { echo 'Apparently no one lives in Croft hall!' ; } else { while($row = mysql_fetch_array($m)) echo 'The following people live in Croft Hall! </p>'; echo $row['f_name']; echo ' '; echo $row['l_name']; } ?> </div> <?php include("../php/footer.php"); ?> </div> </body> </html> There are three members linked to the hall ID 6. The table 'userhall' has the columns 'id' - the users id and 'hallid' the hall id. The table user has the colums 'id' - the users id and 'f_name' and 'l_name'. The line "The following people live in Croft Hall!" displays but it does not display any of the members linked to the hall ID. Thanks, Gareth

How stupid! I missed off the end quote in the form! Something so simple, caused so much problems! Thanks for your help everyone. Im sure I will be back soon, you'll be glad to hear! Cheers

Ah right, that brings this back: SELECT email FROM user WHERE email = 'test' AND password = '' Why does it do this? Here is the form again: <form action="authenticate.php" id="login" method="post"> <label for="username">User name:</label><input type="text" id="username" name="username" /> <label for="password">Password:</label><input type="password" id="password" name="password /> <p class="login"><input type="submit" name="login" value="Login" /> </form> Cheers

Here is the register page: <html> <head> <title>Untitled Document</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <link rel="stylesheet" type="text/css" href="main.css" /> </head> <body> <div id="center"> <div id="logo"> <img src="/images/padcommlogo.png" alt="PadComm" /></div> <?php include("php/login.php"); ?> <?php include("php/navigation.html"); ?> <div id="content"> <h2>Sign Up!</h2> <p> </head> <body> <?php include("php/connect.php"); $query = "INSERT INTO user (id, password, email, f_name, l_name) VALUES (0, '{$_POST['password']}', '{$_POST['email']}', '{$_POST['f_name']}', '{$_POST['l_name']}')"; $query2 = "INSERT INTO profile (id) VALUES (0)"; $query3 = "INSERT INTO userhall (id, hallid) VALUES (0, '{$_POST['hallid']}')"; if (@mysql_query ($query)) { if (@mysql_query ($query2)) { if (@mysql_query ($query3)) { print '<p> User Created. </p>'; } else { echo "<p> Could not create user in userhall because: <b> ".mysql_error()." </b> . The query was $query3. </p>"; } } else { echo "<p> Could not create user in user because: <b> ".mysql_error()." </b> . The query was $query2. </p>"; } } else { echo "<p> Could not create user in profile because: <b> ".mysql_error()." </b> . The query was $query. </p>"; } ?> <form action="<?php echo $SERVER['PHP_SELF']; ?>" id="signup" method="post" onsubmit="return checkPw(this)"; "validate_form(this)"> <fieldset> <legend>Sign Up!</legend> <p> <label for name="email">E-Mail address:</label> <input type="text" name="email" size="60" maxsize="60" /> </p> <p> <label for name="password">Password:</label> <input type="password" name="password" size="20" maxsize="20" /> </p> <p> <label for name="password2">Confirm password:</label> <input type="password" name="password2" size="20" maxsize="20" /> </p> <p> <label for name="f_name">First Name:</label> <input type="text" name="f_name" size="45" maxsize="45" /> </p> <p> <label for name="l_name">Last Name: </label> <input type="text" name="l_name" size="45" maxsize="45" /> </p> <p> <label for name="hallid">Hall Number:</label> <select name="hallid"> <option value="1">Hall 1</option> <option value="2">Hall 2</option> <option value="3">Hall 3</option> <option value="4">Hall 4</option> <option value="5">Hall 5</option> <option value="6">Hall 6</option> <option value="7">Hall 7</option> <option value="8">Hall 8</option> <option value="9">Hall 9</option> <option value="10">Off Campus</option> </select> </p> <p class="submit"> <input type="submit" name="submit" value="Sign Up!" /> </fieldset> </form> </div> <?php include("php/footer.php"); ?> </div> </body> </html>

Yup, in your code, I added $count = mysql_num_rows($r); It got rid of the warning but rather frustratingly I still cannot get the username and password to work! On the sign up form is there something that would cause this to happen if the user uses 'test' as their username and 'test' as their password in a varchar field that when they try to login in with this form with the same username and password that would stop it from working!?

Ah right ok, thats great, I understand what you mean. For some reason I am still getting the same problem though. I also get this error with that code. Warning: Wrong parameter count for mysql_num_rows() in C:\Inetpub\wwwroot\padgate2\authenticate.php on line 13

Thanks, I am now seeing invalid login again though, when trying to login. Is there any reason why the word 'test' when added into the varchar fields of email and password, would not work when trying to login?

Yea, the code is now: <?php mysql_connect("localhost", "admin", "admin") or die("Cannot connect to DB!"); mysql_select_db("padgate") or die("Cannot select DB!"); $username = $_POST['username']; $password = $_POST['password']; $sql = "SELECT email FROM user WHERE email = '.$username.' AND password = '.$password.'"; $r = mysql_query($sql) or die(mysql_error()."<Br /><br /.".$sql); { $err=mysql_error(); print $err; exit(); } if(mysql_num_rows($r) == 0) { echo 'no such login please try again.' ; exit(); } else { echo 'successfully logged into system.'; } ?> But only shows a blank page now when the login form is submitted.

Yea, the database username field is named email. Sorry that is slightly confusing. I already have a signup form so the details are added through that, Its plain text at the moment yea. Sorry the layout is: ID - PK - AutoInc PASSWORD - Varchar (20) EMAIL - Varchar (65) F_NAME - Varchar (45) L_NAME - Varchar (45)

Ok, Thanks for that tutorial, I understand that now. Are the variables defined in the correct place here? Also, when I try and login with a username and password that I know are in the mysql user table, the result always comes back as 'no such login please try again.' <?php mysql_connect("localhost", "admin", "admin") or die("Cannot connect to DB!"); mysql_select_db("padgate") or die("Cannot select DB!"); $username = $_POST['username']; $password = $_POST['password']; $sql = "SELECT email FROM user WHERE email = '.$username.' AND password = '.$password.'"; $r = mysql_query($sql) or die(mysql_error()."<Br /><br /.".$sql); if(!$r) { $err=mysql_error(); print $err; exit(); } if(mysql_affected_rows()==0) { echo 'no such login please try again.' ; exit(); } else { echo 'successfully logged into system.'; } ?>

Ok, Cheers, I tried to clean up the code, however, im not sure how to define the variables. Thanks for your help. <?php mysql_connect("localhost", "admin", "admin") or die("Cannot connect to DB!"); mysql_select_db("padgate") or die("Cannot select DB!"); $sql = "SELECT email FROM user WHERE email = '".$username."' AND password = '".$password."'"; $r = mysql_query($sql) or die(mysql_error()."<Br /><br /.".$sql); if(!$r) { $err=mysql_error(); print $err; exit(); } if(mysql_affected_rows()==0) { echo 'no such login please try again.' ; exit(); } else { echo 'successfully logged into system.'; } ?> I was also unsure what you meant by: Cheers

Hi, I am a complete newbie with PHP and MySQL and am trying to build a user login system, so far I have the following code: The form that the user logs in with: <form action="authenticate.php" id="login" method="post"> <label for="username">User name:</label><input type="text" id="username" name="username" /> <label for="password">Password:</label><input type="password" id="password" name="password /> <p class="login"><input type="submit" name="login" value="Login" /> </form> and the authenticate.php PHP: <?php @mysql_connect("localhost", "admin", "admin") or die("Cannot connect to DB!"); @mysql_select_db("padgate") or die("Cannot select DB!"); $sql = "SELECT email FROM user WHERE email = '".$username."' AND password = '”.$password.”'”; $r = mysql_query($sql); if(!$r) { $err=mysql_error(); print $err; exit(); } if(mysql_affected_rows()==0) { echo 'no such login please try again.' ; exit(); } else { echo 'successfully logged into system.'; } ?> However, when I run it I get the error: Parse error: syntax error, unexpected $end in C:\Inetpub\wwwroot\padgate2\authenticate.php on line 21 But cannot work out what it means! Any help would be great please! Gareth