gladwell

OK. For this application, I only wanted to use the session variable to pass the name. Thanks again for your assistance. I learned some new things. How does the thread get marked as solved?

That was it! I should have caught that, too. Thank you so much for your help with these problems, 947740. What happens if I don't close the session?

Changing to $row = mysql_fetch_row($result); did not make a difference.

Adding this didn't change anything. What have I missed? if (mysql_num_rows($result) == 1) { //username and password are in the database $row = mysql_fetch_array($result); $_SESSION['firstname'] = $row[1]; md5() is new to me. I'll research that.

<?php session_start(); require 'script.php'; if (isset($_POST['submit'])) { $username = $_POST['username']; $password = $_POST['password']; $query = "SELECT firstname FROM table WHERE username = '$username' AND password = '$password'"; if($result = mysql_query($query)) { if (mysql_num_rows($result) == 1) { //username and password are in the database $_SESSION['firstname'] = $row[1]; header('Location: http://www.url_index.php'); } else { //username and password not in database. echo '<p align="center"><font color="red">The username and password combination you entered does not match those on file. Please try again.</font></p>'; } } else { echo mysql_errno($conn) . ": " . mysql_error($conn) . "\n"; } } ?>

Thanks for the syntax tip. That took care of the error message, but the name isn't showing up. Am I correct in understanding that the $_SESSION variable passes itself (as opposed to needing to be passed as a hidden value from page to page? I have firstname accounted for in the query.

Somehow that changed the error message on the redirect page to this: Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING

Wait-you meant in login.php

Here's the error, and I read that session_start had to be at the very top of the page and that's where I have it. Parse error: syntax error, unexpected T_STRING, expecting ',' or ';'

Thanks. I'm trying to use session_start() to pass the first name of the logged in user to the redirect page. Here's what I have $query = "SELECT firstname FROM table WHERE username = '$username' AND password = '$password'"; if($result = mysql_query($query)) { if (mysql_num_rows($result) == 1) { //username and password are in the database session_start(); $_SESSION['firstname'] = $row[1]; header('Location: http://url_here_index.php'); } and then this code at the top of the redirect page <?php session_start(); echo "Welcome, $_SESSION['firstname']"?>; I have also tried passing $_SESSION['firstname'] as a hidden variable, but that didn't echo either. Can you recommend a way to do this? The error message get with this script is Parse error: syntax error, unexpected T_STRING, expecting ',' or ';'

I understand better what mysql_num_rows() does now, so that's helpful. Thank you very much for your help. I have a new issue about this script. Can I ask you or do you prefer that I post it to the board in a separate topic?

That did it. Thanks. To be sure I understand why it works, removing ($row = mysql_fetch_array ($result)) enables the error message to appear. mysql_fetch_array($result) is the wrong tool for the job in this script, and its presence was enough to prevent the error message from echoing?

Sorry for the delay in responding to your suggestion 947740-had to go to work. This is interesting. I'm no longer getting any error messages, but when the login page reloads after an invalid u/p, the echo statement doesn't appear.

No, not solved. I'm currently getting the header error: Cannot modify header information - headers already sent with a reference to line 10 of the code (below) which is the mysql_errno function I added to get more information on the error. echo mysql_errno($conn) . ": " . mysql_error($conn) . "\n"; Before I posted my original question, I was getting a header error that I fixed, I believe because I moved the location of the script. If I use this script $query = "SELECT * FROM table WHERE username like '$username' AND password like '$password'"; if ($result = mysql_query ($query)){ if ($row = mysql_fetch_array ($result)) { //username and password are in the database header('Location: http://url_here/index.php'); exit; } else //username and password not in database. echo '<p><font color="red">The username and password combination you entered does not match those on file. Please try again.</font></p>'; } I get everything I want except that the echo message displays all the time, which I figure indicates I have a problem with the conditional statement. If I use this code <?php if (isset($_POST['submit'])) { $username = $_POST['username']; $password = $_POST['password']; $query = "SELECT * FROM table WHERE username = '$username' AND password = '$password'"; $result = mysql_query($query); if (mysql_num_rows($result) == 1) { if ($row = mysql_fetch_array ($result)) { //username and password are in the database header('Location: http://url_here/index.php'); exit; } else { //username and password not in database. echo '<p><font color="red">The username and password combination you entered does not match those on file. Please try again.</font></p>'; } } } ?> The echo message disappears, but I then get this error message: Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource

Changed the location and am now getting this error message Cannot modify header information - headers already sent with a reference to line 10 of the code which is this echo mysql_errno($conn) . ": " . mysql_error($conn) . "\n"; I originally had this error message which I fixed by moving the script into the <head></head> section of the page.