Could I get some help?

bobleny · May 24, 2006

I have just started to learn about sessions and this is my first code and I’m sure its chalked full of errors, for instance, line 13. I don’t know what is wrong with it but there is something wrong with. So if I could get a little help, its not real long thanks! Oh and I’m up for suggestion on how to script this better!

[code]<?php
session_start();
header("Cache-control: private");

$username="bobleny_all";
$password="*************";
$database="bobleny_all";

if ($_POST['username'] && $_POST['userpass'] !='')
{
mysql_connect('db4.awardspace.com:3306',$username,$password);
@mysql_select_db($database) or die( "Unable to select database");
$query="SELECT 'userpass' FROM `forum_users` WHERE `username` = $_POST['username']";
$result=mysql_query($query);

$num=mysql_numrows($result);

mysql_close();
}
else
{
    echo "You must enter your user name and password!";
}

if ($query == FALSE)
{
    echo "You have enterd an invalid username or password! <br />";
    echo "<a href=.02page1.php><--Back</a>";
}
else
{

$userpass=mysql_result($result,"userpass");

if ($userpass == $_POST['userpass'])
{
    $_SESSION['logged'] = TRUE;
}
else
{
    $_SESSION['logged'] = FALSE;
    echo "You have enterd an invalid username or password! <br />";
    echo "<a href=.02page1.php><--Back</a>";
}
}

if ($_SESSION['logged'] == TRUE)
{
$_SESSION['username'] = $_POST['username'];

mysql_connect('db4.awardspace.com:3306',$username,$password);
@mysql_select_db($database) or die( "Unable to select database");
$query="SELECT 'id' FROM `forum_users` WHERE 'username' = $_SESSION['username']";
$result=mysql_query($query);

$num=mysql_numrows($result);

mysql_close();

$_SESSION['userid']=mysql_result($result,"userid");

echo "Congratulations".$_SESSION['username'].", you are now logged on!";
}
else
{
    echo "You have enterd an invalid username or password! <br />";
    echo "<a href=.02page1.php><--Back</a>";
}
?>[/code]

Honoré · May 24, 2006

Try this for line 13
[code]
$query="SELECT 'userpass' FROM `forum_users` WHERE `username` = " . $_POST['username'];
[/code]
And this for line 53
[code]
$query="SELECT 'id' FROM `forum_users` WHERE 'username' = " . $_SESSION['username'];
[/code]

fenway · May 24, 2006

You shouldn't be quoting your column names, or you'll get string literals; don't use backticks, it's a bad habit; and make sure to quote your values!

Try the following:

Try this for line 13
[code]$query="SELECT userpass FROM forum_users WHERE username = '" . $_POST['username'] . "'";[/code]
And this for line 53
[code]$query="SELECT id FROM forum_users WHERE username = '" . $_SESSION['username'] . "'";[/code]

Sign In

Could I get some help?

Recommended Posts

bobleny

Link to comment

Share on other sites

Honoré

Link to comment

Share on other sites

fenway

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information