Jump to content

Recommended Posts

I have just started to learn about sessions and this is my first code and I’m sure its chalked full of errors, for instance, line 13. I don’t know what is wrong with it but there is something wrong with. So if I could get a little help, its not real long thanks! Oh and I’m up for suggestion on how to script this better!

[code]<?php
session_start();
header("Cache-control: private");

$username="bobleny_all";
$password="*************";
$database="bobleny_all";

if ($_POST['username'] && $_POST['userpass'] !='')
{
mysql_connect('db4.awardspace.com:3306',$username,$password);
@mysql_select_db($database) or die( "Unable to select database");
$query="SELECT 'userpass' FROM `forum_users` WHERE `username` = $_POST['username']";
$result=mysql_query($query);

$num=mysql_numrows($result);

mysql_close();
}
else
{
    echo "You must enter your user name and password!";
}

if ($query == FALSE)
{
    echo "You have enterd an invalid username or password! <br />";
    echo "<a href=.02page1.php><--Back</a>";
}
else
{

$userpass=mysql_result($result,"userpass");

if ($userpass == $_POST['userpass'])
{
    $_SESSION['logged'] = TRUE;
}
else
{
    $_SESSION['logged'] = FALSE;
    echo "You have enterd an invalid username or password! <br />";
    echo "<a href=.02page1.php><--Back</a>";
}
}

if ($_SESSION['logged'] == TRUE)
{
$_SESSION['username'] = $_POST['username'];

mysql_connect('db4.awardspace.com:3306',$username,$password);
@mysql_select_db($database) or die( "Unable to select database");
$query="SELECT 'id' FROM `forum_users` WHERE 'username' = $_SESSION['username']";
$result=mysql_query($query);

$num=mysql_numrows($result);

mysql_close();

$_SESSION['userid']=mysql_result($result,"userid");

echo "Congratulations".$_SESSION['username'].", you are now logged on!";
}
else
{
    echo "You have enterd an invalid username or password! <br />";
    echo "<a href=.02page1.php><--Back</a>";
}
?>[/code]
Link to comment
https://forums.phpfreaks.com/topic/10340-could-i-get-some-help/
Share on other sites

You shouldn't be quoting your column names, or you'll get string literals; don't use backticks, it's a bad habit; and make sure to quote your values!

Try the following:

Try this for line 13
[code]$query="SELECT userpass FROM forum_users WHERE username = '" . $_POST['username'] . "'";[/code]
And this for line 53
[code]$query="SELECT id FROM forum_users WHERE username = '" . $_SESSION['username'] . "'";[/code]
Link to comment
https://forums.phpfreaks.com/topic/10340-could-i-get-some-help/#findComment-38608
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.