bobleny Posted May 24, 2006 Share Posted May 24, 2006 I have just started to learn about sessions and this is my first code and I’m sure its chalked full of errors, for instance, line 13. I don’t know what is wrong with it but there is something wrong with. So if I could get a little help, its not real long thanks! Oh and I’m up for suggestion on how to script this better![code]<?phpsession_start();header("Cache-control: private");$username="bobleny_all";$password="*************";$database="bobleny_all";if ($_POST['username'] && $_POST['userpass'] !=''){mysql_connect('db4.awardspace.com:3306',$username,$password);@mysql_select_db($database) or die( "Unable to select database");$query="SELECT 'userpass' FROM `forum_users` WHERE `username` = $_POST['username']";$result=mysql_query($query);$num=mysql_numrows($result);mysql_close();}else{ echo "You must enter your user name and password!";}if ($query == FALSE){ echo "You have enterd an invalid username or password! <br />"; echo "<a href=.02page1.php><--Back</a>";}else{$userpass=mysql_result($result,"userpass");if ($userpass == $_POST['userpass']){ $_SESSION['logged'] = TRUE;}else{ $_SESSION['logged'] = FALSE; echo "You have enterd an invalid username or password! <br />"; echo "<a href=.02page1.php><--Back</a>";}}if ($_SESSION['logged'] == TRUE){$_SESSION['username'] = $_POST['username'];mysql_connect('db4.awardspace.com:3306',$username,$password);@mysql_select_db($database) or die( "Unable to select database");$query="SELECT 'id' FROM `forum_users` WHERE 'username' = $_SESSION['username']";$result=mysql_query($query);$num=mysql_numrows($result);mysql_close();$_SESSION['userid']=mysql_result($result,"userid");echo "Congratulations".$_SESSION['username'].", you are now logged on!";}else{ echo "You have enterd an invalid username or password! <br />"; echo "<a href=.02page1.php><--Back</a>";}?>[/code] Quote Link to comment https://forums.phpfreaks.com/topic/10340-could-i-get-some-help/ Share on other sites More sharing options...
Honoré Posted May 24, 2006 Share Posted May 24, 2006 Try this for line 13[code]$query="SELECT 'userpass' FROM `forum_users` WHERE `username` = " . $_POST['username'];[/code]And this for line 53[code]$query="SELECT 'id' FROM `forum_users` WHERE 'username' = " . $_SESSION['username'];[/code] Quote Link to comment https://forums.phpfreaks.com/topic/10340-could-i-get-some-help/#findComment-38530 Share on other sites More sharing options...
fenway Posted May 24, 2006 Share Posted May 24, 2006 You shouldn't be quoting your column names, or you'll get string literals; don't use backticks, it's a bad habit; and make sure to quote your values!Try the following:Try this for line 13[code]$query="SELECT userpass FROM forum_users WHERE username = '" . $_POST['username'] . "'";[/code]And this for line 53[code]$query="SELECT id FROM forum_users WHERE username = '" . $_SESSION['username'] . "'";[/code] Quote Link to comment https://forums.phpfreaks.com/topic/10340-could-i-get-some-help/#findComment-38608 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.