Jump to content


Photo

Could I get some help?


  • Please log in to reply
2 replies to this topic

#1 bobleny

bobleny
  • Members
  • PipPipPip
  • Advanced Member
  • 429 posts

Posted 24 May 2006 - 11:06 AM

I have just started to learn about sessions and this is my first code and I’m sure its chalked full of errors, for instance, line 13. I don’t know what is wrong with it but there is something wrong with. So if I could get a little help, its not real long thanks! Oh and I’m up for suggestion on how to script this better!

<?php
session_start();
header("Cache-control: private");

$username="bobleny_all";
$password="*************";
$database="bobleny_all";

if ($_POST['username'] && $_POST['userpass'] !='')
{
mysql_connect('db4.awardspace.com:3306',$username,$password);
@mysql_select_db($database) or die( "Unable to select database");
$query="SELECT 'userpass' FROM `forum_users` WHERE `username` = $_POST['username']";
$result=mysql_query($query);

$num=mysql_numrows($result);

mysql_close();
}
else
{
    echo "You must enter your user name and password!";
}

if ($query == FALSE)
{
    echo "You have enterd an invalid username or password! <br />";
    echo "<a href=.02page1.php><--Back</a>";
}
else
{

$userpass=mysql_result($result,"userpass");

if ($userpass == $_POST['userpass'])
{
    $_SESSION['logged'] = TRUE;
}
else
{
    $_SESSION['logged'] = FALSE;
    echo "You have enterd an invalid username or password! <br />";
    echo "<a href=.02page1.php><--Back</a>";
}
}

if ($_SESSION['logged'] == TRUE)
{
$_SESSION['username'] = $_POST['username'];

mysql_connect('db4.awardspace.com:3306',$username,$password);
@mysql_select_db($database) or die( "Unable to select database");
$query="SELECT 'id' FROM `forum_users` WHERE 'username' = $_SESSION['username']";
$result=mysql_query($query);

$num=mysql_numrows($result);

mysql_close();

$_SESSION['userid']=mysql_result($result,"userid");

echo "Congratulations".$_SESSION['username'].", you are now logged on!";
}
else
{
    echo "You have enterd an invalid username or password! <br />";
    echo "<a href=.02page1.php><--Back</a>";
}
?>

-- www.firemelt.net --
First do me a favor and read this: JavaScript is NOT Java - Then read this: www.php.net - When your done with that, read this Topic
After that, floors open. I and anyone else will be MORE than happy to answer YOUR query! [Topic Solved]
Cheer up, the worst has yet to come...

#2 Honoré

Honoré
  • Members
  • PipPipPip
  • Advanced Member
  • 66 posts
  • LocationAntwerp - Belgium

Posted 24 May 2006 - 11:41 AM

Try this for line 13
$query="SELECT 'userpass' FROM `forum_users` WHERE `username` = " . $_POST['username'];
And this for line 53
$query="SELECT 'id' FROM `forum_users` WHERE 'username' = " . $_SESSION['username'];


#3 fenway

fenway
  • Staff Alumni
  • MySQL Si-Fu / PHP Resident Alien
  • 16,199 posts
  • LocationToronto, ON

Posted 24 May 2006 - 03:36 PM

You shouldn't be quoting your column names, or you'll get string literals; don't use backticks, it's a bad habit; and make sure to quote your values!

Try the following:

Try this for line 13
$query="SELECT userpass FROM forum_users WHERE username = '" . $_POST['username'] . "'";
And this for line 53
$query="SELECT id FROM forum_users WHERE username = '" . $_SESSION['username'] . "'";

Seriously... if people don't start reading this before posting, I'm going to consider not answering at all.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users