Jump to content

Archived

This topic is now archived and is closed to further replies.

bobleny

Could I get some help?

Recommended Posts

I have just started to learn about sessions and this is my first code and I’m sure its chalked full of errors, for instance, line 13. I don’t know what is wrong with it but there is something wrong with. So if I could get a little help, its not real long thanks! Oh and I’m up for suggestion on how to script this better!

[code]<?php
session_start();
header("Cache-control: private");

$username="bobleny_all";
$password="*************";
$database="bobleny_all";

if ($_POST['username'] && $_POST['userpass'] !='')
{
mysql_connect('db4.awardspace.com:3306',$username,$password);
@mysql_select_db($database) or die( "Unable to select database");
$query="SELECT 'userpass' FROM `forum_users` WHERE `username` = $_POST['username']";
$result=mysql_query($query);

$num=mysql_numrows($result);

mysql_close();
}
else
{
    echo "You must enter your user name and password!";
}

if ($query == FALSE)
{
    echo "You have enterd an invalid username or password! <br />";
    echo "<a href=.02page1.php><--Back</a>";
}
else
{

$userpass=mysql_result($result,"userpass");

if ($userpass == $_POST['userpass'])
{
    $_SESSION['logged'] = TRUE;
}
else
{
    $_SESSION['logged'] = FALSE;
    echo "You have enterd an invalid username or password! <br />";
    echo "<a href=.02page1.php><--Back</a>";
}
}

if ($_SESSION['logged'] == TRUE)
{
$_SESSION['username'] = $_POST['username'];

mysql_connect('db4.awardspace.com:3306',$username,$password);
@mysql_select_db($database) or die( "Unable to select database");
$query="SELECT 'id' FROM `forum_users` WHERE 'username' = $_SESSION['username']";
$result=mysql_query($query);

$num=mysql_numrows($result);

mysql_close();

$_SESSION['userid']=mysql_result($result,"userid");

echo "Congratulations".$_SESSION['username'].", you are now logged on!";
}
else
{
    echo "You have enterd an invalid username or password! <br />";
    echo "<a href=.02page1.php><--Back</a>";
}
?>[/code]

Share this post


Link to post
Share on other sites
Try this for line 13
[code]
$query="SELECT 'userpass' FROM `forum_users` WHERE `username` = " . $_POST['username'];
[/code]
And this for line 53
[code]
$query="SELECT 'id' FROM `forum_users` WHERE 'username' = " . $_SESSION['username'];
[/code]

Share this post


Link to post
Share on other sites
You shouldn't be quoting your column names, or you'll get string literals; don't use backticks, it's a bad habit; and make sure to quote your values!

Try the following:

Try this for line 13
[code]$query="SELECT userpass FROM forum_users WHERE username = '" . $_POST['username'] . "'";[/code]
And this for line 53
[code]$query="SELECT id FROM forum_users WHERE username = '" . $_SESSION['username'] . "'";[/code]

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.