bobleny Posted May 24, 2006 Share Posted May 24, 2006 I have just started to learn about sessions and this is my first code and I’m sure its chalked full of errors, for instance, line 13. I don’t know what is wrong with it but there is something wrong with. So if I could get a little help, its not real long thanks! Oh and I’m up for suggestion on how to script this better![code]<?phpsession_start();header("Cache-control: private");$username="bobleny_all";$password="*************";$database="bobleny_all";if ($_POST['username'] && $_POST['userpass'] !=''){mysql_connect('db4.awardspace.com:3306',$username,$password);@mysql_select_db($database) or die( "Unable to select database");$query="SELECT 'userpass' FROM `forum_users` WHERE `username` = $_POST['username']";$result=mysql_query($query);$num=mysql_numrows($result);mysql_close();}else{ echo "You must enter your user name and password!";}if ($query == FALSE){ echo "You have enterd an invalid username or password! <br />"; echo "<a href=.02page1.php><--Back</a>";}else{$userpass=mysql_result($result,"userpass");if ($userpass == $_POST['userpass']){ $_SESSION['logged'] = TRUE;}else{ $_SESSION['logged'] = FALSE; echo "You have enterd an invalid username or password! <br />"; echo "<a href=.02page1.php><--Back</a>";}}if ($_SESSION['logged'] == TRUE){$_SESSION['username'] = $_POST['username'];mysql_connect('db4.awardspace.com:3306',$username,$password);@mysql_select_db($database) or die( "Unable to select database");$query="SELECT 'id' FROM `forum_users` WHERE 'username' = $_SESSION['username']";$result=mysql_query($query);$num=mysql_numrows($result);mysql_close();$_SESSION['userid']=mysql_result($result,"userid");echo "Congratulations".$_SESSION['username'].", you are now logged on!";}else{ echo "You have enterd an invalid username or password! <br />"; echo "<a href=.02page1.php><--Back</a>";}?>[/code] Link to comment https://forums.phpfreaks.com/topic/10340-could-i-get-some-help/ Share on other sites More sharing options...
Honoré Posted May 24, 2006 Share Posted May 24, 2006 Try this for line 13[code]$query="SELECT 'userpass' FROM `forum_users` WHERE `username` = " . $_POST['username'];[/code]And this for line 53[code]$query="SELECT 'id' FROM `forum_users` WHERE 'username' = " . $_SESSION['username'];[/code] Link to comment https://forums.phpfreaks.com/topic/10340-could-i-get-some-help/#findComment-38530 Share on other sites More sharing options...
fenway Posted May 24, 2006 Share Posted May 24, 2006 You shouldn't be quoting your column names, or you'll get string literals; don't use backticks, it's a bad habit; and make sure to quote your values!Try the following:Try this for line 13[code]$query="SELECT userpass FROM forum_users WHERE username = '" . $_POST['username'] . "'";[/code]And this for line 53[code]$query="SELECT id FROM forum_users WHERE username = '" . $_SESSION['username'] . "'";[/code] Link to comment https://forums.phpfreaks.com/topic/10340-could-i-get-some-help/#findComment-38608 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.