rockindano30 Posted May 15, 2008 Share Posted May 15, 2008 i have this web app im doing. my login page <body> <div id="main_wrapper"> <div id="header"></div> <div id="right_content1"> <div class="padding"> <div class="log" align="center"><!--<p style="color:#000099;"><u>Login</u></p><br />--> <img src="images/key.png" title="" border="0" /> <form method="post" action="validate.php"> <p style="color:#999999">User Name: <input type="text" name="Uname" size="15" maxlength="25" style="border:1px solid #999999" /></p><br /> <p style="color:#999999">Password: <input type="password" name="Pword" size="15" maxlength="25" style="border:1px solid #999999" /></p><br /> <input type="submit" name="submit" value="Login" /> </form><p></p></div> </div> </div> my validation of user name and password is this <div id="right_content1"> <div class="padding"> <div class="p" style="clear:both; padding-left:25px;"> <?php if(!isset($_POST["Uname"]) || !isset($_POST["Pword"])) die("invalid operation"); $goback = "<p><br /><br />Please <a href=\"login.html\">go back</a> and try again.</p>"; if(empty($_POST["Uname"])) header("Location: logerror.html"); if(empty($_POST["Pword"])) header("Location: logerror.html"); $Uname = $_POST["Uname"]; $Pword = md5(trim($_POST["Pword"])); if (!($db = mysql_connect('localhost','username','pass'))) { print"Error: could not connect to the database."; exit; } mysql_select_db(users); //this line here says that i have no records $query = "SELECT * FROM users WHERE Uname='{$Uname}' AND Pword='{$Pword}'"; $result = mysql_query($query); if(mysql_num_rows($result)==0 ) header("Location: logerror.html"); // $row = @ mysql_fetch_array($result); session_start(); $_SESSION["user_id"]=$row["user_id"]; $_SESSION["ip_addr"]=$_SERVER["REMOTE_ADDR"]; $_SESSION["Lname"]=$row["Lname"]; $_SESSION["Fname"]=$row["Fname"]; header("LOCATION: welcome.php"); ?> </div> problem is that it wont get all my records and there for takes me to my logerror.php page. my query is 0. any suggestions or help. Quote Link to comment Share on other sites More sharing options...
revraz Posted May 15, 2008 Share Posted May 15, 2008 Echo your query. Use mysql_error() after the query to make sure there are no errors. Quote Link to comment Share on other sites More sharing options...
rockindano30 Posted May 15, 2008 Author Share Posted May 15, 2008 its actually adding two more characters at the end of Pword when being Querys. but dont know why though. out of error: error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'where Pword='22317aa1cfa38056c3d03ce831d952c6'' at line 1 the c6 characters Quote Link to comment Share on other sites More sharing options...
revraz Posted May 15, 2008 Share Posted May 15, 2008 That error is not coming from the code you posted above. Quote Link to comment Share on other sites More sharing options...
rockindano30 Posted May 15, 2008 Author Share Posted May 15, 2008 yes Quote Link to comment Share on other sites More sharing options...
revraz Posted May 15, 2008 Share Posted May 15, 2008 No Here is your query $query = "SELECT * FROM users WHERE Uname='{$Uname}' AND Pword='{$Pword}'"; The error is error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'where Pword='22317aa1cfa38056c3d03ce831d952c6'' at line 1 You have no WHERE in front of Pword, you have AND. That means that error is from another SQL query. Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted May 15, 2008 Share Posted May 15, 2008 You don't need the "{ }" in the query. Change: <?php $query = "SELECT * FROM users WHERE Uname='{$Uname}' AND Pword='{$Pword}'"; $result = mysql_query($query); ?> to <?php $query = "SELECT * FROM users WHERE Uname='$Uname' AND Pword='$Pword'"; $result = mysql_query($query) or die("Problem with the query: $query<br>" . mysql_error()); ?> And report back what it says. Ken Quote Link to comment Share on other sites More sharing options...
rockindano30 Posted May 15, 2008 Author Share Posted May 15, 2008 yes it is i add the mysql_error() and changed it like that too and still same thing Quote Link to comment Share on other sites More sharing options...
rockindano30 Posted May 15, 2008 Author Share Posted May 15, 2008 using the code you said, it does not give me an error but once it goes to the if(mysql_num_rows($result)==0 ) die('error' .mysql_error()); it dies there Quote Link to comment Share on other sites More sharing options...
revraz Posted May 15, 2008 Share Posted May 15, 2008 Post all of the code and not just a snippet. Quote Link to comment Share on other sites More sharing options...
rockindano30 Posted May 15, 2008 Author Share Posted May 15, 2008 <div class="p" style="clear:both; padding-left:25px;"> <?php if(!isset($_POST["Uname"]) || !isset($_POST["Pword"])) die("invalid operation"); $goback = "<p><br /><br />Please <a href=\"login.html\">go back</a> and try again.</p>"; if(empty($_POST["Uname"])) header("Location: logerror.html"); if(empty($_POST["Pword"])) header("Location: logerror.html"); $Uname = $_POST["Uname"]; $Pword = md5(trim($_POST["Pword"])); if (!($db = mysql_connect('localhost','user','pass'))) { print"Error: could not connect to the database."; exit; } mysql_select_db(db_name); $query = "SELECT * FROM users WHERE Uname='$Uname' AND Pword='$Pword'"; $result = mysql_query($query) or die("Problem with the query: $query<br>" . mysql_error()); /////////////this is where it dies///////////////////////////// if(mysql_num_rows($result)==0 ) die('error' .mysql_error()); $row = @ mysql_fetch_array($result); session_start(); $_SESSION["user_id"]=$row["user_id"]; $_SESSION["ip_addr"]=$_SERVER["REMOTE_ADDR"]; $_SESSION["Lname"]=$row["Lname"]; $_SESSION["Fname"]=$row["Fname"]; header("LOCATION: welcome.php"); ?> </div> Quote Link to comment Share on other sites More sharing options...
rockindano30 Posted May 15, 2008 Author Share Posted May 15, 2008 but you know if i use the mysql client and type in the sql syntax select * from users where Uname='user1' and Pword='user1'; it says that there are 0 records in db. but if i type in select * from users where Uname='user1'; displays my record. and if i type in select * from users where Pword='user1'; 0 records???????? Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted May 15, 2008 Share Posted May 15, 2008 What is printed now that you have my code snippet in your code? Ken Quote Link to comment Share on other sites More sharing options...
rockindano30 Posted May 15, 2008 Author Share Posted May 15, 2008 nothing it dies at the if statement. see code above for comments Quote Link to comment Share on other sites More sharing options...
rockindano30 Posted May 15, 2008 Author Share Posted May 15, 2008 its dieing cause it returns 0 results from db. like i mentioned before that sql query returns 0 results. Quote Link to comment Share on other sites More sharing options...
rockindano30 Posted May 15, 2008 Author Share Posted May 15, 2008 therefore my query is empty and i cant figure out why though Quote Link to comment Share on other sites More sharing options...
revraz Posted May 15, 2008 Share Posted May 15, 2008 That's because none of your Pwords would be 'user1' in the DB. You are using MD5 encryption. What is the fieldlength and type for Pword in your DB? but you know if i use the mysql client and type in the sql syntax select * from users where Uname='user1' and Pword='user1'; it says that there are 0 records in db. but if i type in select * from users where Uname='user1'; displays my record. and if i type in select * from users where Pword='user1'; 0 records???????? Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted May 15, 2008 Share Posted May 15, 2008 Please echo your query and show us what it is. Ken Quote Link to comment Share on other sites More sharing options...
rockindano30 Posted May 15, 2008 Author Share Posted May 15, 2008 its: Pword varchar(30) Quote Link to comment Share on other sites More sharing options...
rockindano30 Posted May 15, 2008 Author Share Posted May 15, 2008 ken, it doesn't echo anything just my interface blank. my query will be empty according to this sql syntax. Quote Link to comment Share on other sites More sharing options...
revraz Posted May 15, 2008 Share Posted May 15, 2008 Try making it 32 instead of 30. Quote Link to comment Share on other sites More sharing options...
rockindano30 Posted May 15, 2008 Author Share Posted May 15, 2008 hey darkwater that was the problem. thank you man. you rock. Quote Link to comment Share on other sites More sharing options...
revraz Posted May 15, 2008 Share Posted May 15, 2008 Who's darkwater? lol Quote Link to comment Share on other sites More sharing options...
Cory94bailly Posted May 15, 2008 Share Posted May 15, 2008 Try making it 32 instead of 30. I'm going to sound stupid but what will that do? Quote Link to comment Share on other sites More sharing options...
revraz Posted May 15, 2008 Share Posted May 15, 2008 Allows the MD5 32 Char to be stored in the DB instead of chopping it off at 30 chars. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.