rockindano30 Posted May 15, 2008 Share Posted May 15, 2008 i have this web app im doing. my login page <body> <div id="main_wrapper"> <div id="header"></div> <div id="right_content1"> <div class="padding"> <div class="log" align="center"><!--<p style="color:#000099;"><u>Login</u></p><br />--> <img src="images/key.png" title="" border="0" /> <form method="post" action="validate.php"> <p style="color:#999999">User Name: <input type="text" name="Uname" size="15" maxlength="25" style="border:1px solid #999999" /></p><br /> <p style="color:#999999">Password: <input type="password" name="Pword" size="15" maxlength="25" style="border:1px solid #999999" /></p><br /> <input type="submit" name="submit" value="Login" /> </form><p></p></div> </div> </div> my validation of user name and password is this <div id="right_content1"> <div class="padding"> <div class="p" style="clear:both; padding-left:25px;"> <?php if(!isset($_POST["Uname"]) || !isset($_POST["Pword"])) die("invalid operation"); $goback = "<p><br /><br />Please <a href=\"login.html\">go back</a> and try again.</p>"; if(empty($_POST["Uname"])) header("Location: logerror.html"); if(empty($_POST["Pword"])) header("Location: logerror.html"); $Uname = $_POST["Uname"]; $Pword = md5(trim($_POST["Pword"])); if (!($db = mysql_connect('localhost','username','pass'))) { print"Error: could not connect to the database."; exit; } mysql_select_db(users); //this line here says that i have no records $query = "SELECT * FROM users WHERE Uname='{$Uname}' AND Pword='{$Pword}'"; $result = mysql_query($query); if(mysql_num_rows($result)==0 ) header("Location: logerror.html"); // $row = @ mysql_fetch_array($result); session_start(); $_SESSION["user_id"]=$row["user_id"]; $_SESSION["ip_addr"]=$_SERVER["REMOTE_ADDR"]; $_SESSION["Lname"]=$row["Lname"]; $_SESSION["Fname"]=$row["Fname"]; header("LOCATION: welcome.php"); ?> </div> problem is that it wont get all my records and there for takes me to my logerror.php page. my query is 0. any suggestions or help. Link to comment https://forums.phpfreaks.com/topic/105808-solved-for-reals-i-need-help-with-selecting-records-from-db/ Share on other sites More sharing options...
revraz Posted May 15, 2008 Share Posted May 15, 2008 Echo your query. Use mysql_error() after the query to make sure there are no errors. Link to comment https://forums.phpfreaks.com/topic/105808-solved-for-reals-i-need-help-with-selecting-records-from-db/#findComment-542255 Share on other sites More sharing options...
rockindano30 Posted May 15, 2008 Author Share Posted May 15, 2008 its actually adding two more characters at the end of Pword when being Querys. but dont know why though. out of error: error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'where Pword='22317aa1cfa38056c3d03ce831d952c6'' at line 1 the c6 characters Link to comment https://forums.phpfreaks.com/topic/105808-solved-for-reals-i-need-help-with-selecting-records-from-db/#findComment-542285 Share on other sites More sharing options...
revraz Posted May 15, 2008 Share Posted May 15, 2008 That error is not coming from the code you posted above. Link to comment https://forums.phpfreaks.com/topic/105808-solved-for-reals-i-need-help-with-selecting-records-from-db/#findComment-542290 Share on other sites More sharing options...
rockindano30 Posted May 15, 2008 Author Share Posted May 15, 2008 yes Link to comment https://forums.phpfreaks.com/topic/105808-solved-for-reals-i-need-help-with-selecting-records-from-db/#findComment-542292 Share on other sites More sharing options...
revraz Posted May 15, 2008 Share Posted May 15, 2008 No Here is your query $query = "SELECT * FROM users WHERE Uname='{$Uname}' AND Pword='{$Pword}'"; The error is error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'where Pword='22317aa1cfa38056c3d03ce831d952c6'' at line 1 You have no WHERE in front of Pword, you have AND. That means that error is from another SQL query. Link to comment https://forums.phpfreaks.com/topic/105808-solved-for-reals-i-need-help-with-selecting-records-from-db/#findComment-542294 Share on other sites More sharing options...
kenrbnsn Posted May 15, 2008 Share Posted May 15, 2008 You don't need the "{ }" in the query. Change: <?php $query = "SELECT * FROM users WHERE Uname='{$Uname}' AND Pword='{$Pword}'"; $result = mysql_query($query); ?> to <?php $query = "SELECT * FROM users WHERE Uname='$Uname' AND Pword='$Pword'"; $result = mysql_query($query) or die("Problem with the query: $query<br>" . mysql_error()); ?> And report back what it says. Ken Link to comment https://forums.phpfreaks.com/topic/105808-solved-for-reals-i-need-help-with-selecting-records-from-db/#findComment-542295 Share on other sites More sharing options...
rockindano30 Posted May 15, 2008 Author Share Posted May 15, 2008 yes it is i add the mysql_error() and changed it like that too and still same thing Link to comment https://forums.phpfreaks.com/topic/105808-solved-for-reals-i-need-help-with-selecting-records-from-db/#findComment-542302 Share on other sites More sharing options...
rockindano30 Posted May 15, 2008 Author Share Posted May 15, 2008 using the code you said, it does not give me an error but once it goes to the if(mysql_num_rows($result)==0 ) die('error' .mysql_error()); it dies there Link to comment https://forums.phpfreaks.com/topic/105808-solved-for-reals-i-need-help-with-selecting-records-from-db/#findComment-542306 Share on other sites More sharing options...
revraz Posted May 15, 2008 Share Posted May 15, 2008 Post all of the code and not just a snippet. Link to comment https://forums.phpfreaks.com/topic/105808-solved-for-reals-i-need-help-with-selecting-records-from-db/#findComment-542309 Share on other sites More sharing options...
rockindano30 Posted May 15, 2008 Author Share Posted May 15, 2008 <div class="p" style="clear:both; padding-left:25px;"> <?php if(!isset($_POST["Uname"]) || !isset($_POST["Pword"])) die("invalid operation"); $goback = "<p><br /><br />Please <a href=\"login.html\">go back</a> and try again.</p>"; if(empty($_POST["Uname"])) header("Location: logerror.html"); if(empty($_POST["Pword"])) header("Location: logerror.html"); $Uname = $_POST["Uname"]; $Pword = md5(trim($_POST["Pword"])); if (!($db = mysql_connect('localhost','user','pass'))) { print"Error: could not connect to the database."; exit; } mysql_select_db(db_name); $query = "SELECT * FROM users WHERE Uname='$Uname' AND Pword='$Pword'"; $result = mysql_query($query) or die("Problem with the query: $query<br>" . mysql_error()); /////////////this is where it dies///////////////////////////// if(mysql_num_rows($result)==0 ) die('error' .mysql_error()); $row = @ mysql_fetch_array($result); session_start(); $_SESSION["user_id"]=$row["user_id"]; $_SESSION["ip_addr"]=$_SERVER["REMOTE_ADDR"]; $_SESSION["Lname"]=$row["Lname"]; $_SESSION["Fname"]=$row["Fname"]; header("LOCATION: welcome.php"); ?> </div> Link to comment https://forums.phpfreaks.com/topic/105808-solved-for-reals-i-need-help-with-selecting-records-from-db/#findComment-542316 Share on other sites More sharing options...
rockindano30 Posted May 15, 2008 Author Share Posted May 15, 2008 but you know if i use the mysql client and type in the sql syntax select * from users where Uname='user1' and Pword='user1'; it says that there are 0 records in db. but if i type in select * from users where Uname='user1'; displays my record. and if i type in select * from users where Pword='user1'; 0 records???????? Link to comment https://forums.phpfreaks.com/topic/105808-solved-for-reals-i-need-help-with-selecting-records-from-db/#findComment-542320 Share on other sites More sharing options...
kenrbnsn Posted May 15, 2008 Share Posted May 15, 2008 What is printed now that you have my code snippet in your code? Ken Link to comment https://forums.phpfreaks.com/topic/105808-solved-for-reals-i-need-help-with-selecting-records-from-db/#findComment-542323 Share on other sites More sharing options...
rockindano30 Posted May 15, 2008 Author Share Posted May 15, 2008 nothing it dies at the if statement. see code above for comments Link to comment https://forums.phpfreaks.com/topic/105808-solved-for-reals-i-need-help-with-selecting-records-from-db/#findComment-542325 Share on other sites More sharing options...
rockindano30 Posted May 15, 2008 Author Share Posted May 15, 2008 its dieing cause it returns 0 results from db. like i mentioned before that sql query returns 0 results. Link to comment https://forums.phpfreaks.com/topic/105808-solved-for-reals-i-need-help-with-selecting-records-from-db/#findComment-542329 Share on other sites More sharing options...
rockindano30 Posted May 15, 2008 Author Share Posted May 15, 2008 therefore my query is empty and i cant figure out why though Link to comment https://forums.phpfreaks.com/topic/105808-solved-for-reals-i-need-help-with-selecting-records-from-db/#findComment-542334 Share on other sites More sharing options...
revraz Posted May 15, 2008 Share Posted May 15, 2008 That's because none of your Pwords would be 'user1' in the DB. You are using MD5 encryption. What is the fieldlength and type for Pword in your DB? but you know if i use the mysql client and type in the sql syntax select * from users where Uname='user1' and Pword='user1'; it says that there are 0 records in db. but if i type in select * from users where Uname='user1'; displays my record. and if i type in select * from users where Pword='user1'; 0 records???????? Link to comment https://forums.phpfreaks.com/topic/105808-solved-for-reals-i-need-help-with-selecting-records-from-db/#findComment-542339 Share on other sites More sharing options...
kenrbnsn Posted May 15, 2008 Share Posted May 15, 2008 Please echo your query and show us what it is. Ken Link to comment https://forums.phpfreaks.com/topic/105808-solved-for-reals-i-need-help-with-selecting-records-from-db/#findComment-542344 Share on other sites More sharing options...
rockindano30 Posted May 15, 2008 Author Share Posted May 15, 2008 its: Pword varchar(30) Link to comment https://forums.phpfreaks.com/topic/105808-solved-for-reals-i-need-help-with-selecting-records-from-db/#findComment-542345 Share on other sites More sharing options...
rockindano30 Posted May 15, 2008 Author Share Posted May 15, 2008 ken, it doesn't echo anything just my interface blank. my query will be empty according to this sql syntax. Link to comment https://forums.phpfreaks.com/topic/105808-solved-for-reals-i-need-help-with-selecting-records-from-db/#findComment-542349 Share on other sites More sharing options...
revraz Posted May 15, 2008 Share Posted May 15, 2008 Try making it 32 instead of 30. Link to comment https://forums.phpfreaks.com/topic/105808-solved-for-reals-i-need-help-with-selecting-records-from-db/#findComment-542353 Share on other sites More sharing options...
rockindano30 Posted May 15, 2008 Author Share Posted May 15, 2008 hey darkwater that was the problem. thank you man. you rock. Link to comment https://forums.phpfreaks.com/topic/105808-solved-for-reals-i-need-help-with-selecting-records-from-db/#findComment-542358 Share on other sites More sharing options...
revraz Posted May 15, 2008 Share Posted May 15, 2008 Who's darkwater? lol Link to comment https://forums.phpfreaks.com/topic/105808-solved-for-reals-i-need-help-with-selecting-records-from-db/#findComment-542360 Share on other sites More sharing options...
Cory94bailly Posted May 15, 2008 Share Posted May 15, 2008 Try making it 32 instead of 30. I'm going to sound stupid but what will that do? Link to comment https://forums.phpfreaks.com/topic/105808-solved-for-reals-i-need-help-with-selecting-records-from-db/#findComment-542362 Share on other sites More sharing options...
revraz Posted May 15, 2008 Share Posted May 15, 2008 Allows the MD5 32 Char to be stored in the DB instead of chopping it off at 30 chars. Link to comment https://forums.phpfreaks.com/topic/105808-solved-for-reals-i-need-help-with-selecting-records-from-db/#findComment-542370 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.