Jump to content

while loop not working in a session variable function

john_tripod

By john_tripod
in PHP Coding Help

 Share

Recommended Posts

john_tripod Newbie

john_tripod

Posted
Posted
I'm writing some code to create a login area to my site but i keep having the same respone saying the 'while' loop isn't valid. any ideas why? Im passing the 'salesid' and 'password' variables from a form, heres the code for the handler that isn't working:

[code]

<?php
session_start();

$host="localhost";
$user="c3091018";
$password="******";


$dbname="c3091018";
$tablename="employee";
$link=mysql_connect ($host, $user, $password);

$query = "SELECT * FROM employee WHERE id = '$salesid' AND password = '$password'";
        $result=mysql_db_query ($dbname, $query, $link);

?>
<HTML>
<HEAD>
    <TITLE>Sales Login Handler</TITLE>

</HEAD>
<BODY>

</BODY>

<?php    

$password="0";

while ($row=mysql_fetch_array($result))
{
$password=$row['password'];

}

mysql_close($link);

if ($password==$password)
{
$status='loggedin';

print " $row[forename]Go To The Car database,<a href=\"employeedisplaycars.php\">Enter";

}
else
{
$status='invalid';
print "not logged in, invalid user information";
}
                        


?>

</HTML>        
      
[/code]

legohead6 Regular Member

legohead6

Posted
Posted
[!--quoteo(post=377803:date=May 28 2006, 07:11 AM:name=john_tripod)--][div class=\'quotetop\']QUOTE(john_tripod @ May 28 2006, 07:11 AM) [snapback]377803[/snapback][/div][div class=\'quotemain\'][!--quotec--]
I'm writing some code to create a login area to my site but i keep having the same respone saying the 'while' loop isn't valid. any ideas why? Im passing the 'salesid' and 'password' variables from a form, heres the code for the handler that isn't working:

[code]

<?php
session_start();

$host="localhost";
$user="c3091018";
$password="******";
$dbname="c3091018";
$tablename="employee";
$link=mysql_connect ($host, $user, $password);

$query = "SELECT * FROM employee WHERE id = '$salesid' AND password = '$password'";
        $result=mysql_db_query ($dbname, $query, $link);

?>
<HTML>
<HEAD>
    <TITLE>Sales Login Handler</TITLE>

</HEAD>
<BODY>

</BODY>

<?php    

$password="0";

while ($row=mysql_fetch_array($result))
{
$password=$row['password'];

}

mysql_close($link);

if ($password==$password)
{
$status='loggedin';

print " $row[forename]Go To The Car database,<a href=\"employeedisplaycars.php\">Enter";

}
else
{
$status='invalid';
print "not logged in, invalid user information";
}
                        
?>

</HTML>        
      
[/code]
[/quote]

try this
[code]while ($row = mysql_fetch_array($result))
{
$password=$row[password];

}[/code]
if that doesnt work try this

while ($row = mysql_fetch_row($result))
{
$password=$row[3]; //Put the correct row number instead of 3 remember that the first row is 0 not 1

}
kenrbnsn Regular Member

kenrbnsn

Posted
Posted
Notice what the PHP manual says about the function mysql_db_query():
[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]ChangeLog
Version Description
4.0.6 This function is deprecated, do not use this function. Use mysql_select_db() and mysql_query() instead.
[/quote]

So, try this code instead:
[code]<?php
session_start();

$host="localhost";
$user="c3091018";
$password="******";
$dbname="c3091018";
$tablename="employee";
$link=mysql_connect ($host, $user, $password);
mysql_select_db($dbname) or die("Couldn't select database: $dbname<br>" . mysql_error());

$query = "SELECT * FROM employee WHERE id = '$salesid' AND password = '$password'";
$result=mysql_query ($query) or die("Problem witht the query: $query<br>" . mysql_error());
?>[/code]

BTW, where is the variable "$salesid" being initialized or set?

Ken
john_tripod Newbie

john_tripod

Posted
  • Author
Posted
Ok I've been trying things and now it doesn't return error messages but when i log in it disregards the password and lets anyone in. heres the code for the form and the handler:

First the form
[code]
<html>
<body>

<form action="salesloginhandler.php" method="post">


<table cellpadding="2" cellspacing="2" border="2" align="center">
<br>
<br>
<br>    
<br>
<br>
<tr>
     <td align="center"><h1>Sales Login Area</h1>
</td>
</tr>    
<tr>
<form action="salesloginhandler.php" method="post">
     <td align="right" colspan="2">   ID <input type=text name="salesid" size=30><br>

</td>
</tr>

    <tr>
     <td align="right" colspan="2">   Password <input type=password name="fpass" size=30><br>

</td>
</tr>
</tr>
    <tr><td align=middle><input type="submit" name="login" value="Login">

</td>
</tr>  

</tr>
    
</form>
</table>
        
  
  </body>
</html>
[/code]

Now the handler
[code]
<?php
session_start();

$host="localhost";
$user="c3091018";
$password="glow720";
$dbname="c3091018";
$tablename="employee";
$link=mysql_connect ($host, $user, $password);
mysql_select_db($dbname) or die("Couldn't select database: $dbname<br>" . mysql_error());

$query = "SELECT * FROM employee WHERE salesid = '$salesid' AND fpass = '$fpass'";
$result=mysql_query ($query) or die("Problem witht the query: $query<br>" . mysql_error());
?>


<HTML>
<HEAD>
    <TITLE>Sales Login Handler</TITLE>

</HEAD>
<BODY>

</BODY>

<?php    

$fpass="0";

while ($row=mysql_fetch_array($result))
{
$fpass=$row['fpass'];

}

mysql_close($link);

if ($fpass==$fpass)
{
$status='loggedin';

print " $row[forename]Go To The Car database,<a href=\"employeedisplaycars.php\">Enter";

}
else
{
$status='invalid';
print "not logged in, invalid user information";
}
                        


?>

</HTML>
[/code]
kenrbnsn Regular Member

kenrbnsn

Posted
Posted
You are assuming that [a href=\"http://www.php.net/register_globals\" target=\"_blank\"]register_globals[/a] are enabled (bad) and they probably are not (good). You need to explicity referenced values that are in the $_POST superglobal array,

Try something like:
[code]<?php
session_start();

$host="localhost";
$user="c3091018";
$password="glow720";
$dbname="c3091018";
$tablename="employee";
$link=mysql_connect ($host, $user, $password);
mysql_select_db($dbname) or die("Couldn't select database: $dbname
" . mysql_error());
$salesid = mysql_real_escape_string($_POST['salesid'));
$fpass = mysql_real_escape_string($_POST['fpass'));
$query = "SELECT * FROM employee WHERE salesid = '$salesid' AND fpass = '$fpass'";
$result=mysql_query ($query) or die("Problem witht the query: $query<br>" . mysql_error());
?>[/code]

Ken

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.