Jump to content

Archived

This topic is now archived and is closed to further replies.

john_tripod

while loop not working in a session variable function

Recommended Posts

I'm writing some code to create a login area to my site but i keep having the same respone saying the 'while' loop isn't valid. any ideas why? Im passing the 'salesid' and 'password' variables from a form, heres the code for the handler that isn't working:

[code]

<?php
session_start();

$host="localhost";
$user="c3091018";
$password="******";


$dbname="c3091018";
$tablename="employee";
$link=mysql_connect ($host, $user, $password);

$query = "SELECT * FROM employee WHERE id = '$salesid' AND password = '$password'";
        $result=mysql_db_query ($dbname, $query, $link);

?>
<HTML>
<HEAD>
    <TITLE>Sales Login Handler</TITLE>

</HEAD>
<BODY>

</BODY>

<?php    

$password="0";

while ($row=mysql_fetch_array($result))
{
$password=$row['password'];

}

mysql_close($link);

if ($password==$password)
{
$status='loggedin';

print " $row[forename]Go To The Car database,<a href=\"employeedisplaycars.php\">Enter";

}
else
{
$status='invalid';
print "not logged in, invalid user information";
}
                        


?>

</HTML>        
      
[/code]

Share this post


Link to post
Share on other sites
[!--quoteo(post=377803:date=May 28 2006, 07:11 AM:name=john_tripod)--][div class=\'quotetop\']QUOTE(john_tripod @ May 28 2006, 07:11 AM) [snapback]377803[/snapback][/div][div class=\'quotemain\'][!--quotec--]
I'm writing some code to create a login area to my site but i keep having the same respone saying the 'while' loop isn't valid. any ideas why? Im passing the 'salesid' and 'password' variables from a form, heres the code for the handler that isn't working:

[code]

<?php
session_start();

$host="localhost";
$user="c3091018";
$password="******";
$dbname="c3091018";
$tablename="employee";
$link=mysql_connect ($host, $user, $password);

$query = "SELECT * FROM employee WHERE id = '$salesid' AND password = '$password'";
        $result=mysql_db_query ($dbname, $query, $link);

?>
<HTML>
<HEAD>
    <TITLE>Sales Login Handler</TITLE>

</HEAD>
<BODY>

</BODY>

<?php    

$password="0";

while ($row=mysql_fetch_array($result))
{
$password=$row['password'];

}

mysql_close($link);

if ($password==$password)
{
$status='loggedin';

print " $row[forename]Go To The Car database,<a href=\"employeedisplaycars.php\">Enter";

}
else
{
$status='invalid';
print "not logged in, invalid user information";
}
                        
?>

</HTML>        
      
[/code]
[/quote]

try this
[code]while ($row = mysql_fetch_array($result))
{
$password=$row[password];

}[/code]
if that doesnt work try this

while ($row = mysql_fetch_row($result))
{
$password=$row[3]; //Put the correct row number instead of 3 remember that the first row is 0 not 1

}

Share this post


Link to post
Share on other sites
Notice what the PHP manual says about the function mysql_db_query():
[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]ChangeLog
Version Description
4.0.6 This function is deprecated, do not use this function. Use mysql_select_db() and mysql_query() instead.
[/quote]

So, try this code instead:
[code]<?php
session_start();

$host="localhost";
$user="c3091018";
$password="******";
$dbname="c3091018";
$tablename="employee";
$link=mysql_connect ($host, $user, $password);
mysql_select_db($dbname) or die("Couldn't select database: $dbname<br>" . mysql_error());

$query = "SELECT * FROM employee WHERE id = '$salesid' AND password = '$password'";
$result=mysql_query ($query) or die("Problem witht the query: $query<br>" . mysql_error());
?>[/code]

BTW, where is the variable "$salesid" being initialized or set?

Ken

Share this post


Link to post
Share on other sites
Ok I've been trying things and now it doesn't return error messages but when i log in it disregards the password and lets anyone in. heres the code for the form and the handler:

First the form
[code]
<html>
<body>

<form action="salesloginhandler.php" method="post">


<table cellpadding="2" cellspacing="2" border="2" align="center">
<br>
<br>
<br>    
<br>
<br>
<tr>
     <td align="center"><h1>Sales Login Area</h1>
</td>
</tr>    
<tr>
<form action="salesloginhandler.php" method="post">
     <td align="right" colspan="2">   ID <input type=text name="salesid" size=30><br>

</td>
</tr>

    <tr>
     <td align="right" colspan="2">   Password <input type=password name="fpass" size=30><br>

</td>
</tr>
</tr>
    <tr><td align=middle><input type="submit" name="login" value="Login">

</td>
</tr>  

</tr>
    
</form>
</table>
        
  
  </body>
</html>
[/code]

Now the handler
[code]
<?php
session_start();

$host="localhost";
$user="c3091018";
$password="glow720";
$dbname="c3091018";
$tablename="employee";
$link=mysql_connect ($host, $user, $password);
mysql_select_db($dbname) or die("Couldn't select database: $dbname<br>" . mysql_error());

$query = "SELECT * FROM employee WHERE salesid = '$salesid' AND fpass = '$fpass'";
$result=mysql_query ($query) or die("Problem witht the query: $query<br>" . mysql_error());
?>


<HTML>
<HEAD>
    <TITLE>Sales Login Handler</TITLE>

</HEAD>
<BODY>

</BODY>

<?php    

$fpass="0";

while ($row=mysql_fetch_array($result))
{
$fpass=$row['fpass'];

}

mysql_close($link);

if ($fpass==$fpass)
{
$status='loggedin';

print " $row[forename]Go To The Car database,<a href=\"employeedisplaycars.php\">Enter";

}
else
{
$status='invalid';
print "not logged in, invalid user information";
}
                        


?>

</HTML>
[/code]

Share this post


Link to post
Share on other sites
You are assuming that [a href=\"http://www.php.net/register_globals\" target=\"_blank\"]register_globals[/a] are enabled (bad) and they probably are not (good). You need to explicity referenced values that are in the $_POST superglobal array,

Try something like:
[code]<?php
session_start();

$host="localhost";
$user="c3091018";
$password="glow720";
$dbname="c3091018";
$tablename="employee";
$link=mysql_connect ($host, $user, $password);
mysql_select_db($dbname) or die("Couldn't select database: $dbname
" . mysql_error());
$salesid = mysql_real_escape_string($_POST['salesid'));
$fpass = mysql_real_escape_string($_POST['fpass'));
$query = "SELECT * FROM employee WHERE salesid = '$salesid' AND fpass = '$fpass'";
$result=mysql_query ($query) or die("Problem witht the query: $query<br>" . mysql_error());
?>[/code]

Ken

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.