Jump to content


Photo

while loop not working in a session variable function


  • Please log in to reply
4 replies to this topic

#1 john_tripod

john_tripod
  • New Members
  • Pip
  • Newbie
  • 3 posts

Posted 28 May 2006 - 12:11 PM

I'm writing some code to create a login area to my site but i keep having the same respone saying the 'while' loop isn't valid. any ideas why? Im passing the 'salesid' and 'password' variables from a form, heres the code for the handler that isn't working:


<?php 
session_start();

$host="localhost";
$user="c3091018";
$password="******";


$dbname="c3091018";
$tablename="employee";
$link=mysql_connect ($host, $user, $password); 

$query = "SELECT * FROM employee WHERE id = '$salesid' AND password = '$password'";
        $result=mysql_db_query ($dbname, $query, $link); 

?>
<HTML>
<HEAD>
    <TITLE>Sales Login Handler</TITLE>

</HEAD>
<BODY>

</BODY>

<?php    

$password="0";

while ($row=mysql_fetch_array($result))
{
$password=$row['password'];

}

mysql_close($link);

if ($password==$password)
{
$status='loggedin';

print " $row[forename]Go To The Car database,<a href=\"employeedisplaycars.php\">Enter"; 

}
else
{
$status='invalid';
print "not logged in, invalid user information";
}
                        


?>

</HTML>        
       



#2 legohead6

legohead6
  • Members
  • PipPipPip
  • Advanced Member
  • 434 posts

Posted 28 May 2006 - 02:51 PM

[!--quoteo(post=377803:date=May 28 2006, 07:11 AM:name=john_tripod)--][div class=\'quotetop\']QUOTE(john_tripod @ May 28 2006, 07:11 AM) View Post[/div][div class=\'quotemain\'][!--quotec--]
I'm writing some code to create a login area to my site but i keep having the same respone saying the 'while' loop isn't valid. any ideas why? Im passing the 'salesid' and 'password' variables from a form, heres the code for the handler that isn't working:


<?php 
session_start();

$host="localhost";
$user="c3091018";
$password="******";
$dbname="c3091018";
$tablename="employee";
$link=mysql_connect ($host, $user, $password); 

$query = "SELECT * FROM employee WHERE id = '$salesid' AND password = '$password'";
        $result=mysql_db_query ($dbname, $query, $link); 

?>
<HTML>
<HEAD>
    <TITLE>Sales Login Handler</TITLE>

</HEAD>
<BODY>

</BODY>

<?php    

$password="0";

while ($row=mysql_fetch_array($result))
{
$password=$row['password'];

}

mysql_close($link);

if ($password==$password)
{
$status='loggedin';

print " $row[forename]Go To The Car database,<a href=\"employeedisplaycars.php\">Enter"; 

}
else
{
$status='invalid';
print "not logged in, invalid user information";
}
                        
?>

</HTML>        
       
[/quote]

try this
while ($row = mysql_fetch_array($result))
{
$password=$row[password];

}
if that doesnt work try this

while ($row = mysql_fetch_row($result))
{
$password=$row[3]; //Put the correct row number instead of 3 remember that the first row is 0 not 1

}
"Syntax error" .. WHERE THE **** IS IT?!

#3 kenrbnsn

kenrbnsn
  • Staff Alumni
  • Advanced Member
  • 8,235 posts
  • LocationHillsborough, NJ, USA

Posted 28 May 2006 - 03:36 PM

Notice what the PHP manual says about the function mysql_db_query():
[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]ChangeLog
Version Description
4.0.6 This function is deprecated, do not use this function. Use mysql_select_db() and mysql_query() instead.
[/quote]

So, try this code instead:
<?php
session_start();

$host="localhost";
$user="c3091018";
$password="******";
$dbname="c3091018";
$tablename="employee";
$link=mysql_connect ($host, $user, $password);
mysql_select_db($dbname) or die("Couldn't select database: $dbname<br>" . mysql_error());

$query = "SELECT * FROM employee WHERE id = '$salesid' AND password = '$password'";
$result=mysql_query ($query) or die("Problem witht the query: $query<br>" . mysql_error());
?>

BTW, where is the variable "$salesid" being initialized or set?

Ken

#4 john_tripod

john_tripod
  • New Members
  • Pip
  • Newbie
  • 3 posts

Posted 28 May 2006 - 03:45 PM

Ok I've been trying things and now it doesn't return error messages but when i log in it disregards the password and lets anyone in. heres the code for the form and the handler:

First the form
<html>
<body>

<form action="salesloginhandler.php" method="post">


<table cellpadding="2" cellspacing="2" border="2" align="center">
<br>
<br>
<br>    
<br>
<br>
<tr>
     <td align="center"><h1>Sales Login Area</h1>
</td>
</tr>    
<tr>
<form action="salesloginhandler.php" method="post">
     <td align="right" colspan="2">   ID <input type=text name="salesid" size=30><br>

</td>
</tr>

    <tr>
     <td align="right" colspan="2">   Password <input type=password name="fpass" size=30><br>

</td>
</tr>
</tr> 
    <tr><td align=middle><input type="submit" name="login" value="Login">

</td>
</tr>   

</tr> 
    
</form>
</table> 
        
  
  </body>
</html>

Now the handler
<?php
session_start();

$host="localhost";
$user="c3091018";
$password="glow720";
$dbname="c3091018";
$tablename="employee";
$link=mysql_connect ($host, $user, $password);
mysql_select_db($dbname) or die("Couldn't select database: $dbname<br>" . mysql_error());

$query = "SELECT * FROM employee WHERE salesid = '$salesid' AND fpass = '$fpass'";
$result=mysql_query ($query) or die("Problem witht the query: $query<br>" . mysql_error());
?>


<HTML>
<HEAD>
    <TITLE>Sales Login Handler</TITLE>

</HEAD>
<BODY>

</BODY>

<?php    

$fpass="0";

while ($row=mysql_fetch_array($result))
{
$fpass=$row['fpass'];

}

mysql_close($link);

if ($fpass==$fpass)
{
$status='loggedin';

print " $row[forename]Go To The Car database,<a href=\"employeedisplaycars.php\">Enter"; 

}
else
{
$status='invalid';
print "not logged in, invalid user information";
}
                        


?>

</HTML>


#5 kenrbnsn

kenrbnsn
  • Staff Alumni
  • Advanced Member
  • 8,235 posts
  • LocationHillsborough, NJ, USA

Posted 28 May 2006 - 04:22 PM

You are assuming that [a href=\"http://www.php.net/register_globals\" target=\"_blank\"]register_globals[/a] are enabled (bad) and they probably are not (good). You need to explicity referenced values that are in the $_POST superglobal array,

Try something like:
<?php
session_start();

$host="localhost";
$user="c3091018";
$password="glow720";
$dbname="c3091018";
$tablename="employee";
$link=mysql_connect ($host, $user, $password);
mysql_select_db($dbname) or die("Couldn't select database: $dbname
" . mysql_error());
$salesid = mysql_real_escape_string($_POST['salesid'));
$fpass = mysql_real_escape_string($_POST['fpass'));
$query = "SELECT * FROM employee WHERE salesid = '$salesid' AND fpass = '$fpass'";
$result=mysql_query ($query) or die("Problem witht the query: $query<br>" . mysql_error());
?>

Ken






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users