[SOLVED] Code example not working

matthew798 · September 10, 2008

Me again. lol

I got this off a webpage a decided it would be good to learn with!

But it's not working and everything is the same except for the names of the variables...

<?php
session_start();
$_SESSION['username'] = $_POST['username'];
$_SESSION['password'] = $_POST['password'];

include 'dbconnect.php';

$_SESSION['username'] = stripslashes($_SESSION['username']);
$_SESSION['password'] = stripslashes($_SESSION['password']);
$_SESSION['username'] = mysql_real_escape_string($_SESSION['username']);
$_SESSION['password'] = mysql_real_escape_string($_SESSION['password']);

$sql="SELECT * FROM users WHERE username='{$_SESSION['username']}' and password='{$_SESSION['password']}'";
$result=mysql_query($sql);

$count=mysql_num_rows($result);

if($count==1){
session_register("$_SESSION['username']");
session_register("$_SESSION['password']"); 
header("location:admin.php");
}
else {
echo "Wrong Username or Password";
}
?>

"Wrong Username or Password"

But i know i have the right username and password. C&P from the databse itself...

CaptainChainsaw · September 10, 2008

There is no DB connect statement there, does it connect properly?

What does echo $count; produce?

Don't need braces in the select statement: username='{$_

^--- should help ya get started with this.

CC

KevinM1 · September 10, 2008

Hmm...I'm wondering if there's a conflict between what you've entered in the form and what's actually in the DB stemming from using mysql_real_escape_string. How did you originally enter the stored user name and password?

In any event, you can shorten that code down by a lot:

require_once("dbconnect.php");
session_start();

$_SESSION['username'] = mysql_real_escape_string(stripslashes($_POST['username']));
$_SESSION['password'] = mysql_real_escape_string(stripslashes($_POST['password']));

$sql = "SELECT * FROM users WHERE username = '{$_SESSION['username']}' AND password = '{$_SESSION['password']}'";
$result = mysql_query($sql);

$count = mysql_num_rows($result);

if($count == 1)
{
   header("location: admin.php");
}
else
{
   echo "Wrong Username or Password";
}

Keep in mind, it's never a good idea to store a password in a session. So, hopefully, you're just using this example as a learning exercise.

matthew798 · September 10, 2008

eghhh

ok

Captain chainsaw, i do actually need those "{}" or else it gives me a big ugly error.'

The $count counts how many rows in the DB countain both the username and the pass

Therefor if count=0 then the login must be incorrect.

and yes the included file is the DB connection

As for night, No, I tried removing the rel escapes to no avail.

This is what i have now:

<?php
session_start();
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);

include 'dbconnect.php';

$sql="SELECT * FROM users WHERE username='$username' and password='$password'";
$result=mysql_query($sql);

$count=mysql_num_rows($result);

if($count==1){
session_register("$username"); 
header("location:admin.html");
}
else {
echo "Wrong Username or Password";
}
?>

matthew798 · September 10, 2008

Wow i just figured it out....

This is sad...

There were 2 entried of the same username and password in the databse...

if($count==1) and not if($count==>1)

:'(

Sign In

[SOLVED] Code example not working

Recommended Posts

matthew798

Link to comment

Share on other sites

CaptainChainsaw

Link to comment

Share on other sites

KevinM1

Link to comment

Share on other sites

matthew798

Link to comment

Share on other sites

matthew798

Link to comment

Share on other sites

Archived

Browse

Activity

Important Information