[SOLVED] login fail

[taichimasta]

hey this is my first post and few times here on phpfreaks, I'm not a PRO as most of you but i have been studying php a few yrs total(2 almost 3) (reading books , self taught). and I'm in need of assistance/help.

 

my script is a WIP but i just need to figure out why isn't it reading the rows in my database , i need a 3rd party to see what I'm doing wrong. ( its usually something i missed , something small so if you could help me out it would be great)

<?php
// there is connection code and everything but its not here for obvious reason(s)
/***************CONNECTION INFO***********************/
$connection = mysql_connect($host,$dbadmin,$dbpass)  or die("Connection failed");
/**************SELECT THE DATABASE*********************/
$sel = mysql_select_db($database,$connection) or die(mysql_error()); /* or die("Confused Selection"); */
/**************SENDING QUERY TO DATQBASE***************/
$sql = "SELECT * FROM $table_1 WHERE user_name='$userme' AND user_pass='$passme'";

$res = mysql_query($sql) or die("lost Package");

                       $count = mysql_num_rows($res);

                       /********************CHECKING DATABASE FOR  USERNAME AND PASSWORD *******/
                    /***********IF USER EXIST CONTINUE IF NOT DESTORY AND GIVE A NICE MESSAGE SAYING PERSON(S) FAILED***/
                                            if($count==1)
                                                         {
                                              echo "<center>Your in</center>";
                                              exit;
                                                         }
                                           else {echo "<center>Wrong Username or Password</center>";}
                                           echo "<center>$count Party pooper</center>";

                      $user = mysql_real_escape_string($user);
                      $pass = mysql_real_escape_string($pass);
                      $user = stripslashes($user);
                      $pass = stripslashes($pass);



?>


oh before i forget it doesn't read that there are rows matching for a succefull login, it just gives me 0 because i echo is out to see if any rows are there to match. 

 

[genericnumber1]

You're using $host as your host, not the value in $host, remove the single quotes around it if you really want it.

 

you didn't set $userme or $passme, also you will want a space between $table_1 and WHERE. (edit: nvm you added the space)

 

Also, you are doing a pointless stripslashes and mysql_real_escape_string() at the bottom.

 

And it's You're in, not Your (this one is for me)

[btherl]

Try adding this to your code:

 

echo "Query: $sql<br>";

 

A lot of problems can be solved by looking at the query your code is generating.

[taichimasta]

why is it pointless genericnumber1? i need stripslashes and mysql_real_escape_string to prevent injections.

 

and thanks btherl i'm going to do that right now.

 

plus the connection to the database is fine i just put filler varables there so i wouldn't accidently put the real string in to show in this forum.

 

and yes forgive my grammer that will be fixed its less of a worry right now , my main concern is the backend/php.

[genericnumber1]

why is it pointless genericnumber1? i need stripslashes and mysql_real_escape_string to prevent injections.

 

and thanks btherl i'm going to do that right now.

 

plus the connection to the database is fine i just put filler varables there so i wouldn't accidently put the real string in to show in this forum.

 

and yes forgive my grammer that will be fixed its less of a worry right now , my main concern is the backend/php.

 

They're pointless because they're below everything and you don't use the variables inside of them in the query. Also, calling stripslashes possibly will undo what escape_string does (if your mysql_real_escape_string() uses \ to escape quotes)

 

john's kitchen

becomes john\'s kitchen

and then, the next line you change it back to john's kitchen

 

As I said, pointless.

[taichimasta]

oh your right, ! fixing that now

[taichimasta]

still can't login , and i checked the query/$sql it just gives me the what i wrote 
$sql = "SELECT * FROM users WHERE user_name='$user' AND user_pass='$pass'";

***********************************************OUTPUT**********************

SELECT * FROM users WHERE user_name='' AND user_pass=''

 

and mysql_num_rows still gives me 0 which it shouldn't.

[genericnumber1]

$user and $pass don't seem to be set, if you're getting them from the form use $user = $_POST['user'] or whatever method you use to get the username

[taichimasta]

                      $user = $_POST['username'];
                      $pass = $_POST['userpass'];

 

there set ^ its right before

[taichimasta]

holy crap that was it , i feel like an idiot thanks you and so fast.