[SOLVED] url variable help

[sasori]

i created 2 scripts, one for display of the login form and the other is the logic code.

//this is the login code loginform.php
<?php
if(isset($message))
{
    echo "$message";
}
echo "<form action='$_SERVER[php_SELF]' method='POST'>";
echo "<label for='user_name'>username</label>";
echo "<input type='text' name='user_name' id='user_name' value='$user_name' />";
echo "<label for='password'>password</label>";
echo "<input type='text' name='passowrd' id='password' value='$password' />";
echo "<input type='hidden' name='sent' value='yes' />";
echo "<input type='submit' value='Log in' />";
?>

 

//this is the logic code login.php
<?php
if(isset($_POST['sent']) && $_POST['sent'] == "yes")
{
  foreach($_POST as $field => $value)
  {
    if(empty($value))
    {
      $blank_array[] = $field;
    }
    else
    {
      $good_value[$field] = strip_tags(trim($value));
    }
  } //end foreach
  if(sizeof($blank_array) > 0 )
  {
    echo " you need to enter both userid and password";
    extract($good_value);
    extract($blank_array);
    include('loginform.php');
    exit();
  }        //end if blanks found
  include('db.php');
  $cxn = mysqli_connect($host,$user,$pwd,$db) or die ("can't connect to db");
  $query = "SELECT userid FROM users WHERE userid='$_POST[user_name]'
  AND password=md5('$_POST[user_name]')";
  $result = mysqli_query($cxn,$query) or die("can' execute query");
  $n_row = mysqli_num_rows($result);
  if($n_row < 1)
  {
    $message = "User id and password not found!";
    extract($_POST);
    exit();
  }
  else
  {
   $row = mysqli_fetch_assoc($result);
   header("Location: loginfom.php?userid=$row[userid]"); // <-- i don't know if this line is correct
  }
} //end submit
else
{
  $user_name = "";
  $password = "";
  include("loginform.php");
}
?>

 

then when i run login.php file and input the code it says, can't execute query

i can't figure out what's wrong with my coding

[.josh]

$result = mysqli_query($cxn,$query) or die("can' execute query");

 

you have $cxn and $query backwards, argument is (query string, connection source).  If there is still a problem, then do this:

 

$result = mysqli_query($query, $cxn) or die(mysql_error());

 

and post the error (notice the args are still switched, because that's how they are supposed to be).

[sasori]

$result = mysqli_query($cxn,$query) or die("can' execute query");

 

you have $cxn and $query backwards, argument is (query string, connection source).  If there is still a problem, then do this:

 

$result = mysqli_query($query, $cxn) or die(mysql_error());

 

and post the error (notice the args are still switched, because that's how they are supposed to be).

 

but sir based on the example in the php manual it can also be mysqli_query($mysqlilink,$query);

 

i think i fixed the error the only problem now is it doesn't greet the username who logins in

 

here's the script i made for the login page

<?php

echo "Hello,{$_GET['user_name']}Welcome to the secret page";

?>

 

from the login.php script i edited the header location as

header("Location: http://localhost/webapp/logingreet.php?userid=$row[userid]");

 

i wonder what's wrong now ?

[sasori]

error fixed..i mistyped something on the loginform.php

[.josh]

/shrug hrmm my bad.  I thought I saw mysql_query not mysqli_query.  I guess even if I did notice that, I would have assumed that since it's (string, link) with mysql_ it would have been the same with mysqli_.  Learn somethin' new everyday.

 

As far as your current problem, your header is sending userid as a GET var, not user_name, so $_GET['user_name'] doesn't exist.  Try changing your header to

 

uderid=$row[user_name]

 

Just got to say though it would be better to pass it through session vars.  It's more secure.