Jump to content


Photo

SQL Error


  • Please log in to reply
6 replies to this topic

#1 PC Nerd

PC Nerd
  • Members
  • PipPipPip
  • Advanced Member
  • 1,122 posts
  • LocationAustralia

Posted 06 July 2006 - 08:37 AM

im using the following SQL to scource from a database(mysql)

$User_SQL = "SELECT User_Name, `Password` FROM Table_1 WHERE User_Name = '$User_Name' ";

the User_Name is defined from a $_POST array, and i noticed that the page is sending the data like an GET statement, but i told the html to send it as POST.  then i define $User_Name from the Post array.  why is the data being sent like this, and how can i stop it.  im pretty sure that this is the problem but i dont know how to frix it

can anyone help me

P.S.
  i think this is the reason my problem continued after my last question. 


#2 ToonMariner

ToonMariner
  • Members
  • PipPipPip
  • Advanced Member
  • 3,342 posts
  • LocationNewcastle upon Tyne, UK

Posted 06 July 2006 - 08:57 AM

Can you show the html for the form please.

also....

are you defining

$User_Name = $_POST['User_Name']

if not then it would look like you are relying on register globals being ON and it is now defualt to OFF (the correct settng IMO).

you could try this.....

$User_SQL = "SELECT `User_Name`, `Password` FROM Table_1 WHERE User_Name = '" . $_POST['User_Name'] ."' ";
$User_SQL = mysql_query($User_SQL);

follow me on twitter @PHPsycho

#3 PC Nerd

PC Nerd
  • Members
  • PipPipPip
  • Advanced Member
  • 1,122 posts
  • LocationAustralia

Posted 06 July 2006 - 09:25 AM

yes, i am defining User_Name as you showed, and ive changed the $_POST[] to$_REQUEST[] but there is no difference

ill post the supporting code next

#4 PC Nerd

PC Nerd
  • Members
  • PipPipPip
  • Advanced Member
  • 1,122 posts
  • LocationAustralia

Posted 06 July 2006 - 09:28 AM

ok, the sorounding code to the sql definition is

include("URL/inc files/Database link.inc");
                $User_Name = $_REQUEST['User_Name'];
	$User_SQL = "SELECT User_Name, Password FROM Table_1 WHERE User_Name = '$User_Name' ";
	
	$result = @mysql_query($User_SQL, $DB_Server);

                if(!$result){
                        echo "Unable to perform query: $User_SQL<br>";
                        echo mysql_error();
                 }

	$confirm = mysql_fetch_array($result);

	if($confirm['User_Name'] == $_POST['User_Name'] and $confirm['Password'] == $_POST['Password']){


And the login form is

<h3>Player Login</h3>
	<form action="B_A-Login.php" action="POST">		<p>Player Name: <input type=test name=User_Name></p>
		<p>Password: <INPUT type=password name=Password</p> 
		<p><input type=submit value=send></p>
	</form>


if there is anything i have missed, let me know (the inc file is not posted because i am 99% sure the error is not ther although i am new and might be wrong  if you want it let me know)
Thanks PC NErd

#5 GingerRobot

GingerRobot
  • Staff Alumni
  • Advanced Member
  • 4,086 posts
  • LocationUK

Posted 06 July 2006 - 09:32 AM

<form action="B_A-Login.php" action="POST">


Needs to be:
<form action="B_A-Login.php" method="POST">


#6 PC Nerd

PC Nerd
  • Members
  • PipPipPip
  • Advanced Member
  • 1,122 posts
  • LocationAustralia

Posted 06 July 2006 - 09:38 AM

thanks, that works  but now the page is echoing the entire contents of the inc file, but i think ive come accros this problem before, so ill have a llok at it.

thanks again

Pc Nerd


#7 GingerRobot

GingerRobot
  • Staff Alumni
  • Advanced Member
  • 4,086 posts
  • LocationUK

Posted 06 July 2006 - 09:40 AM

No problem,

Im guessing that the problem with the included file is that your php is unlikely to be set up to parse .inc files, so you will have to rename it to something like file.inc.php




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users