darkfreaks Posted January 13, 2009 Share Posted January 13, 2009 is there a certain way i need to call it within my login, i mean this code works error free it wont allow me to login even with the correct username and password entered. <?php function fetch($query) { $db_server = "localhost"; $db_username = ""; $db_password = ""; $db_name = ""; $con=mysqli_connect($db_server,$db_username,$db_password); mysqli_select_db($con,$db_name); $escape = mysqli_real_escape_string($con,$query); $xssfree = strip_tags(trim($escape)); if ($result = mysqli_query($con,$xssfree)) { if (mysqli_num_rows($result) == 1) { return mysqli_fetch_assoc($result); } else if (mysqli_num_rows($result) > 1) { while ($row = mysqli_fetch_assoc($result)) { $return[] = $row; } return $return; } return false; } } ?> Link to comment https://forums.phpfreaks.com/topic/140742-solved-mysqli_real_escape_string-messing-up-login-page/ Share on other sites More sharing options...
trq Posted January 13, 2009 Share Posted January 13, 2009 Your passing your arguments to mysql_real_escape_string in the wrong order. The string should be before the connection resource. Link to comment https://forums.phpfreaks.com/topic/140742-solved-mysqli_real_escape_string-messing-up-login-page/#findComment-736629 Share on other sites More sharing options...
darkfreaks Posted January 14, 2009 Author Share Posted January 14, 2009 i am not using mysql_real_escape_string() ??? i am using mysqli_real_escape_string() which requires a connection before the statement Link to comment https://forums.phpfreaks.com/topic/140742-solved-mysqli_real_escape_string-messing-up-login-page/#findComment-736646 Share on other sites More sharing options...
trq Posted January 14, 2009 Share Posted January 14, 2009 Sorry, didn't notice that. How exactly are you calling this code? Can we see how you use this to login? Link to comment https://forums.phpfreaks.com/topic/140742-solved-mysqli_real_escape_string-messing-up-login-page/#findComment-736655 Share on other sites More sharing options...
darkfreaks Posted January 14, 2009 Author Share Posted January 14, 2009 Calling it in login.pro.php: <?php $encrypted_password = md5($login_password); $check = fetch ("SELECT username,password FROM members2 WHERE username = '$login_username' AND password = '$encrypted_password' AND game = '$game'");?> Link to comment https://forums.phpfreaks.com/topic/140742-solved-mysqli_real_escape_string-messing-up-login-page/#findComment-736661 Share on other sites More sharing options...
trq Posted January 14, 2009 Share Posted January 14, 2009 That tells us very little. Can we see how you actually check the call works? Link to comment https://forums.phpfreaks.com/topic/140742-solved-mysqli_real_escape_string-messing-up-login-page/#findComment-736668 Share on other sites More sharing options...
darkfreaks Posted January 14, 2009 Author Share Posted January 14, 2009 Login.pro.php: <?php ob_start(); include "global.inc.php"; //connects to all the db information include "globals.inc.php"; $con=mysqli_connect ($db_server,$db_username,$db_password); //connection string mysqli_select_db($con,$db_name); //select db $encrypted_password = md5($login_password); $check = fetch("SELECT username,password FROM members2 WHERE username = '$login_username' AND password = '$encrypted_password' AND game = '$game'"); if ($check[username]) { $thepassword_in_db = md5(sha1($login_password)); setcookie("username_$game",$check[username],time()+2678400); setcookie("password_$game",$check[password],time()+2678400); setcookie("phpqa_user_c", "$check[username]", time()+99999); setcookie('phpqa_user_p', $thepassword_in_db, time()+99999); header("Location: /index.php?game=$game"); } else { header("Location: $base_url/login.php?game=$game&error=Error+logging+in. +Have+you+created+an+account+yet?+ Passwords+are+caSe+SEnsITIvE."); } ?> Link to comment https://forums.phpfreaks.com/topic/140742-solved-mysqli_real_escape_string-messing-up-login-page/#findComment-736672 Share on other sites More sharing options...
trq Posted January 14, 2009 Share Posted January 14, 2009 Ah... didn't even think of that. The problem is your entire query is goiung through mysqli_real_escape_string, hence the quotes are being escaped and your query is failing. You will need to pull mysqli_real_escape_string out of the function and run your actual variables through it prior to creating the query and passing it to the fetch function. Link to comment https://forums.phpfreaks.com/topic/140742-solved-mysqli_real_escape_string-messing-up-login-page/#findComment-736679 Share on other sites More sharing options...
darkfreaks Posted January 14, 2009 Author Share Posted January 14, 2009 ok so i tried: <?php $check = fetch("SELECT username,password FROM members2 WHERE username = '".mysqli_real_escape_string($login_username)."' AND password = '".mysqli_real_escape_string ($encrypted_password)."' AND game = '$game'");?> but it seems to fail unless i take that function out of the code. is there any other way i could call it? because i cant call it in a variable do to it being called globally. so i have to do it as it is processed into the database. ut that does not seem to work either. :-\ Link to comment https://forums.phpfreaks.com/topic/140742-solved-mysqli_real_escape_string-messing-up-login-page/#findComment-736696 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.