ChaosXero Posted July 14, 2006 Share Posted July 14, 2006 I have a good grasp on PHP (though I'm no expert) and am no good at MySQL so this is new territory for me.I need to get one item from a database. The code I have now:[code]function login($user, $pass) { if (!isset($user) || !isset($pass)){ login_form(1, $user); } else if (isset($user) && isset($pass)) { $database = "db171016042"; //$user = mysql_real_escape_string($user); //$pass = mysql_real_escape_string($pass); $query = 'SELECT password_hash FROM users_data WHERE username = \'$user\' LIMIT 0, 30 '; mysql_connect(host,UNAME,pword) or die(mysql_error()); mysql_select_db($database); $hash = md5( $pass ); $result = mysql_query($query) or die (mysql_error()); $row = mysql_fetch_array($result) or die(mysql_error()); $newresult = $row[1]; echo $hash; echo $pass; echo $newresult; /* if ($result == $hash) { /* More Later */ echo "No Errors, Logged in!"; } else {login_form(1);} */ } else {echo "<h1 style='bad'>Fatal Error.</h1>";} }[/code]Doesnt work. If I comment out the $result= and $row = lines, it will echo the posted pass unhashed and hashed like it should (that's added for testing. But otherwise it wont echo ANYTHING. Link to comment https://forums.phpfreaks.com/topic/14612-selecting-1-item-from-a-database/ Share on other sites More sharing options...
jvrothjr Posted July 14, 2006 Share Posted July 14, 2006 taking a guess at this one [code]if ($result == $hash) {[/code]needs to be[code]if ($newresult == $hash) {[/code] Link to comment https://forums.phpfreaks.com/topic/14612-selecting-1-item-from-a-database/#findComment-58093 Share on other sites More sharing options...
ChaosXero Posted July 14, 2006 Author Share Posted July 14, 2006 That if statement is commented out as I'm just trying to get the queries to work. It wont get that far as it is right now. I need to know why $newresult doesnt equal what I'm getting from the database. The query runs perfectly on PHPMyAdmin, but wont give me the password has in the script. Am I making sense... I'm having a hard time trying to make this make sense... Link to comment https://forums.phpfreaks.com/topic/14612-selecting-1-item-from-a-database/#findComment-58094 Share on other sites More sharing options...
jvrothjr Posted July 14, 2006 Share Posted July 14, 2006 ok is [password_hash] a field in the DB and is [l] also a field name? Link to comment https://forums.phpfreaks.com/topic/14612-selecting-1-item-from-a-database/#findComment-58098 Share on other sites More sharing options...
ChaosXero Posted July 14, 2006 Author Share Posted July 14, 2006 password_hash is a feild name [1] is not. Link to comment https://forums.phpfreaks.com/topic/14612-selecting-1-item-from-a-database/#findComment-58107 Share on other sites More sharing options...
akitchin Posted July 14, 2006 Share Posted July 14, 2006 the problem is that single quotes does not replace variables with their values. it will literally be searching for $user in the table. switch to encasing the query in double quotes, or exit the string to include the variable if you stick with single quotes.i should mention that it's useless to store a real password AND its hashed version in the database. if someone has access to the database, they see both regardless, defeating the purpose of having a hashed password. Link to comment https://forums.phpfreaks.com/topic/14612-selecting-1-item-from-a-database/#findComment-58110 Share on other sites More sharing options...
ChaosXero Posted July 14, 2006 Author Share Posted July 14, 2006 It's working now, thank you both!Also, I'm not storing the real password in the database. It's only echoed here for testing purposed. The line will now be removed.Thanks again! Link to comment https://forums.phpfreaks.com/topic/14612-selecting-1-item-from-a-database/#findComment-58112 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.