ChaosXero Posted July 14, 2006 Share Posted July 14, 2006 I have a good grasp on PHP (though I'm no expert) and am no good at MySQL so this is new territory for me.I need to get one item from a database. The code I have now:[code]function login($user, $pass) { if (!isset($user) || !isset($pass)){ login_form(1, $user); } else if (isset($user) && isset($pass)) { $database = "db171016042"; //$user = mysql_real_escape_string($user); //$pass = mysql_real_escape_string($pass); $query = 'SELECT password_hash FROM users_data WHERE username = \'$user\' LIMIT 0, 30 '; mysql_connect(host,UNAME,pword) or die(mysql_error()); mysql_select_db($database); $hash = md5( $pass ); $result = mysql_query($query) or die (mysql_error()); $row = mysql_fetch_array($result) or die(mysql_error()); $newresult = $row[1]; echo $hash; echo $pass; echo $newresult; /* if ($result == $hash) { /* More Later */ echo "No Errors, Logged in!"; } else {login_form(1);} */ } else {echo "<h1 style='bad'>Fatal Error.</h1>";} }[/code]Doesnt work. If I comment out the $result= and $row = lines, it will echo the posted pass unhashed and hashed like it should (that's added for testing. But otherwise it wont echo ANYTHING. Quote Link to comment https://forums.phpfreaks.com/topic/14612-selecting-1-item-from-a-database/ Share on other sites More sharing options...
jvrothjr Posted July 14, 2006 Share Posted July 14, 2006 taking a guess at this one [code]if ($result == $hash) {[/code]needs to be[code]if ($newresult == $hash) {[/code] Quote Link to comment https://forums.phpfreaks.com/topic/14612-selecting-1-item-from-a-database/#findComment-58093 Share on other sites More sharing options...
ChaosXero Posted July 14, 2006 Author Share Posted July 14, 2006 That if statement is commented out as I'm just trying to get the queries to work. It wont get that far as it is right now. I need to know why $newresult doesnt equal what I'm getting from the database. The query runs perfectly on PHPMyAdmin, but wont give me the password has in the script. Am I making sense... I'm having a hard time trying to make this make sense... Quote Link to comment https://forums.phpfreaks.com/topic/14612-selecting-1-item-from-a-database/#findComment-58094 Share on other sites More sharing options...
jvrothjr Posted July 14, 2006 Share Posted July 14, 2006 ok is [password_hash] a field in the DB and is [l] also a field name? Quote Link to comment https://forums.phpfreaks.com/topic/14612-selecting-1-item-from-a-database/#findComment-58098 Share on other sites More sharing options...
ChaosXero Posted July 14, 2006 Author Share Posted July 14, 2006 password_hash is a feild name [1] is not. Quote Link to comment https://forums.phpfreaks.com/topic/14612-selecting-1-item-from-a-database/#findComment-58107 Share on other sites More sharing options...
akitchin Posted July 14, 2006 Share Posted July 14, 2006 the problem is that single quotes does not replace variables with their values. it will literally be searching for $user in the table. switch to encasing the query in double quotes, or exit the string to include the variable if you stick with single quotes.i should mention that it's useless to store a real password AND its hashed version in the database. if someone has access to the database, they see both regardless, defeating the purpose of having a hashed password. Quote Link to comment https://forums.phpfreaks.com/topic/14612-selecting-1-item-from-a-database/#findComment-58110 Share on other sites More sharing options...
ChaosXero Posted July 14, 2006 Author Share Posted July 14, 2006 It's working now, thank you both!Also, I'm not storing the real password in the database. It's only echoed here for testing purposed. The line will now be removed.Thanks again! Quote Link to comment https://forums.phpfreaks.com/topic/14612-selecting-1-item-from-a-database/#findComment-58112 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.