Jump to content


Photo

Selecting 1 item from a database


  • Please log in to reply
6 replies to this topic

#1 ChaosXero

ChaosXero
  • Members
  • PipPipPip
  • Advanced Member
  • 80 posts

Posted 14 July 2006 - 08:23 PM

I have a good grasp on PHP (though I'm no expert) and am no good at MySQL so this is new territory for me.

I need to get one item from a database.  The code I have now:
function login($user, $pass) {
		if (!isset($user) || !isset($pass)){ 
			login_form(1, $user);
			}
		else if (isset($user) && isset($pass)) 
		{
			$database = "db171016042";
			//$user = mysql_real_escape_string($user);
			//$pass = mysql_real_escape_string($pass);
			$query = 'SELECT password_hash FROM users_data WHERE username = \'$user\' LIMIT 0, 30 ';
			mysql_connect(host,UNAME,pword) or die(mysql_error());
			mysql_select_db($database);
			
			$hash = md5( $pass );
			$result = mysql_query($query) or die (mysql_error());
			$row = mysql_fetch_array($result) or die(mysql_error());
			$newresult = $row[1];
			echo $hash;
			echo $pass;
			echo $newresult;
			/*
			if ($result == $hash) {
			/* More Later */
			echo "No Errors, Logged in!";
			} else {login_form(1);}
			*/
			}
			else {echo "<h1 style='bad'>Fatal Error.</h1>";}
	}
Doesnt work.  If I comment out the $result= and $row = lines, it will echo the posted pass unhashed and hashed like it should (that's added for testing.  But otherwise it wont echo ANYTHING. 

#2 jvrothjr

jvrothjr
  • Members
  • PipPipPip
  • Advanced Member
  • 300 posts
  • LocationOhio

Posted 14 July 2006 - 08:30 PM

taking a guess at this one

if ($result == $hash) {

needs to be

if ($newresult == $hash) {

If you understand everything you know nothing!

http://rcchjr.awardspace.com/

#3 ChaosXero

ChaosXero
  • Members
  • PipPipPip
  • Advanced Member
  • 80 posts

Posted 14 July 2006 - 08:33 PM

That if statement is commented out as I'm just trying to get the queries to work.  It wont get that far as it is right now.
I need to know why $newresult doesnt equal what I'm getting from the database.  The query runs perfectly on PHPMyAdmin, but wont give me the password has in the script.  Am I making sense... I'm having a hard time trying to make this make sense...

#4 jvrothjr

jvrothjr
  • Members
  • PipPipPip
  • Advanced Member
  • 300 posts
  • LocationOhio

Posted 14 July 2006 - 08:37 PM

ok is [password_hash] a field in the DB and is [l] also a field name?
If you understand everything you know nothing!

http://rcchjr.awardspace.com/

#5 ChaosXero

ChaosXero
  • Members
  • PipPipPip
  • Advanced Member
  • 80 posts

Posted 14 July 2006 - 09:00 PM

password_hash is a feild name [1] is not. 

#6 akitchin

akitchin
  • Staff Alumni
  • Advanced Member
  • 2,516 posts
  • LocationCalgary, AB, Canada

Posted 14 July 2006 - 09:06 PM

the problem is that single quotes does not replace variables with their values.  it will literally be searching for $user in the table.  switch to encasing the query in double quotes, or exit the string to include the variable if you stick with single quotes.

i should mention that it's useless to store a real password AND its hashed version in the database.  if someone has access to the database, they see both regardless, defeating the purpose of having a hashed password.

#7 ChaosXero

ChaosXero
  • Members
  • PipPipPip
  • Advanced Member
  • 80 posts

Posted 14 July 2006 - 09:12 PM

It's working now, thank you both!

Also, I'm not storing the real password in the database.  It's only echoed here for testing purposed.  The line will now be removed.

Thanks again!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users