Jump to content

Archived

This topic is now archived and is closed to further replies.

ChaosXero

Selecting 1 item from a database

Recommended Posts

I have a good grasp on PHP (though I'm no expert) and am no good at MySQL so this is new territory for me.

I need to get one item from a database.  The code I have now:
[code]function login($user, $pass) {
if (!isset($user) || !isset($pass)){
login_form(1, $user);
}
else if (isset($user) && isset($pass))
{
$database = "db171016042";
//$user = mysql_real_escape_string($user);
//$pass = mysql_real_escape_string($pass);
$query = 'SELECT password_hash FROM users_data WHERE username = \'$user\' LIMIT 0, 30 ';
mysql_connect(host,UNAME,pword) or die(mysql_error());
mysql_select_db($database);

$hash = md5( $pass );
$result = mysql_query($query) or die (mysql_error());
$row = mysql_fetch_array($result) or die(mysql_error());
$newresult = $row[1];
echo $hash;
echo $pass;
echo $newresult;
/*
if ($result == $hash) {
/* More Later */
echo "No Errors, Logged in!";
} else {login_form(1);}
*/
}
else {echo "<h1 style='bad'>Fatal Error.</h1>";}
}[/code]
Doesnt work.  If I comment out the $result= and $row = lines, it will echo the posted pass unhashed and hashed like it should (that's added for testing.  But otherwise it wont echo ANYTHING. 

Share this post


Link to post
Share on other sites
taking a guess at this one

[code]
if ($result == $hash) {
[/code]

needs to be

[code]
if ($newresult == $hash) {
[/code]

Share this post


Link to post
Share on other sites
That if statement is commented out as I'm just trying to get the queries to work.  It wont get that far as it is right now.
I need to know why $newresult doesnt equal what I'm getting from the database.  The query runs perfectly on PHPMyAdmin, but wont give me the password has in the script.  Am I making sense... I'm having a hard time trying to make this make sense...

Share this post


Link to post
Share on other sites
ok is [password_hash] a field in the DB and is [l] also a field name?

Share this post


Link to post
Share on other sites
the problem is that single quotes does not replace variables with their values.  it will literally be searching for $user in the table.  switch to encasing the query in double quotes, or exit the string to include the variable if you stick with single quotes.

i should mention that it's useless to store a real password AND its hashed version in the database.  if someone has access to the database, they see both regardless, defeating the purpose of having a hashed password.

Share this post


Link to post
Share on other sites
It's working now, thank you both!

Also, I'm not storing the real password in the database.  It's only echoed here for testing purposed.  The line will now be removed.

Thanks again!

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.