Jump to content

Selecting 1 item from a database


ChaosXero

Recommended Posts

I have a good grasp on PHP (though I'm no expert) and am no good at MySQL so this is new territory for me.

I need to get one item from a database.  The code I have now:
[code]function login($user, $pass) {
if (!isset($user) || !isset($pass)){
login_form(1, $user);
}
else if (isset($user) && isset($pass))
{
$database = "db171016042";
//$user = mysql_real_escape_string($user);
//$pass = mysql_real_escape_string($pass);
$query = 'SELECT password_hash FROM users_data WHERE username = \'$user\' LIMIT 0, 30 ';
mysql_connect(host,UNAME,pword) or die(mysql_error());
mysql_select_db($database);

$hash = md5( $pass );
$result = mysql_query($query) or die (mysql_error());
$row = mysql_fetch_array($result) or die(mysql_error());
$newresult = $row[1];
echo $hash;
echo $pass;
echo $newresult;
/*
if ($result == $hash) {
/* More Later */
echo "No Errors, Logged in!";
} else {login_form(1);}
*/
}
else {echo "<h1 style='bad'>Fatal Error.</h1>";}
}[/code]
Doesnt work.  If I comment out the $result= and $row = lines, it will echo the posted pass unhashed and hashed like it should (that's added for testing.  But otherwise it wont echo ANYTHING. 
Link to comment
Share on other sites

That if statement is commented out as I'm just trying to get the queries to work.  It wont get that far as it is right now.
I need to know why $newresult doesnt equal what I'm getting from the database.  The query runs perfectly on PHPMyAdmin, but wont give me the password has in the script.  Am I making sense... I'm having a hard time trying to make this make sense...
Link to comment
Share on other sites

the problem is that single quotes does not replace variables with their values.  it will literally be searching for $user in the table.  switch to encasing the query in double quotes, or exit the string to include the variable if you stick with single quotes.

i should mention that it's useless to store a real password AND its hashed version in the database.  if someone has access to the database, they see both regardless, defeating the purpose of having a hashed password.
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.