[SOLVED] SQL AND PHP HELP

[pcw]

Hi, this script is the action of a form I have. I need it to match the gen_id that was submitted to that what is listed in the database. If it matches, I want it to allow the user to proceed and then show an error if it doesnt.

 

This is what I have got. Currently it just says cannot query. Any help is much appreciated.

 

_<?php

 

_{# I have added these variables, as this is what will be submitted by the form.}

_{$username = "paul123";}

_{$gen_id = "JDWYK";}

 

_{# This is the script}

 

_{$db = "moveitho_sitebuilder";}

 

_{$link = mysql_connect('localhost', 'moveitho_paul', 'test');}

_{if ( ! $link ) {}

_{$dberror = mysql_error();}

_{return false;}

_}

_{if ( ! mysql_select_db( $db, $link ) ) {}

_{$dberror = mysql_error();}

_{return false;}

_}

_{$result = mysql_query("SELECT username, gen_id FROM users WHERE username='%s' AND gen_id='%s'");}

_{if ($result == $username && $gen_id) {}

_{print "PIN matched";}

_}

_{else {}

    _{die('Could not query:' . mysql_error());}

_}

 

_{mysql_close($link);}

_?>

[trq]

Your not actually using the posted variables in your query amongst other vaious errors.

 

<?php

if (isset($_POST['submit'])) {

  // collect values from form.
  $username = mysql_real_escape_string($_POST['username']);
  $gen_id = mysql_real_escape_string($_POST['gen_id']);

  # This is the script

  $db = "moveitho_sitebuilder";

  mysql_connect('localhost', 'moveitho_paul', 'test') or die(mysql_error());
  mysql_select_db( $db) or die(mysql_error());

  if ($result = mysql_query("SELECT username, gen_id FROM users WHERE username='$username' AND gen_id='$gen_id'")) {
    if (mysql_num_rows($result)) {
      echo "PIN matched";
    }
  }

}

?>

[samshel]

u have lot of things to take care there....

 

$result = mysql_query("SELECT username, gen_id FROM users WHERE username='%s' AND gen_id='%s'");
if ($result == $username && $gen_id) {

 

please read manual for

 

- how to fire mysql query

- how to fetch a row from database ( this is different than firing a query)

- if loop syntax.

[pcw]

Hi, thanks for your reply. I had to change the script slightly as it resulted in errors unless the database was connected to first.  The only thing I am having trouble with now is showing a 'PIN successful' or 'PIN error' message.

 

This is what I have got now:

 

^{if (isset($_POST['submit'])) {}

 

  ^{// collect values from form.}

 

 

^{$link = mysql_connect('localhost', 'moveitho_paul', 'test');}

^{if ( ! $link ) {}

^{$dberror = mysql_error();}

^{return false;}

^}

^{if ( ! mysql_select_db( $db, $link ) ) {}

^{$dberror = mysql_error();}

^{return false;}

^}

^{$username = mysql_real_escape_string($_POST['username']);}

  ^{$gen_id = mysql_real_escape_string($_POST['gen_id']);}

 

  ^{if ($result = mysql_query("SELECT username, gen_id FROM users WHERE username='$username' AND gen_id='$gen_id'")) {}

    ^{if (mysql_num_rows($result)) {}

      ^{echo "PIN matched";}

    ^{} else {}

^{echo "PIN did not match";}

  ^}

 

^}

 

It either shows an error for an unexpected else, or just shows the PIN did not match. Does anyone know how to fix this?

 

Thanks

[pcw]

Can anyone help on this one? I have changed the code around and cant seem to get the right result from it. Here is what I have got now:

 

^{if (isset($_POST['submit'])) {}

 

  ^{// collect values from form.}

 

 

^{$db = "moveitho_sitebuilder";}

 

  ^{mysql_connect('localhost', 'moveitho_paul', 'test') or die(mysql_error());}

  ^{mysql_select_db( $db) or die(mysql_error());}

 

^{$username = mysql_real_escape_string($_POST['username']);}

  ^{$gen_id = mysql_real_escape_string($_POST['gen_id']);}

 

  ^{if ($result = mysql_query("SELECT username, gen_id FROM users WHERE username='$username' AND gen_id='$gen_id'")) {}

    ^{if ( ! mysql_query($result)) {}

      ^{echo "PIN matched";}

    ^{} else {}

^{echo "PIN did not match";}

  ^}

 

^}

^}

 

Help is much needed and very appreciated.

[premiso]

You are querying the result, which is probably throwing an error I hope.

 

if ($result = mysql_query("SELECT username, gen_id FROM users WHERE username='$username' AND gen_id='$gen_id'")) {
    if (mysql_num_rows($result) > 0) {
          echo "Pin Matched";
    }else {
          echo "Pin did not match.";
    }
}else{
    echo "SQL Error: " . mysql_error();
}

[pcw]

Hi premiso, thanks for your reply. I have now got the following code, but it just states that PIN did not match no matter what the entry is. Any idea on what is wrong?

 

if (isset($_POST['submit'])) {

   $db = "moveitho_sitebuilder";

  mysql_connect('localhost', 'moveitho_paul', 'test') or die(mysql_error());
  mysql_select_db( $db) or die(mysql_error());
  
   $username = mysql_real_escape_string($_POST['username']);
  $gen_id = mysql_real_escape_string($_POST['gen_id']);

  if ($result = mysql_query("SELECT username, gen_id FROM users WHERE username='$username' AND gen_id='$gen_id'")) {
    if (mysql_num_rows($result) > 0) {
          echo "Pin Matched";
    }else {
          echo "Pin did not match.";
    }
}else{
    echo "SQL Error: " . mysql_error();
}
}

[premiso]

Echo out the username and gen_id, make sure that they are what you expect them to be from the $_POST code. Chances are something is slightly different and causing the issue.

[pcw]

premiso, you are a star! thank you

 

It was just me being dopey. I forgot to carry $username as a hidden variable in the form. All works ok now