supergrame Posted March 14, 2009 Share Posted March 14, 2009 $sql="SELECT * FROM users WHERE username="$_POST['username']" and password='$mypassword'"; $result=mysql_query($sql); i dont want to use varibles only the global vars insted of having this extra code i dont need $mypassword = $_POST['password']; Quote Link to comment https://forums.phpfreaks.com/topic/149416-solved-how-do-you-add-the-_post-into-select-from-users-where-passwordpassword/ Share on other sites More sharing options...
Daney11 Posted March 14, 2009 Share Posted March 14, 2009 <?php if (isset($_POST['username']) && isset($_POST['password'])) { $username = htmlentities($_POST['username']); $mypassword = htmlentities($_POST['password']); $sql="SELECT * FROM users WHERE username="$_POST['username']" and password='$mypassword'"; $result=mysql_query($sql); if (mysql_num_rows($result) >0 ) { echo "Logged In"; } } ?> Quote Link to comment https://forums.phpfreaks.com/topic/149416-solved-how-do-you-add-the-_post-into-select-from-users-where-passwordpassword/#findComment-784807 Share on other sites More sharing options...
zq29 Posted March 14, 2009 Share Posted March 14, 2009 Your missing some syntax, the ".", which concatenates strings and the single quotes encapsulating the username. $sql = "SELECT * FROM `users` WHERE `username`='".$_POST['username']."' and `password`='$mypassword'"; You should be cleansing your data before you start using it in SQL queries, otherwise you could/will suffer from SQL injection attacks. Quote Link to comment https://forums.phpfreaks.com/topic/149416-solved-how-do-you-add-the-_post-into-select-from-users-where-passwordpassword/#findComment-784810 Share on other sites More sharing options...
supergrame Posted March 14, 2009 Author Share Posted March 14, 2009 Parse error: parse error in C:\wamp\www\public\includes\login.php on line (18) (18) $sql="SELECT * FROM users WHERE username="$_POST['username']" and password='$mypassword'"; Quote Link to comment https://forums.phpfreaks.com/topic/149416-solved-how-do-you-add-the-_post-into-select-from-users-where-passwordpassword/#findComment-784812 Share on other sites More sharing options...
zq29 Posted March 14, 2009 Share Posted March 14, 2009 Parse error: parse error in C:\wamp\www\public\includes\login.php on line (18) (18) $sql="SELECT * FROM users WHERE username="$_POST['username']" and password='$mypassword'"; See my post above, you're missing the concatenation periods. Quote Link to comment https://forums.phpfreaks.com/topic/149416-solved-how-do-you-add-the-_post-into-select-from-users-where-passwordpassword/#findComment-784813 Share on other sites More sharing options...
Daney11 Posted March 14, 2009 Share Posted March 14, 2009 change $sql="SELECT * FROM users WHERE username="$_POST['username']" and password='$mypassword'"; to $sql="SELECT * FROM users WHERE username="$username" and password='$mypassword'"; Quote Link to comment https://forums.phpfreaks.com/topic/149416-solved-how-do-you-add-the-_post-into-select-from-users-where-passwordpassword/#findComment-784822 Share on other sites More sharing options...
Maq Posted March 14, 2009 Share Posted March 14, 2009 You should also use mysql_real_escape_string(). Quote Link to comment https://forums.phpfreaks.com/topic/149416-solved-how-do-you-add-the-_post-into-select-from-users-where-passwordpassword/#findComment-784825 Share on other sites More sharing options...
Anti-Moronic Posted March 14, 2009 Share Posted March 14, 2009 You should also use mysql_real_escape_string(). Was just going to say that. You should really filter this data first. That is THE most insecure way of checking data in a mysql table. Quote Link to comment https://forums.phpfreaks.com/topic/149416-solved-how-do-you-add-the-_post-into-select-from-users-where-passwordpassword/#findComment-784830 Share on other sites More sharing options...
supergrame Posted March 14, 2009 Author Share Posted March 14, 2009 ok well the reson for my wanting to do that is that my login table and the php are all in the same page. and i get this error Notice: Undefined index: password in C:\wamp\www\public\includes\login.php on line 7 so if there is a work around that would be good. im calling login.php from index.php (incase you never guessed that) Quote Link to comment https://forums.phpfreaks.com/topic/149416-solved-how-do-you-add-the-_post-into-select-from-users-where-passwordpassword/#findComment-784834 Share on other sites More sharing options...
supergrame Posted March 15, 2009 Author Share Posted March 15, 2009 ill just create another file loginExec.php not sure if thats how other people do. but it will work Quote Link to comment https://forums.phpfreaks.com/topic/149416-solved-how-do-you-add-the-_post-into-select-from-users-where-passwordpassword/#findComment-784934 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.